Home page logo

pen-test logo Penetration Testing mailing list archives

New Whitepaper: Passive Information Gathering Techniques
From: "Gunter [Technicalinfo.net]" <gunter () technicalinfo net>
Date: Wed, 4 Feb 2004 20:32:54 -0000

Next Generation Security Software ltd. (NGS) have now made available a
comprehensive technical whitepaper covering an often skipped phase of
pentesting - Passive Information Gathering.  This new paper is available for
download at: http://www.nextgenss.com/papers/NGSJan2004PassiveWP.pdf

Most organisations are familiar with Penetration Testing and other ethical
hacking techniques as a means to understanding the current security status
of their information system assets. Consequently, much of the focus of
research, discussion, and practice, has traditionally been placed upon
active probing and exploitation of security vulnerabilities. Since this type
of active probing involves interacting with the target, it is often easily
identifiable with the analysis of firewall and intrusion
detection/prevention device (IDS or IPS) log files. 

However, too many organisations fail to identify the potential threats from
information unintentionally leaked, freely available over the Internet, and
not normally identifiable from standard log file analysis. Most critically,
an attacker can passively gather this information without ever coming into
direct contact with the organisations servers - thus being essentially

Very little information has been publicly discussed about arguably one of
the least understood, and most significant stages of penetration testing -
the process of Passive Information Gathering. This technical paper reviews
the processes and techniques related to the discovery of leaked information.
It also includes details on both the significance of the leaked information,
and steps organisations should take to halt or limit their exposure to this


We hope the paper proves informative and useful to you all.

G u n t e r   O l l m a n n,            MSc(Hons), BSc
Professional Services Director                        
Next  Generation  Security  Software  Ltd.            
First Floor, 52 Throwley Way  Tel: +44 (0)208 401 0089
Sutton, Surrey, SM1 4BF, UK   Fax: +44 (0)208 401 0076


  By Date           By Thread  

Current thread:
  • New Whitepaper: Passive Information Gathering Techniques Gunter [Technicalinfo.net] (Feb 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]