It's been a long time coming, but Part II is finally here with lots & lots of pictures.
- [Article]-Maltego Part II - Infrastructure Enumeration
By Chris Gates, CISSP, GCIH, C|EH, CPTS
Welcome Back! In Maltego Part I we performed Personal Reconnaissance with Maltego to see what we could find out on the net about our Editor-in-Chief, Don. With the personal details tucked safely away in our notebook, lets see what we can gather in regards to his network infrastructure.
Any organization that has an Internet presence needs to have some form of infrastructure to support their presence. During Infrastructure Enumeration you attempt to discover how much of it exists, what type of infrastructure is used, where it is located, what technology is used and how it is structured. This type of information is interesting for:
* Security assessments (as this is the first and most tedious phase of any external assessment).[br /]
* Getting an idea of the organization’s Internet and geographical presence.[br /]
* Gaining insight into the technology used by the organization.[br /]
* Making connections between seemingly unconnected organizations (as they might be sharing common infrastructure).[br /]
* Getting a list of brands or affiliations supported by the organization.
Be sure to catch Chris at ChicagoCon 2009s on May 9 as he presents Attacking Layer 8: Client Side Penetration Testing with Vince Marvelli (g0ne). Get Conference Details HERE!
Feedback is always kewl,
CISSP, MCSE, CSTA, Security+ SME