Week 2 - Target Scoping and Information Gathering

Here is a draft for your Week 2 blog post, keeping that same grounded, realistic student perspective.

Just a reminder as required by the course: any tools, techniques, and concepts shared on this blog are strictly for educational purposes. I am not responsible for any misuse of the information or tools discussed here.

Week 2 of Ethical Hacking is here, and my Kali Linux VM is finally set up and running smoothly. This week, we moved past the legal definitions and jumped right into the first two steps of the Kali Linux Testing Methodology: Target Scoping and Information Gathering. To prepare, our reading assignment was chapters 3 and 4 from Kali Linux: Assuring Security By Penetration Testing (KLASPT).

Here are my notes on the early phases of a penetration test.

Step 1: Target Scoping

Before you even think about touching a network or firing up a terminal, you have to define the scope of the test. This is arguably the most important part from a legal and professional standpoint. Scoping means figuring out exactly the extent of the testing , what specific systems are going to be tested , from where the tests will be conducted , and exactly who will be doing the testing.

For example, if a client wants you to test their web application, but their infrastructure is hosted by a third-party cloud provider, you can't just launch an attack against the hosting provider without explicit permission. We were reminded again that getting everything in writing using a solid contract is absolutely critical before starting.

Step 2: Information Gathering (Footprinting)

Once the scope is locked in and the paperwork is signed, the next phase is information gathering. The goal here is to gather as much information as possible about the target institution's system configurations.

At this stage, a lot of the work involves passive research. This means you are collecting data without directly interacting with the target's servers in a way that would raise any alarms or trigger their security systems. We discussed open source monitoring, which essentially means acting like a digital detective—looking up domain registrations, scanning public records, and digging through anything publicly available on the internet to find potential vulnerabilities.

Next week, the syllabus says we'll be moving into utilizing search engines for deeper target discovery. For now, I'm just getting comfortable navigating around my new Kali environment and reading up on the OSINT (Open Source Intelligence) techniques we discussed today.

Comments

Post a Comment

Popular posts from this blog

Week 5 - Target Enumeration and Uncovering Real IPs

As always, any tools, techniques, and concepts shared on this blog are strictly for educational purposes. I am not responsible for any misuse of the information or tools discussed here. All practical exercises were conducted on authorized target domains. Week 5 of Ethical Hacking and Penetration Testing moved us from discovering targets into actively enumerating them. Led by S. Pradono Suryodiningrat, the lecture focused on extracting highly specific information from our targets—things like network shares, active usernames, passwords, and the exact operating systems running on the machines. Here are my notes from the session, followed by the results of our practical lab assignment. The Theory: Enumerating Environments   Enumeration is an intrusive process. We looked heavily into enumerating Microsoft operating systems, specifically utilizing NetBIOS over TCP/IP (NBT). We practiced installing and using nbtscan on our Kali Linux setups to scan ranges of IP addresses. We also reviewe...
Read more

Week 1 - Intro to Ethical Hacking and Building the Lab

As required by the course guidelines, any tools, techniques, and tutorials shared on this blog are strictly for educational purposes . I am not responsible for any misuse of the information or tools demonstrated here. We just had our first session for the Ethical Hacking & Pen Test course at BINUS University International . Our lecturer, Pak Kalpin Erlangga Silaen , laid out the syllabus, the ground rules, and what we will be covering this semester. The main objective of the course is straightforward: get hands-on experience with hacking tools and penetration testing techniques . We will be walking through the complete ethical hacking cycle, which includes information gathering, enumeration, system hacking, privilege escalation, and covering tracks . Our main textbook for the semester is Mastering Kali Linux by Noah Hardy . Course Policies and Ethics One thing made very clear today is that professional ethics are non-negotiable in this field. We are actually expected to sign an a...
Read more