Weaknesses in encryption identified through
OSINT techniques
DNS Lookups used for:
Examination of company domain names to uncover internal network
structure
Potentially reveals less-guarded entry points
What is the Definition of Information Disclosure?
Occurs when a system, application, or service inadvertently exposes
sensitive data without authorization.
Exposed data can include technical configurations, user personal
information, or business trade secrets.
What are Certificate Transparency Logs?
Public records of SSL certificates issued for domains
What happens when you have Misconfigured Servers?
Can expose directory listings or server status pages to the public
What happens when you have Insecure Data Storage?
Sensitive data not stored securely.
What happens when you have
Faulty Application Code?
Can reveal sensitive information through error messages and logs.
What happens when you have
Careless Handling of Error Messages and Logs?
Can provide unintended insights into the system’s workings.
When you Penetration Testing for Information Disclosure:
Verify Error Messages: Ensure applications display generic error messages that do not disclose system details
Audit Server Configurations: Check server response headers, open ports,
directory listings, and software versions
Evaluate API Security: Test for weak authentication, improper
authorization checks, and insecure data handling
Preventative Measures for Information Disclosure:
Error Handling: Use generic error messages and secure storage for
detailed error logs
Server Configuration: Disable directory listings, close unnecessary ports, and update software regularly
API Security: Encrypt data exchanges, generate and monitor API access
logs, simulate API attacks using automated tools
Name 3 things that Importance of Digital Certificates:
Authenticate the identity of web servers
Facilitate secure exchange of cryptographic keys
Essential for maintaining trust and security in online transactions
Tools for Analyzing Certificates:
OpenSSL- Command-line tool for gathering detailed certificate information.
Online SSL Checkers- Validate certificate chains, check for vulnerabilities, assess
compliance with best practices
What is Certificate Transparency (CT):
Framework introduced by Google
Provides publicly auditable logs of issued certificates
Detects mistakenly or maliciously issued certificates.
Certificate Revocation Mechanisms-
Online Certificate Status Protocol (OCSP):
Checks certificate revocation status
OCSP Stapling: Performance optimization technique for efficient certificate validation
Certificate Revocation Mechanisms-
Certificate Revocation Lists (CRL):
Lists revoked certificates
Which of the following is the BEST reason why job boards like Indeed or Glassdoor are valuable for penetration testers during OSINT?
They list roles, required skills, and technologies in use
Which of the following is a common cause of information disclosure, often revealing sensitive details such as database dumps or server file paths?
Error messages
frequently cause information disclosure by displaying sensitive system details like database dumps or server paths. DNS misconfiguration can expose other technical details, password spraying is an attack technique, and social engineering targets individuals rather than systems.
What command in Linux is used to perform DNS lookups to retrieve information about a domain’s IP addresses?
DIG
What role do Certificate Transparency logs play in enhancing digital certificate security?
Detect rogue certificates
Which search engine operator restricts results to a specific website or domain?
site
What is a DNS (Domain Name System)?
Translates human-friendly hostnames into machine-readable IP
addresses
What is Reverse DNS?
Maps IP addresses back to hostnames, useful for network
administrators and security professionals
How DNS Lookups Work:
User enters a URL in a web browser
DNS resolver contacts a root DNS server, then a TLD server, and
finally the authoritative DNS server
Returns the corresponding IP address to the browser
How Reverse DNS Lookups Work:
Querying the DNS with an IP address to find the associated PTR
(pointer) record
