For this post, I will attempt to run a footprint on a website as per one of my assignments at school.
As someone who has little knowledge of the offensive side of cybersecurity, the Visio footprinting assignment was undoubtedly an eye-opener. In my map of http://bellevue.edu/, I was able to see every domain listed on Bellevue’s website. I could also see various scripts and all associated social media accounts. Next, I began to scroll through the rather long list of domains and saw what technologies Bellevue uses, such as Google Tag Manager, Adobe Reader, survey tools, and form submission systems.
With the provided information, if I was attempting to secure Bellevue’s domain, I could get a quick overview of all associated domains connected, as well as what other services interact with the network. If I was trying to attack Bellevue, I could see a list of targets I could attempt to penetrate or damage and quickly order them in a list of importance/difficulty. Even if Bellevue’s security was efficient, I could then try to penetrate its many known partners and affiliates (as shown by the diagram) to try to get access that way. It is also very beneficial to understand what naming conventions organizations use in naming their domains; this can help me create malicious websites that spoof their current ones.
In the future, I believe I will use Visio’s website map capabilities a lot more, as it is a simple tool to quickly form the digital footprint of an organization’s digital assets.