What is Reconnaissance & Planning?

on
Intro 
the attacker gathers as much publicly available information about the target, also called Footprinting.

1. Active Reconnaissance: actively engaging with the target network, hosts,
employees, port scanning, vulnerability scans, web app scanning etc.

Passive Reconnaissance:- utilizing publicly available information about target.


Passive Reconnaissance

Gather information about organization/target. Whois and domain information.

Phone numbers and contact names

Email addresses and Email harvesting

Security related information

Website, source code, Website mirroring

Internet/Google/open source search/Social Media:- fb, twitter, insta, linkedin

Social engineering 

Dumpster diving

Job Posting, Resumes

Information system used

OSINT Framework

Lookup commands 
A or AAAA

Provides a computer's IP address

CNAME

Provides a canonical name for an alias

HINFO

Provides a server's CPU and type of operating system

MB

Provides a mailbox domain name

MINFO

Provides mailbox or mail list information

MX

Provides the mail exchanger

NS

Provides a DNS name server for the named zone

PTR

Provides a computer name if the query is an IP address

SOA

Provides the start-of-authority for a DNS zone

TXT

Provides the text information

UID

Specifies the user identifier

Active Reconnaissance Scanning & discovery

In Active Reconnaissance attacker engage  directly with the target computer or
network in order to gather information. However, it is inherently riskier due to
cybersecurity defenses such as firewalls, anti-virus software, and intrusion monitors.

Scanning is typically conducted after extensive passive reconnaissance has been
conducted on the target.

This stage does not involve any exploitation or gaining access. It is focused on gather
information like OS version, running services version, any misconfigurations or
vulnerability in the stack.


Common Active Reconnaissance Techniques

1. Network Scanning:- identity about active hosts and network

Port scanning:- identify about open ports

Vulnerability scanning:- identify if any vulnerable host or services





Comments

Post a Comment