Project Athena
  • Welcome
  • Module 00 - Mindset
    • Introduction
    • Lectures
      • Introduction to the Offensive Security Mindset
      • Curiosity, Creativity, Persistence
      • Maintaining a Healthy Mindset
  • Module 01 - Ethics and Legal
    • Introduction
    • Lectures
      • Hacker Ethics
      • Legal Framework
      • Legal Framework in Germany
  • Module 02 - Reconnaissance
    • Introduction
    • Lectures
      • Introduction to Reconnaissance
      • Information Gathering
      • Open Source Intelligence (OSINT)
      • Social Engineering
      • Search Engines for Reconnaissance
  • Module 03 - Penetration Testing
    • Introduction
  • Module 04 - Web Security
    • Introduction
    • Lectures
      • Introduction to Web
      • Security Features of the Browser
      • Client Side Vulnerabilities
      • Server Side Vulnerabilities
  • Module 05 - Hacking with Python
    • Introduction
  • Module 06 - Assembly
    • Introduction
  • Module 07 - Reverse Engineering
    • Introduction
  • Module 08 - Binary Exploitation
    • Introduction
  • Module 09 - Forensics
    • Introduction
  • Module 10 - Metasploit
    • Introduction
  • Module 11 - Linux and Server Security
    • Introduction
  • Module 12 - Windows and AD Security
    • Introduction
  • Module 13 - Blue Teaming
    • Introduction
    • Lectures
      • Overview
      • Firewalls
      • Intrusion Detection and Prevention Systems
      • Incident Response
      • Security Information and Event Management (SIEM)
  • Module 14 - Cryptography
    • Introduction
    • Lectures
      • What is Cryptography?
      • Symmetric Cryptography
      • Asymmetric Cryptography
      • Cryptographic Attacks
  • Module 15 - Password Cracking
    • Introduction
  • Module 16 - Hardware Hacking
    • Introduction
  • Module 17 - Cloud Security
    • Introduction
    • Lectures
      • Overview of Cloud Security
      • Comparison of Server Types: Cloud, Dedicated, and Shared Servers
      • User and Permission Management in Cloud Platforms
      • Containerization Overview:
      • Cloud Computing Security Concepts:
      • Secure DevOps in the Cloud
      • Exploring Key Certifications and Standards in On-Premises and Cloud Security
  • Module 18 - Mobile Security
    • Introduction
  • Module 19 - Wireless Security
    • Introduction
    • Lectures
      • The Wireless Network Architecture
      • WiFi Security Fundamentals
      • WiFi Authentication and Encryption Mechanisms
      • WiFi Attack Vectors
      • Wireless Penetration Testing Tools and Techniques
      • Best Practices for Securing Wireless Networks
  • Module 20 - RATs and Rootkits
    • Introduction
    • Lectures
      • Remote Access Trojans
      • What is a Rootkit?
  • Module 21 - AI in offensive Security
    • Introduction
  • Module 22 - Social Engineering
    • Introduction
    • Lectures
      • Introduction to Social Engineering
      • Types of Social Engineerings Attacks
      • Stages of a Social Engineering Attack
      • Psychological Principles behind Social Engineering
      • Tools and Techniques for Social Engineering
      • Prevention and Defense against Social Engineering Attacks
Powered by GitBook
On this page
  • Types of Reconnaissance
  • Passive Reconnaissance
  • Active Reconnaissance
  • Phases of Reconnaissance
  • Real-World Example
  • Case: The Target Corporation Breach (2013)
  • Real-World Example
  • Resources
  1. Module 02 - Reconnaissance
  2. Lectures

Introduction to Reconnaissance

Reconnaissance is the initial phase where attackers collect as much information as possible about their target to find vulnerabilities they can exploit. This phase is fundamental in the cyber attack lifecycle, where attackers find and analyze accessible information to plan their attack effectively.

Types of Reconnaissance

Passive Reconnaissance

Definition: Passive Reconnaissance involves gathering information without directly interacting with the target. This type of reconnaissance is discreet and often harder to detect.

Methods

  • Utilizing search engines to find information related to the target.

  • Examining public records or open databases.

  • Scrutinizing social media platforms to gather personal and organizational information.

Tools and Techniques

  • Whois: Retrieve domain registration and hosting information.

  • nslookup: Query Domain Name System servers for domain-related details.

Example

  • Gathering a list of email addresses and employee names associated with a specific domain.

Active Reconnaissance

Definition: Involves collecting information by directly interacting with the target system, which is intrusive and can be easily detected.

Methods

  • Network scanning to identify active devices, services, and ports.

  • Sending packets to the target system to gather more information.

Tools and Techniques

  • NMAP: A network scanning tool used to discover devices running on a network and find open ports along with various attributes of the network.

  • Netcat: Utility to read from and write to network connections.

Example

  • Scanning the target IP range to find open ports and services.

Phases of Reconnaissance

  1. Information Gathering:

    • Collect basic information such as domain names, IP address blocks, and network infrastructure.

    • Utilize tools like Whois, nslookup, and DNS interrogation tools.

  2. Identification:

    • Identify specific servers, workstations, and network devices.

    • Use tools like NMAP and other network scanning utilities.

  3. Vulnerability Mapping:

    • Identify potential vulnerabilities in systems, applications, or network configurations.

    • Employ vulnerability scanning tools like Nessus or OpenVAS.

Real-World Example

Case: The Target Corporation Breach (2013)

  • Reconnaissance Role:

    • Attackers performed extensive reconnaissance to find a vulnerable third-party HVAC vendor.

    • Used the vendor’s credentials to infiltrate Target’s network.

    • Mapped out the internal network to plan the subsequent attack phases.

Real-World Example

  • Case: The Target Corporation Breach (2013)

  • Reconnaissance Role: Attackers initially performed reconnaissance to find a vulnerable third-party vendor, leveraging this access to infiltrate Target's network.

Resources

  • https://redriver.com/security/target-data-breach

  • https://www.zdnet.com/article/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned/

PreviousLecturesNextInformation Gathering

Last updated 1 year ago