Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Reconnaissance for Ethical Hackers

You're reading from   Reconnaissance for Ethical Hackers Focus on the starting point of data breaches and explore essential steps for successful pentesting

Arrow left icon
Product type Paperback
Published in Aug 2023
Publisher Packt
ISBN-13 9781837630639
Length 430 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Glen D. Singh Glen D. Singh
Author Profile Icon Glen D. Singh
Glen D. Singh
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Part 1: Reconnaissance and Footprinting
2. Chapter 1: Fundamentals of Reconnaissance FREE CHAPTER 3. Chapter 2: Setting Up a Reconnaissance Lab 4. Chapter 3: Understanding Passive Reconnaissance 5. Chapter 4: Domain and DNS Intelligence 6. Chapter 5: Organizational Infrastructure Intelligence 7. Chapter 6: Imagery, People, and Signals Intelligence 8. Part 2: Scanning and Enumeration
9. Chapter 7: Working with Active Reconnaissance 10. Chapter 8: Performing Vulnerability Assessments 11. Chapter 9: Delving into Website Reconnaissance 12. Chapter 10: Implementing Recon Monitoring and Detection Systems 13. Index 14. Other Books You May Enjoy

The importance of reconnaissance

The first phase of ethical hacking is reconnaissance – the techniques and procedures that are used by the ethical hacker to collect as much information as possible about the target to determine their network infrastructure, cyber defenses, and security vulnerabilities that can be compromised to gain unauthorized access and improve attack operations accordingly. From a military perspective, reconnaissance plays an important role in planning and launching an attack on a target. Collecting information about the target helps the attacker to determine the points of entry, type of infrastructure, assets owned, and the target’s strengths and weaknesses.

To put it simply, reconnaissance helps ethical hackers to gain a deeper understanding of an organization’s systems and network infrastructure before launching an attack. The collected information can be leveraged to identify any security vulnerabilities that can be exploited, thus enabling the ethical hacker to compromise and gain a foothold in the targeted systems. For instance, using reconnaissance techniques enables the ethical hacker to identify any running services and open ports and the service and software versions on a system, all of which can be used to identify and determine potential attack vectors on the target.

In addition, using reconnaissance techniques such as Open Source Intelligence (OSINT) enables the ethical hacker to passively collect information about their target that’s publicly available on the internet. Such information may contain usernames, email addresses, and job titles of employees of the targeted organization. This information can be leveraged to create various social engineering attacks and phishing email campaigns that are sent to specific employees within the targeted company.

The following screenshot shows an example of employees’ information that’s publicly available on the internet:

Figure 1.2 – Employees’ data

Figure 1.2 – Employees’ data

As shown in the preceding screenshot, these are various employees of a specific organization. Their names, email addresses, and job titles are publicly known on the internet. A threat actor could look for patterns in their email addresses to determine the format that’s used for all employees of the company. For instance, let’s imagine there’s an employee whose name is John Doe and his email address is [email protected] and another employee is Jane Foster with an email address of [email protected]. This information shows a pattern and format for employees within the same organization: {f}{lastname}@domain-name.com, where f is the initial letter of the person’s first name followed by their last name and the company’s domain name. Such information can help an ethical hacker to send phishing email campaigns to specific email addresses of high-profile employees of the targeted organization.

Reconnaissance helps organizations to reduce the risk of being compromised by a threat actor and improve their cyber defenses. By enabling an ethical hacker to perform reconnaissance techniques and procedures on an organization’s systems and network infrastructure, the organization can efficiently identify security vulnerabilities and take the necessary measures to remediate and resolve them before they are discovered and exploited by adversaries. Furthermore, reconnaissance helps organizations to both identify and keep track of potential threat actors, enabling the company to gain a better understanding of the cybersecurity threat landscape while implementing and improving proactive countermeasures to safeguard their assets, systems, and networks. Hence, reconnaissance is not only important to adversaries but cybersecurity professionals use the gathered information to help organizations.

Reconnaissance is divided into the following types:

  • Passive reconnaissance
  • Active reconnaissance

Passive reconnaissance enables the ethical hacker to leverage OSINT techniques to gather information that’s publicly available from various sources on the internet without making direct contact with the target.

The following are some examples of OSINT data sources:

  • Job websites
  • Online forums
  • Social media platforms
  • Company registry websites
  • Public Domain Name System (DNS) servers

It’s important for ethical hackers to use similar techniques and procedures as adversaries during their security assessments to provide real-world experience to their customers. In addition, it also helps the organization to determine whether its security team and solutions are able to detect any security intrusions that are created by the ethical hacker. If the security team were unable to detect any actions that were performed during the ethical hacking and penetration testing assessment, it’s a good sign for the ethical hacker as their techniques were stealthy enough to bypass and evade any threat detection systems on the network. However, this means the organization’s security team needs to improve their threat monitoring and detection strategies and tune their sensors to catch any security-related anomalies.

Active reconnaissance involves a more direct approach by the threat actor and ethical hacker to gather information about the target. In active reconnaissance, the ethical hacker uses scanning and enumeration techniques and tools to obtain specific details about the targeted systems and networks. For instance, to determine running services and open ports on a server, the ethical hacker can use a network and port scanning tool such as Nmap to perform host discovery on a network. However, active reconnaissance increases the risk of triggering security sensors and alerting the security team about a possible reconnaissance-based attack being performed.

In the next section, you will learn how cybersecurity professionals, including ethical hackers, leverage the information that is collected during reconnaissance to help organizations improve their security posture and manage their attack surfaces.

You have been reading a chapter from
Reconnaissance for Ethical Hackers
Published in: Aug 2023
Publisher: Packt
ISBN-13: 9781837630639
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image