Reconissance
Sylice
Member Posts: 100
What exactly in detail is reconissance? As far as I know it's scanning a netblock until you find a vulnerable target.
Comments
-
cyberguypr Mod Posts: 6,928 ModReconnaissance is basically gathering information about your target. There's passive reconnaissance which is done quietly, with zero target interaction. That means no packets flowing. Some example of passive recon include Google searches, SEC filings, job postings, social media, watching employees arriving and leaving, and other kinds of OSINT. Active reconnaissance means you are somehow touching your target. Examples include doing port scans, vuln scans, fingerprinting, walking into the building and talking to the receptionist/security guard, checking to see if doors are locked, etc.
-
rob1234 Banned Posts: 151cyberguypr wrote: »Reconnaissance is basically gathering information about your target. There's passive reconnaissance which is done quietly, with zero target interaction. That means no packets flowing. Some example of passive recon include Google searches, SEC filings, job postings, social media, watching employees arriving and leaving, and other kinds of OSINT. Active reconnaissance means you are somehow touching your target. Examples include doing port scans, vuln scans, fingerprinting, walking into the building and talking to the receptionist/security guard, checking to see if doors are locked, etc.
A lot of those active examples are not in the reconnaissance stage but are in the Network mapping, vulnerability identification and even the penetration stage. -
636-555-3226 Member Posts: 975 ■■■■■□□□□□cyberguypr wrote: »Reconnaissance is basically gathering information about your target. There's passive reconnaissance which is done quietly, with zero target interaction. That means no packets flowing. Some example of passive recon include Google searches, SEC filings, job postings, social media, watching employees arriving and leaving, and other kinds of OSINT. Active reconnaissance means you are somehow touching your target. Examples include doing port scans, vuln scans, fingerprinting, walking into the building and talking to the receptionist/security guard, checking to see if doors are locked, etc.
Ditto. Basically learning everything you can about your target without "touching" it in too much detail. I liken it to looking up MX records to see what they use for email services/filtering. If you find out they use Exchange Online / O365 and you know that Exchange Online's email filtering is absolute rubbish, then you know when you move on to the next phase after reconnaissance that email is one of the first ways you try to get in. You can find out a lot about someone / something without even "touching" them -
cyberguypr Mod Posts: 6,928 ModFunny, re-reading what I posted last night I see what a mess I made with active recon. I should really stop posting when I'm sick and under the influence of meds.
I'm including examples for recon and scanning topics from SANS SEC 504:
Reconnaissance
What does your network reveal?
Are you leaking too much information?
Using Whois lookups, ARIN, RIPE and APNIC
Domain Name System harvesting
Data gathering from job postings, websites, and government databases
Recon-ng
Pushpin
Identifying publicly compromised accounts
Maltego
FOCA for metadata analysis
Scanning
Locating and attacking unsecure wireless LANs
War dialing with War-VOX for renegade modems and unsecure phones
Port scanning: Traditional, stealth, and blind scanning
Active and passive Operating System fingerprinting
Determining firewall filtering rules
Vulnerability scanning using Nessus and other tools
p.s. thanks for the negative rep -
zxshockaxz Member Posts: 108Just to throw in my 2 cents:
Recon is also often used interchangeably with Intelligence Gathering and Information gathering, and it isn't too uncommon for people to give you slightly different definitions.
pentest-standard.org and owasp.org have great sections on recon/intelligence gathering. Depending on the scope of the engagement, gathering details on people is just as critical as gathering details on their technology. -
renacido Member Posts: 387 ■■■■□□□□□□Some people need to loosen their bow ties a little and chill out. The point of this forum is to share info to help others. If you're posting to win a Smartest Guy In the Room trophy the site you're looking for is www.faceb......
Anyway Cyrberprguy got it right. Yeah depending on the nerd you ask, some of the steps he mentioned could be considered scanning, enumeration, etc., some just call it active recon. But to say he got it wrong is reductionist and isn't helpful to answering the OP's question. -
E Double U Member Posts: 2,233 ■■■■■■■■■■The point of this forum is to share info to help others. If you're posting to win a Smartest Guy In the Room trophy the site you're looking for is www.faceb......
Then I am in the wrong place. Please provide the rest of that URL.Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
bpenn Member Posts: 499E Double U wrote: »Then I am in the wrong place. Please provide the rest of that URL.
Oh, and make sure you spell your comments right on Facebook or prepared to be annihilated by the grammar gods."If your dreams dont scare you - they ain't big enough" - Life of Dillon -
MrAgent Member Posts: 1,310 ■■■■■■■■□□Hah. Some jerk gave me negative rep for giving cyberguypr +rep.
-
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□Hah. Some jerk gave me negative rep for giving cyberguypr +rep.
Sounds like a good enough reason to me... -
cyberguypr Mod Posts: 6,928 ModWhoever is giving the negative rep for the second time questioning the masculinity of any member should at least put his/her name in the rep so we know who to thank.
-
bpenn Member Posts: 499Hah. Some jerk gave me negative rep for giving cyberguypr +rep.
Me, too. I am bathing in the salty tears."If your dreams dont scare you - they ain't big enough" - Life of Dillon