官术网_书友最值得收藏!

Chapter 2. Identifying the Target – Passive Reconnaissance

Reconnaissance is the first step of the kill chain when conducting a penetration test or an attack against a network or server target. An attacker will typically dedicate up to seventy-five percent of the overall work effort for a penetration test to reconnaissance, as it is this phase that allows the target to be defined, mapped, and explored for the vulnerabilities that will eventually lead to exploitation.

There are two types of reconnaissance: passive reconnaissance, and active reconnaissance.

Generally, passive reconnaissance is concerned with analyzing information that is openly available, usually from the target itself or public sources online. On accessing this information, the tester or attacker does not interact with the target in an unusual manner—requests and activities will not be logged, or will not be traced directly to the tester. Therefore, passive reconnaissance is conducted first to minimize the direct contact that may signal an impending attack or to identify the attacker.

In this chapter, you will learn the principles and practices of passive reconnaissance, which include the following:

  • Basic principles of reconnaissance
  • Open-source intelligence (OSINT)
  • DNS reconnaissance and route mapping, including issues with IPv4 and IPv6
  • Obtaining user information
  • Profiling users for password lists

Active reconnaissance, which involves direct interaction with the target, will be covered in Chapter 3, Active Reconnaissance and Vulnerability Scanning.

主站蜘蛛池模板: 望城县| 宁强县| 长泰县| 镇平县| 监利县| 横峰县| 宁都县| 湾仔区| 朝阳区| 会同县| 时尚| 余庆县| 连城县| 额敏县| 邵阳县| 双城市| 同心县| 安阳县| 康平县| 鄂伦春自治旗| 宣化县| 新田县| 扎鲁特旗| 渝中区| 榆中县| 柏乡县| 太湖县| 巨鹿县| 辽宁省| 沿河| 乌拉特中旗| 桂林市| 江津市| 南宫市| 宜丰县| 绥宁县| 武夷山市| 青田县| 东阳市| 大余县| 故城县|