- Mastering Kali Linux for Advanced Penetration Testing
- Robert W. Beggs
- 366字
- 2021-07-16 11:33:20
Basic principles of reconnaissance
Reconnaissance, or recon, is the first step of the kill chain when conducting a penetration test or attack against a data target. This is conducted in before the actual test or attack of a target network. The findings will give a direction to where additional reconnaissance may be required, or the vulnerabilities to attack during the exploitation phase.
Reconnaissance activities are segmented on a gradient of interactivity with the target network or device.

Passive reconnaissance does not involve direct interaction with the target network. The attacker's source IP address and activities are not logged (for example, a Google search for the target's e-mail addresses). It is difficult, if not impossible, for the target to differentiate passive reconnaissance from normal business activities.
In general, passive reconnaissance focuses on the business and regulatory environment, the company, and the employees. Information of this type is available on the Internet or other public sources, and is sometimes referred to as open source intelligence, or OSINT.
- Passive reconnaissance also involves the normal interactions that occur when an attacker interacts with the target in an expected manner. For example, an attacker will log on to the corporate website, view various pages, and download documents for further study. These interactions are expected user activities, and are rarely detected as a prelude to an attack on the target.
- Active reconnaissance involves direct queries or other interactions (for example, port scanning of the target network) that can trigger system alarms or allow the target to capture the attacker's IP address and activities. This information could be used to identify and arrest an attacker, or during legal proceedings. Because active reconnaissance requires additional techniques for the tester to remain undetected, it will be covered in Chapter 3, Active Reconnaissance and Vulnerability Scanning.
Penetration testers or attackers generally follow a process of structured information gathering, moving from a broad scope (the business and regulatory environments) to the very specific (user account data).
To be effective, testers should know exactly what they are looking for and how the data will be used before collection starts. Using passive reconnaissance and limiting the amount of data collected minimizes the risks of being detected by the target.
- 攻守道:企業數字業務安全風險與防范
- 數字身份與元宇宙信任治理
- 網絡安全保障能力研究
- Enterprise Cloud Security and Governance
- Preventing Digital Extortion
- 反黑命令與攻防從新手到高手(微課超值版)
- Computer Forensics with FTK
- 黑客攻防從入門到精通
- 構建新型網絡形態下的網絡空間安全體系
- 華為Anti-DDoS技術漫談
- Manga Studio 5 Beginner's Guide
- 從實踐中學習Nmap滲透測試
- 工業控制系統網絡安全實戰
- 大話數據恢復
- Learning Metasploit Exploitation and Development