官术网_书友最值得收藏!

Chapter 3. Active Reconnaissance and Vulnerability Scanning

The objective of the reconnaissance phase is to gather as much information about the target as possible in order to facilitate the exploitation phase of the kill chain.

We have seen how passive reconnaissance, which is almost undetectable, can yield a significant amount of information about the target organization and its users.

Active reconnaissance builds on the results of open-source intelligence and passive reconnaissance, and focuses on using probes to identify the path to the target and the exposed attack surface of the target. In general, complex systems have a greater attack surface, and each surface may be exploited and then leveraged to support additional attacks.

Although active reconnaissance produces more information, and more useful information, interactions with the target system may be logged, triggering alarms by protective devices, such as firewalls and intrusion detection systems. As the usefulness of the data to the attacker increases, so does the risk of detection; this is shown in the following diagram:

Active Reconnaissance and Vulnerability Scanning

To improve the effectiveness of active reconnaissance in providing detailed information, our focus will be on using stealthy, or difficult to detect, techniques.

In this chapter, you will learn:

  • Stealth scanning strategies
  • Network infrastructure, host discovery, and enumeration
  • Comprehensive reconnaissance applications, especially recon-ng
  • Targeted vulnerability scanning
主站蜘蛛池模板: 丘北县| 海盐县| 镇巴县| 红安县| 平安县| 汝阳县| 佛坪县| 阿勒泰市| 宜章县| 隆化县| 闽清县| 新乡市| 贺州市| 湖南省| 阿合奇县| 惠安县| 平舆县| 湘潭县| 京山县| 宝应县| 滁州市| 静海县| 汉中市| 淮阳县| 荔浦县| 威海市| 罗定市| 光山县| 抚顺县| 通道| 饶平县| 宝兴县| 上犹县| 兴和县| 古蔺县| 鹿邑县| 静海县| 祁东县| 二连浩特市| 定襄县| 许昌县|