Conducting Passive Reconnaissance for Vulnerabilities in a Network

Practice Labs Module
Time
57 minutes
Difficulty
Intermediate

Welcome to the Conducting Passive Reconnaissance for Vulnerabilities in a Network Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Overview

Introduction

Welcome to the Conducting Passive Reconnaissance for Vulnerabilities in a Network Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Conducting Passive Reconnaissance for Vulnerabilities in a Network
  • Exercise 2 - Leveraging the Gathered Information

After completing this lab, you will be able to:

  • Use the WHOis Website
  • Perform Social Media Exploitation
  • Use Shodan
  • Use Google Hacking
  • Use DNS Querying
  • Use theHarvester
  • Use Recon-ng
  • Create a Temporary E-mail Account
  • Use Maltego
  • Find Analysis and Weaponization
  • Know about Content of Interest
  • Prepare for Next steps and its Guidelines

Exam Objectives

The following exam objectives are covered in this lab:

  • PT0-001: 2.1 Given a scenario, conduct information gathering using appropriate technique
  • PT0-001: 2.2 Given a scenario, perform a vulnerability scan
  • PT0-001: 4.2 Compare and contrast various use cases of tools

Lab Duration

It will take approximately 1 hour to complete this lab.

Exercise 1- Conducting Passive Reconnaissance for Vulnerabilities in a Network

Information gathering is critical in penetration testing. Without gathering information about the targets, the attackers may not know what to target. With the amount and type of information the attacker gathers, the attacker can form the strategy for penetration testing.

The attackers normally use Open source intelligence (OSINT) to obtain information that is available publicly. There is nothing wrong with collecting such information as it is not confidential or private. Anyone with some bit of skills can obtain information about the targets. There are various places one can look for information:

  • Whois database
  • Target’s Website
  • Social media profiles of employees
  • Google search results
  • DNS information
  • Blogs and public forums
  • A tool, such as Maltego, helps you with detailed Footprinting information about a Website.

In this exercise, you will learn about passive reconnaissance for vulnerabilities in a network.

Learning Outcomes

After completing this exercise, you will be able to:

  • Use the WHOis Website
  • Perform Social Media Exploitation
  • Learn about Shodan
  • Use Google Hacking
  • Use DNS Querying
  • Use theHarvester
  • Use Recon-ng
  • Create a Temporary E-mail Account
  • Use Maltego

Exercise 2 - Leveraging the Gathered Information

After performing passive reconnaissance, now you need to put the gathered information to use. There were different tools that were used to gather various types of information, such as IP addresses, DNS information, subdomain names, and so on. Beyond this point, you now need to make good use of this information.

In this exercise, you will learn about leveraging the gathered information.

Learning Outcomes

After completing this exercise, you will be able to:

  • Find Analysis and Weaponization
  • Know about Content of Interest
  • Prepare for Next Steps and its Guidelines
Learning Partner
Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.