The success and efficiency of any pentest is largely based on the quality of information gathered at the start of the engagement. If you want to leverage sources like Google Dorking, DNS queries, and other public data sources to set yourself up for a successful pentest, then this hands-on course is a great place to start.
When planning an offensive or red team engagement, the first step you will want to perform as an attacker is reconnaissance. Understanding how to find information and what sources will provide you with the most useful information is key to the recon phase. Performing the reconnaissance phase sets you, an offensive team member, up for success by providing information vital for both the scanning/enumeration phase and the exploitation phase of an engagement. This lab will teach the basics of how to utilize search engines and DNS to gather information about a target. Additionally, this lab discusses information that can be gathered from public registry databases such as whois.
Target Audience: The target audience for this course is offensive team members learning the basics of performing recon for an engagement.
Course Level: Beginner
Prerequisites: Linux command line
Course Goals: By the end of this course, learners should be able to:
- Understand types of information that can be gathered from social media
- Understand types of information that can be gathered from whois
- Utilize Google Dorking to perform targeted searches
- Perform a DNS zone transfer to gather domain information
- Understand how to mitigate the risk of a domain zone transfer
Labs Used: dns