welcome to Module one in Cyber is crafting the perfect email course. Re kon. The first step in any successful fishing campaign
is re kon,
so re con you've definitely heard of it before. But what is it?
Reconoce short for reconnaissance, which is a military term for observation of a region to locate an enemy or ascertain strategic features in cybersecurity. Though it's the first stage of attack where an attacker will look for information about his or her target, the trying determine weaknesses and vulnerabilities that they can later exploit.
There are two types of re con that social engineers or Attackers will use. The first and most common type is passive re kon
passive re kon is any type of reconnaissance against a target that should go unnoticed. Couple examples of that are Oh Sint Google Food Company websites
Dr Eyes, actually physically driving by the company to see if you can get a physical layout
things like that.
The second type of re kon is active re con. This is much less likely to go unnoticed because the Attackers actually engaging with the target to gather information about vulnerabilities.
Some examples of active re kon our port scanning
physically interacting with the employees or target
phone calls. Things like that.
So what is? Oh, Sint
Oh, since is short for open source intelligence, and it's one of the first steps in passive re kon.
Oh, sin to use is anything that is freely available on the Web,
and you collect all that data from these publicly available sources. Let's try and find weaknesses or information that you can use to further exploit against the target.
Why do we use Oh sint?
So first off, it is a passive type of re kon, meaning you're not going to take anyone off. You're doing recon on them.
Second, it's very easy, and you're just using information that is freely available on the Web.
Some common forms of Oh Sint, our social media Lang Facebook linked in
forums. There's a ton of forums online, and many people do post personal information on there that you could use against them
the actual company website Google, Dorking
and the Dark Web.
So there's a couple off
really common tools built into Callie Limits, which is a common pen testing platform
that we can use to do Oh sent one of the first ones I like to use is called The Harvester. It's really easy to use, and it's really quick.
Another one that takes a little bit deeper. Dive is re Kon en G,
and we're going to be doing labs on both of those later in the course.
Another really popular investigation tool just came out of a few years ago. If I remember correctly is boosted or linen,
it has many built in modules for online investigators. It was developed by David Westcott, Michael Basil of Until Techniques, and that's where it can be found. It's got a ton of built in tools like a custom Firefox browser wave built in Adam's Tor browser, Google Earth Pro, Which is good if you wanted to actually
look at the company you were trying to do. Oh, stint on
multi Go wreak on Angie and the Harvester, of course, and many more.
So let's go ahead. And now we know a little bit more about recon. Let's prep for our upcoming labs, so we're actually gonna go hands on with the harvester and re kon en G. And if you don't have a lab set up, let's go in and download virtual box and grab either the Cali limits VM or boosted Orlin Ex PM
and they both have over the files that you can import right into virtual box and get started. So, um, there are a couple differences between Callie Limits and boosted or the 1st 1 If you plan to do more
offensive security, I'd recommend Callie Lennox has got a ton of those built in tools. And if you do plan on doing mawr o cents or just online re sort research and investigations, I would recommend boosted or Lennox. And so these are the sights. You can download them and I'll go out and show you where real quick.
All right, so on virtual box out of borg slash wiki slash downloads,
you can see the
platform packages right here. They've got Windows, Mac limits and Solaris. You just click that and that will allow you to download the virtual box installer.
And if we go over to Cali dot organise k a. L i dot org's slash downloads.
That will take us when we go back. One change here
to this download page, and that's where you can download all the ice oes. But what we're looking for. If you scroll down, they've actually got an O. V. A. Built in for virtual box. And if you click that offensive security download page,
it'll take us right there
for both virtual box and I'm VM where
and we'll click the virtual box images. And here's the over the final a direct download, and they do have a torrent as well.
I normally recommend the Torrent file. It is a little bit quicker if you're familiar with that. If not, you can use the direct download as well. And they do provide the Shaw
And last but not least, we wouldn't go to Intel techniques dot com slash bruschetta,
and that will take us right to the download page here. It tells you a little bit more about the investigative OS and some of the built in tools, and we've got our Google drive download and the direct download, and again they provide that check sums. You can verify that you are downloading what you should be.
Once you get those downloaded, you can import them right into virtual box, and that will get you ready for our labs,
and we're going to end this lesson
with just a really quick who is
so first what is. Oh sint,
you don't give you just a second.
Oh, Sint is short for open source intelligence. It's when we collect data from publicly available sources like the Web.
Next question. What is the difference between active and passive re? Come?
And we talked about both these types of re comes
and the 1st 1 active is a type of re kon, which an attacker actively engages with the target.
And passive is a type of recon that should go unnoticed. Common way to do Pass Every con is with oh sent
in last question here. What are two common Lynn experience used to perform Re Kon?
We talked about how to download both of these, so we'll get right into it. The 1st 1 is Callie Lennox,
and the 2nd 1 is boosted or Lennox
and legs that there's a couple differences between the two. There bull for built
with a lot of tools that you can use. Callie Lennox is geared more towards penetration testers and people doing offensive security and boosted or Lennox is geared towards people that are doing research like online investigators and things like that.
So next up, we have the R Harvester lab, and we're gonna learn a little bit about the harvester and actually do some active, absent.
Students will send a phishing email using the Social Engineering Toolkit. Students will then impersonate ...
Phishing Skill Assessment
Phishing is the act of attempting to obtain confidential/personal information and/or funds about the target ...