2.2 Reconnaissance 2
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
1 hour 41 minutes
Hey, guys, Welcome back to the cyber kilt. In course of Savary.
This is, uh, the man imminent. This episode we're going to start our targeted attack. First step is reconnaissance.
So, as I said before and we discussed, there are seven steps of the Sybil Cochin
the first step. And as I said, the most important step is reconnaissance. Because you can think of reconnaissance as the base of the attack. When you have good reconnaissance, it would make the next
a few steps
a lot easier. So you want to have good reconnaissance to build a successful, targeted attack on top of this.
So every Constance, we gather information on the target before the actual attack start. That's the whole goal of reconnaissance. There are a number of ways O. R. Types of reconnaissance. There's passive on active reconnaissance and passive. What we're doing is we're looking for publicly available information on the Internet.
We're not interacting with the target. We're trying to keep our distance,
and this phase you can take your time because
the other side does not really know that you're actually started a targeted attack on them. However, an active,
uh, the there's an interaction with the other side. They can discover
the reconnaissance going on and then build their defense. Based on that, I've seen a number of companies that monitor pink attacks to their server as soon as they get a pink attack,
they would actually investigate that pink attack. Where did it come from? And what was the plan
or what is the intention off the pink attack?
So let's start with passive
A lot of people call this foot printing because what we're doing is we're looking for publicly available information on the Internet. Not yet. There we were. We communicate with the end
Stargate or the Attack Eddie, the target of this attack. So there's a number of techniques that are used doing reconnaissance or passive reconnaissance. The 1st 1 is who is
and do. It would actually give you give us a lot of information, uh, about the the target. So let's say we're going to separate Dr Tea, and
this would give us the upset would also give us the admin off the upset, and this information might not seem that just
thing. However, admin is usually have excessive privileges. And if you're planning on doing a social attack. That's the guy you want to go for, because usually he has system admin brought If it was Lennox, Andi has this privileges that no one asks my top.
the first thing is, who has recovered that the second thing is on a slick up. Let's say you have 70. That i t. But you don't actually know the I pee a lot of people would would do is the gonna pin get? But, Alvarez, I just said pink is considered to be an active attack like an active conscience because you're actually communicating with the device.
However, and this look up
is not because of what you're actually doing it in a slick up,
you're querying the d N issue, not actually communicating with. Then device.
And I'm gonna copy this.
We're going to use it in the next example. So
let's go to the next one. Census Census is oh, upside that is publicly available
and has a lot of information about
websites around the Internet.
So you'll get a lot of information from census that would help you during this face. So let's face the I P that we just copied here
and look at the kind of mission that would give us. It would give us the I. P address would give us the rotting off the I P address. It would give us the location off the server. Who's hosting it? What is the verdict here Last it would actually show this apartment is disabled and so on. So you want to spend more time here? Because
if you look at it, if I I type savagery that I t.
I would get pages and pages and pages off host I, P's and ah, addresses that are somewhat related to ah, savagely
the other example that I want to show you his Children
and I'm going to do the exact same thing. I'm gonna taste. I pee first, Keeping in mind that that's not only I P that there is, we just saw three eyepiece. And if I go back to senses, I'm going to get a lot more peace than the ones that I get and who is
so it would actually give us this map on the open ports and service is that are available. So let's look at savagery that I t.
well, look at what kind of doctor do you get? So we get a number of outfits is not the only single one that we get before
most of them are in the United States. This is kind of the same information. However, I'm getting the technology that they're using. So I know they're using grouping rails and so on.
So the next thing that I want to talk about
is social media
social media is
a good thing.
And when you look at the big picture we started communicating with each other. We started to learn more using social media. However, sometimes we tend to share a lot more than we should. On social media. There are two examples here. The 1st 1 is the technologies that I'm using. So let's say I work for a company and then
I add to my lengthen account, saying that
I can support Siskel, Model X, Y Z and, uh,
Brocade Switch X.
Why's he too?
What happens is basically I'm telling the Attackers or the hackers my company uses
this and this mother's this model is their fire on this model. Is there stretch or a lot of that they're actually using
this might not seem like something that is,
Interesting to the hacker, However, it's really is because when you're given this information, he knows exactly what kind of
basically vulnerabilities you might have in the future. Or if you ever have easier today, trust me, he will be the first to jump. On. The other aspect is social media and social media. There's the social aspect of social media. So if you go to a less professional type of social media like Facebook or any up,
uh, the Instagram Rania of these less professional than lengthen
where we shared our personal information by the then our professional information,
you'll find a lot of information that would help and attack writable the profile on someone. So, you know, if he's interested in scuba diving, go on horseback riding where he loves cars, so soccer or football or something like that, and then you can build
a a profile about this guy. Imagine if this guy was the admin that we just saw
on. Who is
Andi? He was interested in something that you were able to catch, isn't just using
ah, social engineering attack.
So the last thing that I want to talk about year is Dumpster diving, and it's kind of the most disgusting of the past of reconnaissance. But it's also the only one that is actually physical.
So a lot of companies dispose the information and not so secure way. So what they do is they just throw it in the garbage and then from the garbage backed out to the dumpster, what hackers can do is jump into this dumpster and collect this information. So if they have any manuals, if they have any contracts, if they have any information that
that they don't really want
to share with the would anyone out there,
the hacker or the attacker would have access to it through their dumpster.
So we covered reconnaissance on passively. Constance. Let's go back and answer these questions. So what is the purpose of reconnaissance?
The purpose of Re Constance is to build the base off a successful, targeted attack by collecting and gathering as much information as possible that would help me in later stages.
Second is what are the two cod two main types of the conscious and recover this. There's the active where you interact with the target and There's the passive which recovered and you don't interact on, try to gather information publicly available on the Internet.
There it is. How is posting information on social media? Help, adversities? And as you said, we're giving a lot more information than we should. What kind of systems we support with all the interest of off system admin is and so on.
The last question is the I p I get from rank and us look up on the company's Web site. There's only one I need. That's actually not true, because there's a lot of ups links that are hidden from who is or on a slick up because they're siblings or they're not available for, ah, honest look up
because they're not supposed to be access statically.
So in today's video, we cover the Step one of the Sabra guilty and Reconnaissance.
We talked about passive reconnaissance, and we going through a couple of example of passive reconnaissance in the next video, we're going to talk about activity constant space on actively constance technique.
See you then