![]() It is common practice to develop a persona before beginning reconnaissance in the social media world. James Broad, Andrew Bindner, in Hacking with Kali, 2014 Create a DopplegangerĪ doppelganger in folklore is a ghostly copy of an individual. For each phase, we will be going over the core technologies that we will be using, the general approach, and how to use open source tools to utilize that technology effectively in our reconnaissance activities. ![]() Each of these uses specific core technologies which we will leverage using a variety of open source tools. That said, if you find additional details about the target during future penetration testing activities which could be further expanded upon through addition reconnaissance, it may be worthwhile to go through the reconnaissance methodology using those new details as input.įor the remainder of this chapter, we will examine four of the reconnaissance phases in detail: intelligence gathering, footprinting, human recon, and verification. Reconnaissance’s value decreases after you have reached the point where further actions should be performed or when no further useful information can be gathered. If you reach a point where you feel that you have gathered sufficient information for successfully performing your penetration test, feel free to terminate your reconnaissance. This can take a very long time and can be as detailed as you need depending on your specific purposes. The first four phases in Table 2.1 are reiterative that is, we repeat them in sequence over and over again until no new information is added, at which point the loop should terminate. The output of this phase is a list of IP addresses from prior phases which have been confirmed as reachable. This is a phase which spreads between reconnaissance and enumeration. To confirm the reachability of the IP addresses identified in prior phases. Some additional information can sometimes be gathered as a side product of the verification. This phase rarely produces new output but can clean up existing output by removing invalid data. To confirm the validity of information collected in the prior phases. The output of this phase is a list of names, job titles, contact information, and other personal details about the people associated with the organization. To analyze the human perspective of the target and gain as much intelligence as possible about the people associated with the organization. The output of this phase is a list of DNS host names, IP addresses, and IP address ranges. To mine as many DNS host names as possible from the domains or company names collected and translate those into IP addresses or IP address ranges. In addition, other useful information may be uncovered. The output of this phase is a list of company names, partner organization names, and DNS names which reflect the entire target organization including all of its brands, divisions, and local representations. To learn as much about the target, its business, its organizational structure, and its business partners as possible. Open Source Intelligence (OSINT) Gathering
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |