HackingTheUniverse

General reconnaissance includes all the conventional means of collecting information that are not included in the other recon techniques: Public record research – most of this type of research used to be done in a library but now can be done online. Any company that is publicly traded on a stock exchange is required to [...]

Going beyond simply reading a web page and extracting helpful information from it, google can be used to find much more information that can aid an attacker. Searching for target information – the attacker often begins by doing simple searches and building some kind of knowledge record or map of what they have learned. This [...]

Network scanning usually begins with discovering ranges of IP addresses and then specific systems within those ranges. Once the live systems have been located, they are scanned for responding ports and an attempt is made to identify the services running on the ports and the versions of the services. Once this map is filled in, [...]

Performing reconnaissance by sniffing packets requires access to the network data stream. In most cases, that implies some form of attacker presence already inside the network perimeter. Given that it is possible to sniff packets, a variety of interesting analysis techniques become possible. Passive target location – packet analysis tools easily collect IP addresses and [...]