General recon

General reconnaissance includes all the conventional means of collecting information that are not included in the other recon techniques:

  • Public record research – most of this type of research used to be done in a library but now can be done online. Any company that is publicly traded on a stock exchange is required to file public records that can yield a lot of information.
  • Websites – most organizations today maintain websites that can provide a lot of information. Technical support and help desk pages often contain a lot of information about systems configuration and network infrastructure.
  • DNS information –
  • Phone calls – it is suprising how much information is available simply by making a phone call and asking for help. Organizations may have public information hotlines that are helpful and by using information gleaned from web pages and other phone calls, it may be possible to accumulate a phone list of internal numbers that may be extremely useful.
  • Social engineering – this is all about establishing a level of trust.
    • Social Networking – an attacker can start at the trust perimeter, with people who are required to have light contact with the public (like a receptionist or phone operator) and work their way in toward the center of the organization through a series of introductions.
    • Semantics – learning the organizational language code helps an attacker to sound more authentic and become more easily trusted. Every group has its own semantic “profile” of specific word meanings and abbreviations that are commonly used and everybody inside the group understands them. Using language in this style creates an atmosphere of familiarity and then trust.
    • Caller-ID spoofing – it may be possible to spoof the caller-id number that shows up on a telephone to trick the person on the other end of the line into believing the caller has authoritative credentials or even just that they are calling from inside the building or calling from a specific department.

Leave a Reply

You must be logged in to post a comment.