HackingTheUniverse

You are browsing the archives of reconnaissance.

Nmap, the free, open source utility that has become a basic tool for many network security professionals, has released a new version. Nmap 5.20 Released – [nmap.org] Happy new year, everyone. I’m happy to announce Nmap 5.20–our first stable Nmap release since 5.00 last July! It offers more than 150 significant improvements, including: o 30+ [...]

Kismet is a powerful wireless sniffer that offers excellent passive reconnaissance of wireless networks. It requires a wireless card that supports rfmon (monitor) mode and runs on linux. It is available as a standalone application and is also found on the Backtrack CD compilation. Kismet – [kismetwireless.net] What is Kismet? Kismet is an 802.11 layer2 [...]

Stealth techniques can aid an attacker in a variety of ways: Concealing a presence on a system Concealing command and control channels Concealing information gathering Concealing data exfiltration Stealth techniques are usually used in two primary categories: Root kits Hidden files – this includes both program related files and data files and often an entire [...]

Performing reconnaissance by sniffing packets requires access to the network data stream. In most cases, that implies some form of attacker presence already inside the network perimeter. Given that it is possible to sniff packets, a variety of interesting analysis techniques become possible. Passive target location – packet analysis tools easily collect IP addresses and [...]

Network scanning usually begins with discovering ranges of IP addresses and then specific systems within those ranges. Once the live systems have been located, they are scanned for responding ports and an attempt is made to identify the services running on the ports and the versions of the services. Once this map is filled in, [...]

Going beyond simply reading a web page and extracting helpful information from it, google can be used to find much more information that can aid an attacker. Searching for target information – the attacker often begins by doing simple searches and building some kind of knowledge record or map of what they have learned. This [...]

General reconnaissance includes all the conventional means of collecting information that are not included in the other recon techniques: Public record research – most of this type of research used to be done in a library but now can be done online. Any company that is publicly traded on a stock exchange is required to [...]