Recon (Reconnaissance)


General recon

General reconnaissance includes all the conventional means of collecting information that are not included in the other recon techniques: Public record research – most of this type of research used to be done in a library but now can be done online. Any company that is publicly traded on a stock exchange is required to […]

Google recon

Going beyond simply reading a web page and extracting helpful information from it, google can be used to find much more information that can aid an attacker. Searching for target information – the attacker often begins by doing simple searches and building some kind of knowledge record or map of what they have learned. This […]

Network scanning recon

Network scanning usually begins with discovering ranges of IP addresses and then specific systems within those ranges. Once the live systems have been located, they are scanned for responding ports and an attempt is made to identify the services running on the ports and the versions of the services. Once this map is filled in, […]

Sniffing recon

Performing reconnaissance by sniffing packets requires access to the network data stream. In most cases, that implies some form of attacker presence already inside the network perimeter. Given that it is possible to sniff packets, a variety of interesting analysis techniques become possible. Passive target location – packet analysis tools easily collect IP addresses and […]

Operations Security = OPSEC

Operations Security or OPSEC is about identifying critical information that can be used against you by an opponent and minimizing access to that information. This is a sub process of risk assessment and follows the same basic process flow: Characterization and scope determination Assessment of threats Assessment of vulnerabilities Likelihood and impact analysis Determine risk […]

New OPSEC Controls in 800-53 rev4

NIST SP 800-53 includes the catalog of security controls that form the core of the “security bible” that is required guidance for federal agencies. NIST periodically reviews the list of controls and updates them. They are currently in the process of taking public comments on the latest revision (rev4) before they go “final”. Included in […]

Shodan – Hackers Search Engine

Shodan is a hackers search engine that can help you find any device connected to the internet. Shodan: Search Engine for Hackers – [] Shodan has been getting a lot of publicity lately as a “scary” search engine that can be used to facilitate hacking. Annie explains how the site works, and talks with Shodan […]