Use real-world reconnaissance techniques to efficiently gather sensitive information on systems and networks
Purchase of the print or Kindle book includes a free PDF eBook
Key Features
Learn how adversaries use reconnaissance techniques to discover security vulnerabilities on systems
Develop advanced open source intelligence capabilities to find sensitive information
Explore automated reconnaissance and vulnerability assessment tools to profile systems and networks
Book Description
This book explores reconnaissance techniques – the first step in discovering security vulnerabilities and exposed network infrastructure. It aids ethical hackers in understanding adversaries' methods of identifying and mapping attack surfaces, such as network entry points, which enables them to exploit the target and steal confidential information.
Reconnaissance for Ethical Hackers helps you get a comprehensive understanding of how threat actors are able to successfully leverage the information collected during the reconnaissance phase to scan and enumerate the network, collect information, and pose various security threats. This book helps you stay one step ahead in knowing how adversaries use tactics, techniques, and procedures (TTPs) to successfully gain information about their targets, while you develop a solid foundation on information gathering strategies as a cybersecurity professional. The concluding chapters will assist you in developing the skills and techniques used by real adversaries to identify vulnerable points of entry into an organization and mitigate reconnaissance-based attacks.
By the end of this book, you'll have gained a solid understanding of reconnaissance, as well as learned how to secure yourself and your organization without causing significant disruption.
What you will learn
Understand the tactics, techniques, and procedures of reconnaissance
Grasp the importance of attack surface management for organizations
Find out how to conceal your identity online as an ethical hacker
Explore advanced open source intelligence (OSINT) techniques
Perform active reconnaissance to discover live hosts and exposed ports
Use automated tools to perform vulnerability assessments on systems
Discover how to efficiently perform reconnaissance on web applications
Implement open source threat detection and monitoring tools
Who this book is for
If you are an ethical hacker, a penetration tester, red teamer, or any cybersecurity professional looking to understand the impact of reconnaissance-based attacks, how they take place, and what organizations can do to protect against them, then this book is for you. Cybersecurity professionals will find this book useful in determining the attack surface of their organizations and assets on their network, while understanding the behavior of adversaries.
Author(s): Glen D. Singh
Publisher: Packt Publishing Limited
Year: 2023
Language: English
Pages: 430
Reconnaissance for Ethical Hackers
Contributors
About the author
About the reviewers
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Disclaimer
Get in touch
Share your thoughts
Download a free PDF copy of this book
Part 1: Reconnaissance and Footprinting
1
Fundamentals of Reconnaissance
What is ethical hacking?
Mindset and skills of ethical hackers
The importance of reconnaissance
Understanding attack surface management
Reconnaissance tactics, techniques, and procedures
Summary
Further reading
2
Setting Up a Reconnaissance Lab
Technical requirements
Lab overview and technologies
Setting up a hypervisor and virtual networking
Part 1 – setting up the hypervisor
Part 2 – creating a virtual network
Deploying Kali Linux
Part 1 – setting up Kali Linux as a virtual machine
Part 2 – getting started with Kali Linux
Part 3 – changing the password and testing connectivity
Deploying an OSINT virtual machine
Part 1 – setting up OSINT VM
Part 2 – getting started and testing connectivity
Implementing vulnerable systems
Setting up a vulnerable web application
Setting up a vulnerable machine
Summary
Further reading
3
Understanding Passive Reconnaissance
Technical requirements
Exploring passive reconnaissance
Understanding footprinting
Fundamentals of OSINT
The OSINT life cycle
Benefits of using OSINT
Concealing your online identity
Fundamentals of sock puppets
Setting up a sock puppet
Anonymizing your network traffic
VPNs
Proxychains
TOR
Summary
Further reading
4
Domain and DNS Intelligence
Technical requirements
Leveraging search engines for OSINT
Google hacking techniques
Domain intelligence
Working with WHOIS databases
Using nslookup for reconnaissance
Discovering sub-domains
Certificate searching
Working with Recon-ng
DNS reconnaissance
Using DNSenum
Working with DNSRecon
Performing DNS zone transfers
Exploring SpiderFoot
Summary
Further reading
5
Organizational Infrastructure Intelligence
Technical requirements
Harvesting data from the internet
Netcraft
Maltego
Discovering exposed systems
Shodan
Censys
Job boards
Collecting social media OSINT
Sherlock
Facebook IDs
Instagram
LinkedIn
Twitter
Summary
Further reading
6
Imagery, People, and Signals Intelligence
Technical requirements
Image and metadata analysis
EXIF data analysis
Reverse image search
Geo-location analysis
People and user intelligence
People and geolocation
User credential OSINT
Wireless signals intelligence
Building a SIGINT infrastructure
Summary
Further reading
Part 2: Scanning and Enumeration
7
Working with Active Reconnaissance
Technical requirements
Active reconnaissance
Spoofing your identity on a network
Discovering live hosts on a network
Performing passive scanning with Netdiscover
Performing a ping sweep
Host discovery with Nmap
Using evasion techniques
Enumerating network services
NetBIOS and SMB enumeration
Wireless reconnaissance
Part 1 – attaching a wireless network adapter
Part 2 – enabling monitor mode
Part 3 – performing wireless reconnaissance
Summary
Further reading
8
Performing Vulnerability Assessments
Technical requirements
The importance of vulnerability management
Vulnerability management life cycle
Working with Nessus
Part 1 – setting up Nessus
Part 2 – scanning using Nessus
Part 3 – vulnerability analysis
Using Greenbone Vulnerability Manager
Part 1 – setting up GVM
Part 2 – scanning with GVM
Part 3 – vulnerability analysis
Vulnerability discovery with Nmap
Summary
Further reading
9
Delving into Website Reconnaissance
Technical requirements
Collecting domain information
Retrieving IP addresses
Identifying domain infrastructure
Identifying web technologies
Sub-domain enumeration
Discovering sub-domains using Sublist3r
Finding sub-domains with theHarvester
Collecting sub-domains using Knockpy
Performing directory enumeration
Using GoBuster to find hidden directories
Directory enumeration with DIRB
Web application vulnerability
Web reconnaissance frameworks
Automating reconnaissance with Sn1per
Using Amass for web reconnaissance
Summary
Further reading
10
Implementing Recon Monitoring and Detection Systems
Technical requirements
Wireshark for ethical hackers
Monitoring and detection systems
Part 1 – setting up the environment
Part 2 – attaching an additional network adapter
Part 3 – installing Security Onion
Part 4 – configuring networking in Security Onion
Part 5 – detecting suspicious activities
Summary
Further reading
Index
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts
Download a free PDF copy of this book
