Reconnaissance for Ethical Hackers: Focus on the starting point of data breaches and explore essential steps 9781837630639
Use real-world reconnaissance techniques to efficiently gather sensitive information on systems and networks Purchase o
2,089 42 53MB
English Pages 430 Year 2023
Table of contents :
Reconnaissance for Ethical Hackers
Contributors
About the author
About the reviewers
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Disclaimer
Get in touch
Share your thoughts
Download a free PDF copy of this book
Part 1: Reconnaissance and Footprinting
1
Fundamentals of Reconnaissance
What is ethical hacking?
Mindset and skills of ethical hackers
The importance of reconnaissance
Understanding attack surface management
Reconnaissance tactics, techniques, and procedures
Summary
Further reading
2
Setting Up a Reconnaissance Lab
Technical requirements
Lab overview and technologies
Setting up a hypervisor and virtual networking
Part 1 – setting up the hypervisor
Part 2 – creating a virtual network
Deploying Kali Linux
Part 1 – setting up Kali Linux as a virtual machine
Part 2 – getting started with Kali Linux
Part 3 – changing the password and testing connectivity
Deploying an OSINT virtual machine
Part 1 – setting up OSINT VM
Part 2 – getting started and testing connectivity
Implementing vulnerable systems
Setting up a vulnerable web application
Setting up a vulnerable machine
Summary
Further reading
3
Understanding Passive Reconnaissance
Technical requirements
Exploring passive reconnaissance
Understanding footprinting
Fundamentals of OSINT
The OSINT life cycle
Benefits of using OSINT
Concealing your online identity
Fundamentals of sock puppets
Setting up a sock puppet
Anonymizing your network traffic
VPNs
Proxychains
TOR
Summary
Further reading
4
Domain and DNS Intelligence
Technical requirements
Leveraging search engines for OSINT
Google hacking techniques
Domain intelligence
Working with WHOIS databases
Using nslookup for reconnaissance
Discovering sub-domains
Certificate searching
Working with Recon-ng
DNS reconnaissance
Using DNSenum
Working with DNSRecon
Performing DNS zone transfers
Exploring SpiderFoot
Summary
Further reading
5
Organizational Infrastructure Intelligence
Technical requirements
Harvesting data from the internet
Netcraft
Maltego
Discovering exposed systems
Shodan
Censys
Job boards
Collecting social media OSINT
Sherlock
Facebook IDs
Instagram
LinkedIn
Twitter
Summary
Further reading
6
Imagery, People, and Signals Intelligence
Technical requirements
Image and metadata analysis
EXIF data analysis
Reverse image search
Geo-location analysis
People and user intelligence
People and geolocation
User credential OSINT
Wireless signals intelligence
Building a SIGINT infrastructure
Summary
Further reading
Part 2: Scanning and Enumeration
7
Working with Active Reconnaissance
Technical requirements
Active reconnaissance
Spoofing your identity on a network
Discovering live hosts on a network
Performing passive scanning with Netdiscover
Performing a ping sweep
Host discovery with Nmap
Using evasion techniques
Enumerating network services
NetBIOS and SMB enumeration
Wireless reconnaissance
Part 1 – attaching a wireless network adapter
Part 2 – enabling monitor mode
Part 3 – performing wireless reconnaissance
Summary
Further reading
8
Performing Vulnerability Assessments
Technical requirements
The importance of vulnerability management
Vulnerability management life cycle
Working with Nessus
Part 1 – setting up Nessus
Part 2 – scanning using Nessus
Part 3 – vulnerability analysis
Using Greenbone Vulnerability Manager
Part 1 – setting up GVM
Part 2 – scanning with GVM
Part 3 – vulnerability analysis
Vulnerability discovery with Nmap
Summary
Further reading
9
Delving into Website Reconnaissance
Technical requirements
Collecting domain information
Retrieving IP addresses
Identifying domain infrastructure
Identifying web technologies
Sub-domain enumeration
Discovering sub-domains using Sublist3r
Finding sub-domains with theHarvester
Collecting sub-domains using Knockpy
Performing directory enumeration
Using GoBuster to find hidden directories
Directory enumeration with DIRB
Web application vulnerability
Web reconnaissance frameworks
Automating reconnaissance with Sn1per
Using Amass for web reconnaissance
Summary
Further reading
10
Implementing Recon Monitoring and Detection Systems
Technical requirements
Wireshark for ethical hackers
Monitoring and detection systems
Part 1 – setting up the environment
Part 2 – attaching an additional network adapter
Part 3 – installing Security Onion
Part 4 – configuring networking in Security Onion
Part 5 – detecting suspicious activities
Summary
Further reading
Index
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts
Download a free PDF copy of this book
