SlideShare une entreprise Scribd logo

Reconnaissance

Télécharger en tant que PPTX, PDF
n|u - The Open Security Community
n|u - The Open Security Community

Reconnaissance

Formation
1  sur  15
Reconnaissance Overview
What is Reconnaissance? • A Recon is an important step in exploring an area to steal confidential information. It also plays a key role in penetration testing. • A proper recon would provide detailed information and open doors to attackers for scanning and attacking all the way. By using a recon, an attacker can directly interact with potential open ports, services running and underlying applications etc. or attempt to gain information without actively engaging with the network. • It can provide all the critical information, which helps gain access to the networks beyond the internet. In short, a recon is an endless treasure of information prone to attack.
Why Reconnaissance..? Penetration testing -You get a loose scope for your assessment. Your first goal should be to find what machines and services do your target expose properly. Bug bounty hunting -The same as one above. Some bug bounty programs don't explicitly list all targets (usually domains). You often need to do it yourself. • Seeing what is on the "other side of the hill" is crucial to decide what type of attack to launch. • Generally, goals of reconnaissance on a target network are to discover: - IP addresses of hosts - Accessible ports (Open ports and underlying applications) - OS type and other Assets(subdomains info, vulnerable components)
Types of Reconnaissance: • Active Reconnaissance Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities. • Passive Reconnaissance Passive reconnaissance is an attempt to gain information about targeted computers and networks without actively engaging with the systems.
Reconnaissance Techniques and Various Tools(Scripts): • Information gathering - Whois Information(http://whois.domaintools.com/) - IP range(https://bgp.he.net/dns/hackerone.com#_ipinfo) - Subdomains - S3 Buckets - Dir info - Social accounts, OSINT etc.(https://osintframework.com/) - Component information(https://www.wappalyzer.com/)
Subdomains Enumeration:
S3 Buckets and Directory Enumeration
Github For Recon: • Github is extremely helpful in finding Sensitive information regarding the targets. Access-keys, password, open endings, s3 buckets, backup files, etc. can be found on public GitHub repositories.
Manual Github Recon:
JS files and web archive For Recon: • AWS or Other services Access keys • AWS S3 buckets or other data storage buckets with read/write permissions. • Open backup sql database endpoints • Open endpoints of internal services. • API info • default username,password,keys etc.
Visual recon and OSINT:
Burp Suite Plugins and other Tools: • Waybackmachine • ParamSpider https://github.com/devanshbatham/ParamSpider • Arjun https://github.com/s0md3v/Arjun • Burp Bounty https://github.com/wagiro/BurpBounty Source of Presentation: Google and other sites.
Thank You Any Questions??
Whoami • Ashish Patel - Keen To learn about Technology - EX-EY Cyber security consultant - Currently working for 1 of Dubai based MNC (security consultant) - Part time bug hunter ;) Keep In Touch  Facebook: https://www.facebook.com/Patel.ashish874 Linkdin: https://www.linkedin.com/in/patelashish874/ Email: patel.ashish874@gmail.com

Recommandé

Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
Leon Teale
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
maroti164
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
Dmz
Dmz Dmz
Dmz
أحلام انصارى
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
Network Security
Network SecurityNetwork Security
Network Security
MAJU
 

Recommandé

Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
Leon Teale
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
maroti164
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
Dmz
Dmz Dmz
Dmz
أحلام انصارى
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
Network Security
Network SecurityNetwork Security
Network Security
MAJU
 
Cyber security
Cyber securityCyber security
Cyber security
Dr. Kishor Nikam
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijacking
leminhvuong
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
amiable_indian
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
Vivek Chauhan
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
Q Fadlan
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Boston Institute of Analytics
 

Contenu connexe

Tendances

Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijacking
leminhvuong
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 

Tendances (20)

Cyber security
Cyber securityCyber security
Cyber security
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijacking
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 

Similaire à Reconnaissance

Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Boston Institute of Analytics
 
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Boston Institute of Analytics
 
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...
Boston Institute of Analytics
 

Similaire à Reconnaissance (20)

Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
 
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...
 
Introduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf fileIntroduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf file
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Ethical hacking presentation.pptx
Ethical hacking presentation.pptxEthical hacking presentation.pptx
Ethical hacking presentation.pptx
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testing
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
 
Session Slide
Session SlideSession Slide
Session Slide
 
Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria GrunickHacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunick
 
Owasp modern information gathering
Owasp modern information gatheringOwasp modern information gathering
Owasp modern information gathering
 
M1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdfM1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdf
 
Ethical hacking at warp speed
Ethical hacking at warp speedEthical hacking at warp speed
Ethical hacking at warp speed
 

Plus de n|u - The Open Security Community

Plus de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Dernier

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
MateoGardella
 

Dernier (20)

How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 

Reconnaissance

  • 2. What is Reconnaissance? • A Recon is an important step in exploring an area to steal confidential information. It also plays a key role in penetration testing. • A proper recon would provide detailed information and open doors to attackers for scanning and attacking all the way. By using a recon, an attacker can directly interact with potential open ports, services running and underlying applications etc. or attempt to gain information without actively engaging with the network. • It can provide all the critical information, which helps gain access to the networks beyond the internet. In short, a recon is an endless treasure of information prone to attack.
  • 3. Why Reconnaissance..? Penetration testing -You get a loose scope for your assessment. Your first goal should be to find what machines and services do your target expose properly. Bug bounty hunting -The same as one above. Some bug bounty programs don't explicitly list all targets (usually domains). You often need to do it yourself. • Seeing what is on the "other side of the hill" is crucial to decide what type of attack to launch. • Generally, goals of reconnaissance on a target network are to discover: - IP addresses of hosts - Accessible ports (Open ports and underlying applications) - OS type and other Assets(subdomains info, vulnerable components)
  • 4. Types of Reconnaissance: • Active Reconnaissance Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities. • Passive Reconnaissance Passive reconnaissance is an attempt to gain information about targeted computers and networks without actively engaging with the systems.
  • 5. Reconnaissance Techniques and Various Tools(Scripts): • Information gathering - Whois Information(http://whois.domaintools.com/) - IP range(https://bgp.he.net/dns/hackerone.com#_ipinfo) - Subdomains - S3 Buckets - Dir info - Social accounts, OSINT etc.(https://osintframework.com/) - Component information(https://www.wappalyzer.com/)
  • 8. Github For Recon: • Github is extremely helpful in finding Sensitive information regarding the targets. Access-keys, password, open endings, s3 buckets, backup files, etc. can be found on public GitHub repositories.
  • 10.
  • 11. JS files and web archive For Recon: • AWS or Other services Access keys • AWS S3 buckets or other data storage buckets with read/write permissions. • Open backup sql database endpoints • Open endpoints of internal services. • API info • default username,password,keys etc.
  • 13. Burp Suite Plugins and other Tools: • Waybackmachine • ParamSpider https://github.com/devanshbatham/ParamSpider • Arjun https://github.com/s0md3v/Arjun • Burp Bounty https://github.com/wagiro/BurpBounty Source of Presentation: Google and other sites.
  • 15. Whoami • Ashish Patel - Keen To learn about Technology - EX-EY Cyber security consultant - Currently working for 1 of Dubai based MNC (security consultant) - Part time bug hunter ;) Keep In Touch  Facebook: https://www.facebook.com/Patel.ashish874 Linkdin: https://www.linkedin.com/in/patelashish874/ Email: patel.ashish874@gmail.com