This guide is part of the HackerSploit Red Team series of guides. Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to plan and execute Initial Access, to scope and prioritize post-compromise objectives, or to drive and lead further Reconnaissance efforts.
1:21 What is Reconnaissance?
3:34 Mitre Attack Recon Techniques Overview
4:50 Let’s Begin with Passive Reconnaissance
5:22 Using the host command
6:06 Using the nslookup command
6:28 Using the traceroute command
7:20 Using the dnsrecon command Passively
8:42 Using the wafw00f command
9:20 Using the dig command
12:48 Using the WHOIS Utility
13:48 Using Netcraft
16:13 Using DNS Dumpster
17:46 Using whatweb
20:59 Using Browser Addons
23:06 Gathering Employee Information
23:30 Using the Harvester
29:18 Subdomain Enumeration
38:29 Active Intelligence Gathering
38:40 Using dnsrecon Actively
40:57 Brute Forcing Subdomains with Fierce
43:30 Using knockpy
46:19 Using Port Scanning
49:20 Vulnerability Scanning
52:30 Directory Brute Forcing
54:17 Automating these Tests
56:38 Scanning with Sniper (Active)
58:30 Scanning with Sniper (Passively)
1:02:32 Using Amass – Basic Scan
1:08:14 Using Amass – Advanced Scan
1:10:58 Using the viz Subcommand
1:12:30 Viewing Reports
1:15:05 Performing Passive Recon with recon-ng
New to Linode? Get started here with a $100 credit!
Read the doc for more information on Caldera.
Learn more about Hackersploit.
Subscribe to get notified of new episodes as they come out.
#Linode #Security #RedTeam #Hackersploit
Product: Linode, Security, Red Team; Hackersploit;