This analysis determines whether the platoon uses single or multiple elements to conduct the reconnaissance, whether it pertains to area, zone, or route reconnaissance, the following techniques may be used as long as the fundamentals of reconnaissance are applied.
Comments are closed Introduction Recently, while watching the House Committee hearings on the security of Healthcare. To the contrary, passive recon can be one of the most useful and unobtrusive methods of Perform reconnaissance gathering for any penetration test or security assessment.
In this post I outline what passive reconnaissance entails and the various techniques one can use. What is passive reconnaissance? Sometimes referred to as Open Source Intelligence OSINT or Perform reconnaissance Information Gathering, the idea behind passive reconnaissance is to gather information about a target using only publicly available resources.
Passive Information Gathering is generally only useful if there is a very clear requirement that the information gathering activities never be detected by the target. This means we can only use and gather archived or stored information.
As such this information can be out of date or incorrect as we are limited to results gathered from a third party. The goal for semi-passive information gathering is to profile the target with methods that would appear like normal Internet traffic and behavior.
The key here is not to draw attention to our activities. Keep in mind that for the purposes of my demonstration, even those activities that might be considered semi-passive do not stray outside the bounds of navigating a site in the manner that was intended. Browsing web pages, reviewing available content, downloading posted documents or reviewing any other information that has been posted to the public domain would all be considered in-scope.
It does not involve actions such as sending crafted payloads to test input validation filters, port scanning, vulnerability scanning, or other similar activities which would fall under the definition of active reconnaissance.
If you believe your information gathering activities might be considered active reconnaissance you must ensure they are within the scope of your assessment rules of engagement.
Should you have access to the internal network, other tools and techniques including direct observation, and passive OS fingerprinting using tools such as P0f and even dumpster diving are sometimes also considered passive reconnaissance.
For the purposes of this tutorial, I will only demo activities that can be undertaken external to the target organization. Again, any discovered vulnerabilities are already in the pubic domain for anyone to see, but I still felt an obligation as a security professional to have them remediated when possible.
|Reconnaissance Training Company||WonderHowTo Welcome back, my fledgling hackers! One of the first issues any hacker has to address is reconnaissance.|
|Fundamentals of Security||The IBCT Reconnaissance Squadron is composed of a headquarters and headquarters troop HHTtwo motorized mounted recon troops, a dismounted recon troop, and a forward support company.|
|Passive Reconnaissance - Security SiftSecurity Sift||Route reconnaissance is a form of reconnaissance that focuses along a specific line of communication, such as a road, railway, or cross-country mobility corridor. It provides new or updated information on route conditions, such as obstacles and bridge classifications, and enemy and civilian activity along the route.|
Once again, none of these techniques involve maliciously scanning or probing a given website. All of this information has been gathered from the public domain using techniques and tools readily available to anyone. Any active reconnaissance or testing activities should only be conducted within the scope of sanctioned penetration tests or security assessments.
References This tutorial certainly will not be all-inclusive.
In addition, here are some other resources you might find useful: A good reference outlining the steps involved in passive reconnaissance ShackF Google Hacking For Penetration Testers: This book by Johnny Long is the original reference on Google hacking techniques.
Started by Johnny Long and now maintained by Offensive Security on the exploit-db site, this is the definitive resource for Google hacks.
A must-have for anyone looking to learn about Web Application Security. Silence on the Wire: A great read if you want to go beyond the web-based passive recon techniques discussed here.
Lab Assessment Questions & Answers 1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually. Reconnaissance operations over extended distances and time may require pacing reconnaissance assets to maintain the effort, or rotating units to maintain continuous coverage. Perform Reconnaissance & Gather Intelligence / Rod Pinkston The purpose or objective of performing reconnaissance (recon) and gathering intelligence (intel) is to document exact feral pig populations, pattern their travel, understand their behavior and select the most strategic bait site.
Here are the primary tasks that I will demonstrate:Reconnaissance operations over extended distances and time may require pacing reconnaissance assets to maintain the effort, or rotating units to maintain continuous coverage. Reconnaissance is a mission to obtain information by visual observation or other detection methods, about the activities and resources of an enemy or potential enemy, or about the meteorologic, hydrographic, or geographic characteristics of a particular area.
The squads perform reconnaissance and security missions as directed by the platoon headquarters.
Squads also assist in tactical control and coordination. MISSION The reconnaissance platoon is organized, equipped, and trained to con-duct reconnaissance and . More importantly, if you are responsible for securing your organization’s public Internet presence, be sure to perform passive reconnaissance against your own sites!
If you found this post useful or if you think I omitted any key techniques or uses for passive recon, don’t hesitate to let me know in the comments section or on Twitter!. Lab Assessment Questions & Answers 1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually.
ART Conduct Quartering Party Activities Secure, reconnoiter, and organize an area for the main body’s arrival 04 Yes/No Quartering party conducted an area reconnaissance of the designated assembly area per environmental considerations.
Perform Quartering Party Activities 63 - Multifunctional Logistics (Collective) Company