This course teaches techniques for Red Team reconnaissance, focusing on gathering information to support targeting. Students will learn passive and active reconnaissance methods, including using commands like host, nslookup, and traceroute, as well as tools like Amass and recon-ng. The course aims to enhance skills in reconnaissance, intelligence gathering, and vulnerability scanning. The intended audience includes cybersecurity professionals, ethical hackers, and individuals interested in offensive security tactics.
Overview
Syllabus
Introduction
What is Reconnaissance?
Mitre Attack Recon Techniques Overview
Let’s Begin with Passive Reconnaissance
Using the host command
Using the nslookup command
Using the traceroute command
Using the dnsrecon command Passively
Using the wafw00f command
Using the dig command
Using the WHOIS Utility
Using Netcraft
Using DNS Dumpster
Using whatweb
Using Browser Addons
Gathering Employee Information
Using the Harvester
Subdomain Enumeration
Active Intelligence Gathering
Using dnsrecon Actively
Brute Forcing Subdomains with Fierce
Using knockpy
Using Port Scanning
Vulnerability Scanning
Directory Brute Forcing
Automating these Tests
Scanning with Sniper Active
Scanning with Sniper Passively
Using Amass - Basic Scan
Using Amass - Advanced Scan
Using the viz Subcommand
Viewing Reports
Performing Passive Recon with recon-ng
Conclusion
Taught by
Linode
