Recon 101

When planning an offensive or red team engagement, the first step you will want to perform as an attacker is reconnaissance. Understanding how to find information and what sources will provide you with the most useful information is key to the recon phase. Performing the reconnaissance phase sets you, an offensive team member, up for success by providing information vital for both the scanning/enumeration phase and the exploitation phase of an engagement. This lab will teach the basics of how to utilize search engines and DNS to gather information about a target. Additionally, this lab discusses information that can be gathered from public registry databases such as whois.

Target Audience: The target audience for this course is offensive team members learning the basics of performing recon for an engagement.

Course Level: Beginner

Prerequisites: Linux command line

Course Goals: By the end of this course, learners should be able to:

• Understand types of information that can be gathered from social media
• Understand types of information that can be gathered from whois
• Utilize Google Dorking to perform targeted searches
• Perform a DNS zone transfer to gather domain information
• Understand how to mitigate the risk of a domain zone transfer

Labs Used: dns

• Introduction
• Introduction
• Google Dorking
• Dorking Basics
• theHarvester
• DNS Zone Transfer
• Introduction to DNS Zone Transfer
• Identification/Exploitation
• Mitigation