search

Ethical Hacking Stages

  1. Information Gathering (Reconnaissance)

    1. Active

    2. Passive

  2. Scanning and Enumeration

    1. NMAP

    2. Nessus

    3. Nikto

  3. Gaining Access

  4. Maintaining Access

  5. Covering Tracks

hashtag
Information Gathering

hashtag
Passive Recon

hashtag
Types of passive recon

  1. Physical/Social

    1. Location Information

      1. satellite images

      2. drone recon

      3. building layout (badge reader, break areas, security, fencing)

    2. Job information

      1. Employees

        1. name

        2. job title

        3. phone number

        4. managers etc.

      2. Pictures

        1. badge photos

        2. desk photos

        3. computer photos etc

  2. Web/Host

    1. Target Validation

      1. WHOIS

      2. nslookup

      3. dnsrecon

    2. Finding Subdomains

      1. Google fu

      2. dig

      3. nmap

      4. sublist3r

      5. bluto

      6. crt.sh

    3. Fingerprinting

      1. nmap

      2. wappalyzer

      3. whatweb

      4. builtwith

      5. netcat

    4. Data breaches

      1. HavelBeenPwned

      2. BreachParse

      3. WeLeakInfo

  3. dd

hashtag
Identifying target

Logo#1 Crowdsourced Cybersecurity Platform | BugcrowdBugcrowdchevron-right

Bugcrowd> programs> Tesla

hashtag
Email Gathering

LogoFind email addresses and send cold emails β€’ HunterHunterchevron-right

common patterns of email addressees

hashtag
Gathering Breached credentials

Logohmaverickadams - OverviewGitHubchevron-right

PreviousNIST SP 800-82NextCybersecurity Kill Chain

Last updated