📉
Cybersec mit Shahid
  • Linux
    • Linux Basic to Advanced
    • Linux Hardening
      • Labs
        • Linux Hardening Labs - Making the /boot Volume Read-only
    • Linux Fundamentals
    • User Management
    • Linux PrivEsc
    • Package Management
    • Advanced Linux Programming
    • Linux Command Line Tools
    • Search
    • Ports
    • Troubleshooting
      • How to Fix sub-process /usr/bin/dpkg returned an error code (1) in Ubuntu
  • Windows
    • Windows Hardening
    • Windows Command Line Tools
    • System Hardening
    • Windows Server Update Services (WSUS)
    • Windows Commands
    • Harden Windows Hosts
  • ISO 27001
  • NIST
    • NIST SP 800-82
  • Ethical Hacking Stages
    • Cybersecurity Kill Chain
      • Labs
        • Linux Attack and Response Lab
        • Implementing a network policy server
        • Network Vulnerabilities
        • Analyze Malicious Activity in Memory Using Volatility
        • Scanning and Remediating Vulnerabilities with OpenVAS
        • Install and Configure Network Load Balancing
    • OSINT (Open Source Intelligence)
      • Sock Puppets
      • Google Dorking
      • Social Media OSINT
      • OSINT Advanced
    • Web Hacking Fundamentals
      • OWASP Top 10
        • Pickle Rick (Tryhackme)
        • Injection
        • Broken Authentication
    • Red Team and Blue Team
    • Walkthrough: Luanne
      • Archetype
    • MITRE ATT&CK Framework
      • SSH Authorized Keys
  • CompTIA Security+
    • Threats, Attacks and Vulnerabilities
    • Technologies and Tools
    • Architecture and Design
    • Identity and Access Management
      • Labs
    • Risk Management
      • Policies-Personnel
      • Business Impact Analysis
      • Risk Assessments
      • Incident Response
      • Forensics
      • Controls
      • Data Privacy
    • Cryptography and PKI
      • Cryptographic Hardware
  • Tools
    • NMAP
    • netcat
    • Nessus
    • Wireshark
    • Metasploit
    • Burpsuites
    • Splunk
    • PRTG
  • Ransomeware for Financial Gain
    • Spearphishing
      • Untitled
  • HTB
  • Personal Spaces
  • Python
    • Requests: HTTP
    • Python Advanced Topics
    • Python and Networking
    • Python Coverage
  • CySe Python Projects
    • DDOS Tool
    • Zip Cracker
    • Clipboard Copy
    • Keylogger
    • Port Scanner
    • Location Tracker
    • Replicating Virus
    • WiFi Extractor
    • NFC Cracker
  • Docker
    • Installing Docker and Docker Compose on Raspberry Pi
  • Docker Compose
  • Git
  • IoT Security
  • CPP
  • Networking
    • How exactly security key work and how their improvement over an OTP solution?
    • Securing Network Traffic
    • Network Scanning Python
  • Networking and Security Architecture with VMware NSX
  • Important Links
  • Security Certification
  • Notes
  • Group 1
    • Google Cloud Platform
Powered by GitBook
On this page
  • Information Gathering
  • Passive Recon
  • Identifying target

Was this helpful?

Ethical Hacking Stages

  1. Information Gathering (Reconnaissance)

    1. Active

    2. Passive

  2. Scanning and Enumeration

    1. NMAP

    2. Nessus

    3. Nikto

  3. Gaining Access

  4. Maintaining Access

  5. Covering Tracks

Information Gathering

Passive Recon

Types of passive recon

  1. Physical/Social

    1. Location Information

      1. satellite images

      2. drone recon

      3. building layout (badge reader, break areas, security, fencing)

    2. Job information

      1. Employees

        1. name

        2. job title

        3. phone number

        4. managers etc.

      2. Pictures

        1. badge photos

        2. desk photos

        3. computer photos etc

  2. Web/Host

    1. Target Validation

      1. WHOIS

      2. nslookup

      3. dnsrecon

    2. Finding Subdomains

      1. Google fu

      2. dig

      3. nmap

      4. sublist3r

      5. bluto

      6. crt.sh

    3. Fingerprinting

      1. nmap

      2. wappalyzer

      3. whatweb

      4. builtwith

      5. netcat

    4. Data breaches

      1. HavelBeenPwned

      2. BreachParse

      3. WeLeakInfo

  3. dd

Identifying target

Bugcrowd> programs> Tesla

Email Gathering

common patterns of email addressees

Gathering Breached credentials

PreviousNIST SP 800-82NextCybersecurity Kill Chain

Last updated 3 years ago

Was this helpful?

LogoFind email addresses in seconds • Hunter (Email Hunter)Hunter
https://bugcrowd.combugcrowd.com
Logohmaverickadams - OverviewGitHub