1st Phase of Hacking
1st Phase Of Hacking : Reconnaissance
Totally there are 5 phases in hacking
In this blog I explain all about this 1st phase of hacking
Reconnaissance is an important tool for penetration testing and the beginning point of many data breaches. The process involves gathering information about the target system, that could be used to find flaws and vulnerabilities.
In the reconnaissance stage, attackers act like detectives, gathering information to truly understand their target. The detail is everything! From examining email lists to open source information, their goal is to know the network better than the people who run and maintain it. They hone in on the security aspect of the technology, study the weaknesses, and use any vulnerability to their advantage.
Reconnaissance can be divided into two phases:
1.Passive reconnaissance.
2.Active reconnaissance.
Passive reconnaissance
In this phase a pentester tries to gather information about the target, through publicly available sources, one such source is Open-source intelligence also know as (OSINT). There are many other sources like Shodan which are very powerful tools when it comes to passive reconnaissance.
Active reconnaissance
In this process, you will directly interact with the computer system to gain information. This information can be relevant and accurate. But there is a risk of getting detected if you are planning active reconnaissance without permission. If you are detected, then the system admin can take severe action against you and trail your subsequent activities.
Footprinting, Scanning, and Enumeration
The process of reconnaissance can be carried out by Footprinting, Scanning, and Enumeration. These three are the subprocess of reconnaissance which helps us to gather effective information from the host or the target.
Footprinting is the process of collecting as much information as possible about a target network, for finding various ways to intrude into an organization’s network system. Once you methodologically begin the footprinting process, you will obtain the blueprint of the security profile of the target organization. The term “blueprint” is used here because the result gathered at the end refers to the unique system profile of the target organization.
Footprinting is done to:
- Reduce the area of attack
- Know the Security Posture
- Build an information database
- Draw Network Maps
Why do we actually do in Footprinting??
- Check the type of OS the target is running on.
- Find the network posture and information about the target.
- Perform DNS techniques such as whois, DNS, Network and Organizational queries I think Now you Got hacking 1st phase Explanation.
No comments: