whois, nslookup, recon-ng are Active or Passive recon? [closed]
Is whois, nslookup, recon-ng a form of Active reconnaissance or Passive reconnaissance?
Continue reading whois, nslookup, recon-ng are Active or Passive recon? [closed]
Category Archives: reconnaissance
How is IP reconaissance different from host names reconaissance?
Lets say the target company says only *.target.com is in scope.
If i’m doing hosntnames recon, then its easy to stay in scope as only subdomains of target.com is in scope e.g dev.target.com, admin.target.com.
But i have heard pentesters ta… Continue reading How is IP reconaissance different from host names reconaissance?
DNS Enumeration by IP Address
I know all baseline steps to do DNS enumeration over a domain. But my questions is: how can I enumerate a server when I do not know which domain it is managing and I only have its IP address?
My scenario: I discovered 2 DNS servers running… Continue reading DNS Enumeration by IP Address
Discover your public cloud exposure with Recon.Cloud
In this video for Help Net Security, Gafnit Amiga, Director of Security Research at Lightspin, talks about the firm’s latest tool: Recon.Cloud. Recon.Cloud is a public and free tool that searches for publicly exposed clouds assets on any domain. … Continue reading Discover your public cloud exposure with Recon.Cloud
Dronut X1 drone keeps its rotors safely inside its body
It was three years ago that we first heard about the Cleo, a robust, donut-shaped prototype drone made by Cleo Robotics. Well, its successor is now commercially available, under the new (and apt) name of the Dronut X1.Continue ReadingCategory: Drones, … Continue reading Dronut X1 drone keeps its rotors safely inside its body
Subdomains resolving to bogon IPs
During experimentation with the gobuster tool, and trying to find the subdomains matches of a domain (let’s call that testdomain.com), I got some strange results and I explain.
The command used was $ gobuster dns -d testdomain.com -w mywor… Continue reading Subdomains resolving to bogon IPs
Is there a term for one specific step at beginning of reconnaissance?
If the hacker decides to attack the system, the first step is reconnaissance.
But if the system the hacker attacks is exotic, sometimes they’d need to develop the tools or "drivers", or modify the existing software/tools for the… Continue reading Is there a term for one specific step at beginning of reconnaissance?
Attackers can teach you to defend your organization against phishing
People click on links and attachments and will, unfortunately, keep clicking even if they should know better. They’ll click for the chance of winning a holiday, or even something as cheap as a $2 cup of coffee. No amount of awareness training is going … Continue reading Attackers can teach you to defend your organization against phishing
Find a userA who has GenericAll rights over the userB using Active Directory Recon [migrated]
Say for example I have user Matt and I want to know if any other users have GenericAll rights on user Matt, What’s the correct command for that
Get-DomainObjectAcl -Identity matt -ResolveGUIDs -Domain testlab.local
The above command doesn… Continue reading Find a userA who has GenericAll rights over the userB using Active Directory Recon [migrated]
Is there a way to construct a network map by listening to traffic on an interface? [closed]
I am trying to create a python script which will passively monitor the packets coming from an interface.
This raspberry pi interface is set to promiscuous mode, which means that it will read all of the packets coming in through the network… Continue reading Is there a way to construct a network map by listening to traffic on an interface? [closed]