WEBVTT

0
00:01.490 --> 00:08.770
Reconnaissance is one of the most important preparatory steps to hacking.  In order to attack a system or 

1
00:08.800 --> 00:09.830
or a service

2
00:09.840 --> 00:16.750
a hacker must know the operating system, the open ports or the service and the application versions 

3
00:16.960 --> 00:19.220
that are running on the target host.

4
00:19.570 --> 00:27.670
This is in most cases the first phase of an attack.  Reconnaissance is important for both white and

5
00:27.670 --> 00:29.600
black hat hackers.

6
00:29.620 --> 00:38.200
Ethical hackers use reconnaissance techniques to find and then patch vulnerabilities on their own networks

7
00:38.500 --> 00:39.710
or the networks

8
00:39.760 --> 00:47.920
they audit while black hat hackers use reconnaissance to discover the vulnerabilities of the target

9
00:48.190 --> 00:52.420
that later will be exploited. In the reconnaissance

10
00:52.450 --> 01:01.090
stage attackers act like detectives gathering information to deeply understand their targets. Every single

11
01:01.090 --> 01:08.740
detail counts and the goal is to know the network better than the people who run and maintain it.

12
01:08.740 --> 01:16.300
There are two types of reconnaissance: a passive and an active one. Passive reconnaissance means gathering 

13
01:16.510 --> 01:21.790
information about the target without sending any packet to it.

14
01:21.970 --> 01:25.730
You do not interact with the target system in any way.

15
01:25.840 --> 01:33.160
Most of the time this is done through publicly available sources such as Open Source Intelligence also

16
01:33.160 --> 01:42.240
known as OSINT, Google dorks,  Shodan searchers and many more. We'll dive deep into Google dorks and

17
01:42.240 --> 01:45.250
Shodan searchers in the next lectures.

18
01:45.250 --> 01:47.800
This is for example a Google Dork

19
01:52.780 --> 01:53.370
and

20
01:53.470 --> 02:05.920
this is a showdown search that displays a Apache Tomcat results from Sydney, Australia.

21
02:06.130 --> 02:12.580
On the other hand, in the process of active reconnaissance  the heck out it will directly interact

22
02:12.820 --> 02:20.470
with the target host or network to gain information which in most cases is more relevant and accurate

23
02:20.680 --> 02:23.530
than in the case of passive reconnaissance.

24
02:24.680 --> 02:31.640
Note that there is a risk of getting detected if you are planning active reconnaissance without permission

25
02:31.940 --> 02:36.890
and depending on what you do it can be legal in some countries.

26
02:36.890 --> 02:44.850
My advice is to never scan networks without permission. The process of reconnaissance is carried out

27
02:44.880 --> 02:48.810
by Footprinting, Scanning, and Enumeration

28
02:48.810 --> 02:55.830
These three are the subprocesses of reconnaissance and help hackers to build a complete view of the

29
02:55.830 --> 03:03.810
targets. There are a number of tools that are used for reconnaissance and scanning such as hping, 

30
03:04.200 --> 03:06.390
arp-scan or netdiscover,

31
03:09.120 --> 03:13.100
but nmap is the standard when it comes to scanning.

32
03:15.840 --> 03:19.050
I strongly recommend you to master n map

33
03:19.050 --> 03:22.820
if you want to be an effective ethical hacker.

34
03:22.890 --> 03:26.390
We'll get more into these tools in the next lectures.