1
00:00:00,150 --> 00:00:07,530
Welcome to Section seven and this section, we're going to cover passive and active reconnaissance now,

2
00:00:07,530 --> 00:00:08,450
reconnaissance.

3
00:00:08,460 --> 00:00:15,690
This is a term from the military and the reason why the cybersecurity industry has essentially utilized

4
00:00:15,690 --> 00:00:22,440
this same type of term to essentially gather information is because on the cybersecurity field, in

5
00:00:22,440 --> 00:00:26,400
the cybersecurity fence, you can really think about it as like a military force.

6
00:00:26,400 --> 00:00:31,440
Right, because we are defending essentially different property, different networks.

7
00:00:31,440 --> 00:00:31,770
Right.

8
00:00:32,220 --> 00:00:33,720
And it's all cyber based.

9
00:00:33,720 --> 00:00:38,270
However, we're still that security shield, right.

10
00:00:38,280 --> 00:00:40,410
We are blocking attacks.

11
00:00:40,410 --> 00:00:41,370
We're on the offense.

12
00:00:41,370 --> 00:00:42,150
We're on the defense.

13
00:00:42,160 --> 00:00:46,730
So that's where the term reconnaissance comes from, right.

14
00:00:46,830 --> 00:00:52,680
The military background and where essentially it needs to gather information.

15
00:00:52,680 --> 00:00:56,660
And we're going to talk about the reconnaissance here and a lot more depth.

16
00:00:56,820 --> 00:00:59,760
And let's go ahead and go over the section overviews.

17
00:00:59,880 --> 00:01:06,420
We're going to go over how exactly we're going to use active and passive reconnaissance, what exactly

18
00:01:06,420 --> 00:01:07,800
both of those terms mean.

19
00:01:08,040 --> 00:01:13,890
And then we're going to go over the tools that you can use for passive reconnaissance and the tools

20
00:01:13,890 --> 00:01:16,530
that you can use for active reconnaissance.

21
00:01:16,530 --> 00:01:22,380
And just like I mentioned, reconnaissance is really just a big term for gathering information.

22
00:01:22,380 --> 00:01:27,660
And so we're going to go over several tools, several methods, several different ways that you can

23
00:01:27,660 --> 00:01:35,280
actually gather information by connecting to a network or remotely through, you know, not being connected

24
00:01:35,280 --> 00:01:36,390
to a specific network.

25
00:01:36,390 --> 00:01:43,410
So both of those are actually going to play into what type of strategy that you use, whether you have

26
00:01:43,410 --> 00:01:48,990
access to a network, you can connect to it or you're, you know, on the other side of the world and

27
00:01:48,990 --> 00:01:50,940
you're looking to connect it to a certain network.

28
00:01:51,060 --> 00:01:57,000
Let's look at exactly what reconnaissance is as far as the information gathering.

29
00:01:57,000 --> 00:01:59,670
And really at a very simple level here.

30
00:01:59,670 --> 00:02:04,410
Like I mentioned, information gathering is what really reconnaissance is.

31
00:02:04,440 --> 00:02:11,970
It's a set of processes, techniques, procedures that are used to discover, gather, collect information

32
00:02:11,970 --> 00:02:13,080
about a target system.

33
00:02:13,170 --> 00:02:13,560
Right.

34
00:02:13,590 --> 00:02:20,070
And so during a reconnaissance and ethical hacker attempts to gather as much information as possible

35
00:02:20,070 --> 00:02:23,820
about a target system following these seven steps listed below.

36
00:02:23,850 --> 00:02:30,540
So no one gather initial information data collection by, you know, utilizing several different techniques,

37
00:02:30,540 --> 00:02:37,260
different methods and different tools and then determine the network range and then identify active

38
00:02:37,260 --> 00:02:42,000
machines, which machines are actually connected to the network, how many are in the network, and

39
00:02:42,000 --> 00:02:44,760
then discover open ports and access points.

40
00:02:44,760 --> 00:02:49,350
What areas, what availability is there for the actual hacker right.

41
00:02:49,350 --> 00:02:55,500
Ethical hacker to connect to and access the actual network and then fingerprint and operating system

42
00:02:55,650 --> 00:03:01,860
and then uncovering services on ports and mapping the entire network, looking at how the servers are

43
00:03:01,860 --> 00:03:06,180
connected, how the actual devices are connected, how the networks are set up.

44
00:03:06,180 --> 00:03:06,480
Right.

45
00:03:06,630 --> 00:03:12,180
So let's say, for example, you have like an H.R. department, you have a sales department.

46
00:03:12,180 --> 00:03:13,120
Marketing department.

47
00:03:13,120 --> 00:03:13,320
Right.

48
00:03:13,410 --> 00:03:18,210
They're typically going to have different networks within those departments that all go up and connect

49
00:03:18,210 --> 00:03:21,450
to the main network for the entire company.

50
00:03:21,450 --> 00:03:26,010
And so they're mapping out the entire network that they're looking to target.

51
00:03:26,010 --> 00:03:31,710
And oftentimes they'll target and look at the entire network as a whole and then break off the, let's

52
00:03:31,710 --> 00:03:35,430
say, marketing department and map that out as well as far as a target.

53
00:03:35,460 --> 00:03:40,230
So this is a quick introduction here into the reconnaissance here.

54
00:03:40,230 --> 00:03:46,440
And then he's going to dive a lot more deeper into active versus passive reconnaissance, the tools,

55
00:03:46,440 --> 00:03:51,840
the techniques, the methods, the different things that we're going to be using to gather as much information

56
00:03:51,840 --> 00:03:54,930
about our target prior to going on the attack.

57
00:03:54,930 --> 00:03:56,640
So that's going to be here for this one.

58
00:03:56,640 --> 00:03:57,960
And we'll see you on the next one.