1 00:00:00,150 --> 00:00:07,530 Welcome to Section seven and this section, we're going to cover passive and active reconnaissance now, 2 00:00:07,530 --> 00:00:08,450 reconnaissance. 3 00:00:08,460 --> 00:00:15,690 This is a term from the military and the reason why the cybersecurity industry has essentially utilized 4 00:00:15,690 --> 00:00:22,440 this same type of term to essentially gather information is because on the cybersecurity field, in 5 00:00:22,440 --> 00:00:26,400 the cybersecurity fence, you can really think about it as like a military force. 6 00:00:26,400 --> 00:00:31,440 Right, because we are defending essentially different property, different networks. 7 00:00:31,440 --> 00:00:31,770 Right. 8 00:00:32,220 --> 00:00:33,720 And it's all cyber based. 9 00:00:33,720 --> 00:00:38,270 However, we're still that security shield, right. 10 00:00:38,280 --> 00:00:40,410 We are blocking attacks. 11 00:00:40,410 --> 00:00:41,370 We're on the offense. 12 00:00:41,370 --> 00:00:42,150 We're on the defense. 13 00:00:42,160 --> 00:00:46,730 So that's where the term reconnaissance comes from, right. 14 00:00:46,830 --> 00:00:52,680 The military background and where essentially it needs to gather information. 15 00:00:52,680 --> 00:00:56,660 And we're going to talk about the reconnaissance here and a lot more depth. 16 00:00:56,820 --> 00:00:59,760 And let's go ahead and go over the section overviews. 17 00:00:59,880 --> 00:01:06,420 We're going to go over how exactly we're going to use active and passive reconnaissance, what exactly 18 00:01:06,420 --> 00:01:07,800 both of those terms mean. 19 00:01:08,040 --> 00:01:13,890 And then we're going to go over the tools that you can use for passive reconnaissance and the tools 20 00:01:13,890 --> 00:01:16,530 that you can use for active reconnaissance. 21 00:01:16,530 --> 00:01:22,380 And just like I mentioned, reconnaissance is really just a big term for gathering information. 22 00:01:22,380 --> 00:01:27,660 And so we're going to go over several tools, several methods, several different ways that you can 23 00:01:27,660 --> 00:01:35,280 actually gather information by connecting to a network or remotely through, you know, not being connected 24 00:01:35,280 --> 00:01:36,390 to a specific network. 25 00:01:36,390 --> 00:01:43,410 So both of those are actually going to play into what type of strategy that you use, whether you have 26 00:01:43,410 --> 00:01:48,990 access to a network, you can connect to it or you're, you know, on the other side of the world and 27 00:01:48,990 --> 00:01:50,940 you're looking to connect it to a certain network. 28 00:01:51,060 --> 00:01:57,000 Let's look at exactly what reconnaissance is as far as the information gathering. 29 00:01:57,000 --> 00:01:59,670 And really at a very simple level here. 30 00:01:59,670 --> 00:02:04,410 Like I mentioned, information gathering is what really reconnaissance is. 31 00:02:04,440 --> 00:02:11,970 It's a set of processes, techniques, procedures that are used to discover, gather, collect information 32 00:02:11,970 --> 00:02:13,080 about a target system. 33 00:02:13,170 --> 00:02:13,560 Right. 34 00:02:13,590 --> 00:02:20,070 And so during a reconnaissance and ethical hacker attempts to gather as much information as possible 35 00:02:20,070 --> 00:02:23,820 about a target system following these seven steps listed below. 36 00:02:23,850 --> 00:02:30,540 So no one gather initial information data collection by, you know, utilizing several different techniques, 37 00:02:30,540 --> 00:02:37,260 different methods and different tools and then determine the network range and then identify active 38 00:02:37,260 --> 00:02:42,000 machines, which machines are actually connected to the network, how many are in the network, and 39 00:02:42,000 --> 00:02:44,760 then discover open ports and access points. 40 00:02:44,760 --> 00:02:49,350 What areas, what availability is there for the actual hacker right. 41 00:02:49,350 --> 00:02:55,500 Ethical hacker to connect to and access the actual network and then fingerprint and operating system 42 00:02:55,650 --> 00:03:01,860 and then uncovering services on ports and mapping the entire network, looking at how the servers are 43 00:03:01,860 --> 00:03:06,180 connected, how the actual devices are connected, how the networks are set up. 44 00:03:06,180 --> 00:03:06,480 Right. 45 00:03:06,630 --> 00:03:12,180 So let's say, for example, you have like an H.R. department, you have a sales department. 46 00:03:12,180 --> 00:03:13,120 Marketing department. 47 00:03:13,120 --> 00:03:13,320 Right. 48 00:03:13,410 --> 00:03:18,210 They're typically going to have different networks within those departments that all go up and connect 49 00:03:18,210 --> 00:03:21,450 to the main network for the entire company. 50 00:03:21,450 --> 00:03:26,010 And so they're mapping out the entire network that they're looking to target. 51 00:03:26,010 --> 00:03:31,710 And oftentimes they'll target and look at the entire network as a whole and then break off the, let's 52 00:03:31,710 --> 00:03:35,430 say, marketing department and map that out as well as far as a target. 53 00:03:35,460 --> 00:03:40,230 So this is a quick introduction here into the reconnaissance here. 54 00:03:40,230 --> 00:03:46,440 And then he's going to dive a lot more deeper into active versus passive reconnaissance, the tools, 55 00:03:46,440 --> 00:03:51,840 the techniques, the methods, the different things that we're going to be using to gather as much information 56 00:03:51,840 --> 00:03:54,930 about our target prior to going on the attack. 57 00:03:54,930 --> 00:03:56,640 So that's going to be here for this one. 58 00:03:56,640 --> 00:03:57,960 And we'll see you on the next one.