1
00:00:03,100 --> 00:00:09,790
Welcome to the next section on information gathering or recon and scanning in the previous section,

2
00:00:09,790 --> 00:00:12,880
you saw how to do a phishing attack.

3
00:00:12,910 --> 00:00:15,820
You saw how to carry out a spear phishing attack.

4
00:00:16,660 --> 00:00:21,670
When you know some information about the user, you can target those social engineering attacks.

5
00:00:22,060 --> 00:00:27,790
Two together, information about one specific person or one specific organization where you might be

6
00:00:27,790 --> 00:00:30,790
wondering how would you gather information like that?

7
00:00:30,820 --> 00:00:33,010
If you don't know anyone inside the company?

8
00:00:33,490 --> 00:00:38,170
Well, this is a really important set of skills to gather as a hacker.

9
00:00:38,620 --> 00:00:43,720
And we need to know how hackers gather this information if we want to be able to defend against it.

10
00:00:44,020 --> 00:00:50,350
So how to hackers gather lists of names and e-mail addresses for phishing, or how do they gather a

11
00:00:50,350 --> 00:00:52,570
list of servers to attack?

12
00:00:52,930 --> 00:00:56,350
Well, there are two main categories of reconnaissance or recon.

13
00:00:56,830 --> 00:01:03,700
The first one is passive recon that uses open source intelligence or tools that don't intrude on a target's

14
00:01:03,700 --> 00:01:04,270
network.

15
00:01:04,630 --> 00:01:11,440
So if you're wanting information about the news organization, CNN, for example, with passive recon,

16
00:01:11,440 --> 00:01:16,330
you would never scan CNN's network because that alerts them to your presence.

17
00:01:16,720 --> 00:01:22,930
And this is a really important skill set to develop as a white hat or ethical hacker.

18
00:01:23,320 --> 00:01:28,260
So passive recon is where we're going to gather information using open source intelligence or asset

19
00:01:28,870 --> 00:01:33,400
active recon is where we use scanning tools to interact with the target network.

20
00:01:33,430 --> 00:01:40,630
So if we're scanning my university, for example, we would actually run a network mapper or some sort

21
00:01:40,630 --> 00:01:43,540
of scanning tool against that network.

22
00:01:43,570 --> 00:01:49,270
Now, for this one, it's really important to know as ethical hackers, we have to have permission from

23
00:01:49,270 --> 00:01:54,520
that organization before we run any active scanning tools against a network.

24
00:01:54,850 --> 00:02:01,580
It can be illegal not just from the organization itself that might want to prosecute you.

25
00:02:01,580 --> 00:02:08,680
It could be illegal to run over your network, even over your Internet service provider to that organization.

26
00:02:09,040 --> 00:02:12,650
It could be illegal in your city, state, country, et cetera.

27
00:02:13,030 --> 00:02:17,200
So it's really important to make sure you have permission and make sure you know all the applicable

28
00:02:17,200 --> 00:02:20,290
laws before you try active reconnaissance.

29
00:02:21,130 --> 00:02:27,010
So in passive recon, what we're going to see in this lesson is some open source intelligence using

30
00:02:27,010 --> 00:02:32,080
the O.S. framework, where specifically we're going to gather some domain name information from domain

31
00:02:32,080 --> 00:02:32,770
dossier.

32
00:02:32,950 --> 00:02:40,270
Maybe we'll maybe get some important contacts to try against a site for social engineering, for example.

33
00:02:40,790 --> 00:02:46,150
Then we're going to learn about a numeration or listing out accounts, servers on the networks.

34
00:02:46,570 --> 00:02:50,590
This is a really important skill to develop, even for your own home network.

35
00:02:50,620 --> 00:02:54,340
You might want to do some enumeration of hosts or servers.

36
00:02:54,340 --> 00:02:58,600
You might want to gather some information about what's running on your organization's network.

37
00:02:58,630 --> 00:03:03,040
You definitely want to see what hackers can see from outside your organization.

38
00:03:03,490 --> 00:03:06,070
And then finally, we're going to run some active scans.

39
00:03:06,100 --> 00:03:11,380
Now, we're going to do that safely inside our own private net network.

40
00:03:11,740 --> 00:03:17,560
But we're also going to see how you could scan your entire Wi-Fi network for that one.

41
00:03:17,570 --> 00:03:25,930
It's very important that you own and pay for that that local Wi-Fi network, that you not do this in

42
00:03:25,930 --> 00:03:33,640
a building or in a company or in a school, any place where other people whose computers you don't control

43
00:03:33,640 --> 00:03:36,700
or don't own or don't have permission to scan might be active.

44
00:03:36,730 --> 00:03:39,100
But we're gonna see a couple of tools to do that with.

45
00:03:39,520 --> 00:03:43,780
So we'll start off with a little open source intelligence gathering in the next lesson.