Exploring Reconnaissance: Active and Passive Approaches to Intelligence Gathering

 

The MITRE ATT&CK frameworkLinks to an external site. serves to inform organizations about different techniques hackers use when gathering information about a target. It allows you to easily explore the different phases of an attack and visually see lists of methodologies used during each phase. The OSINT frameworkLinks to an external site. provides detailed documentation breaking down each of the areas discussed in the MITRE ATT&CK reconnaissance section and lists different tools and websites that can be used to gather intelligence about a victim. In active intelligence gathering, malicious hackers send IP packets to their victim to probe the victim and observe their response. In passive intelligence gathering, malicious hackers collect information about their victim without ever interacting with the victim directly. Open Source Records provide public information about victims and organizations that hackers easily exploit. Hackers often explore names, emails, DNS records, certificates, social media sites, acquisition and integration documents, or public financial information. A simple Google search has the potential to reveal damaging information about an organization. 

The Google Hacking Database provides a collection of Google search strings that lead malicious hackers to login portals, passwords, sensitive directories, online devices, and other sensitive information about an organization. Shodan allows a hacker to view devices with specific protocols to identify potential targets with weak protection. Viewing certificate information allows a hacker to view weak algorithms and potential entry points. The Robots.txt file allows Google Bot to view a site's makeup to determine which pages to view and which pages to ignore. A dangerous hacker can use the Robots.txt file to locate files containing sensitive information, such as users and other directories. 

Maltego allows a hacker to perform passive reconnaissance on an organization’s employee emails through spear fishing and social engineering attacks that introduce malicious links or tricks them to unintentionally divulge useful information about an organization. Once a hacker finds the employee email using Maltego, the hacker can perform a brute force attack and potentially log in as the employee. The Whois utility further allows a hacker to obtain domain address information, administrative contacts, technical contacts, and support contacts that can be used in attacks. Tools, such as Recon.ng allow a hacker to automate passive reconnaissance and can be used to produce damaging insight into a target. Network scanning with tools, such as Nmap, Metasploit, Telnet, and QualysGuard allow a hacker to view hosts and services that are running and can be used as potential entry points into a target’s system. Enumeration allows a hacker to extract information from a system, such as usernames, to aid them in performing more efficient brute force attacks. Attackers utilize enumeration in complex protocol specific attacks that allow them to identify pre shared keys, device types, and other damaging information. By capturing and rerouting traffic hackers hijack sessions, steal sensitive data, and gain insights to security measures allowing them to bypass them when attacking a target network. 

Passive intelligence gathering serves an important purpose because an attacker can gather information with a low risk of detection or legal recourse. Hackers use passive intelligence to set a firm foundation before initiating an attack. Some of the most dangerous attacks happen because no one on the security team sees them coming.

Comments

Post a Comment

Popular posts from this blog

SalonAboutBeauty: Less Integration for Consistent Styling Across Components

Ensuring Consistent Variables Less provides several advantages for organizing CSS to ensure consistency across a website. The variables.less file defines reusable properties that allow a developer to easily communicate and maintain styles according to a style guide or theme.  The Less Web Development Cookbook describes properties in the variables.less file in relation to other programming languages: “Variables in Less are defined as the equivalent to statics in other programming languages. You assign a value to a variable once and use it everywhere in your code” (Meyghani & Jobsen, 2015, p. 50). It suggests that less allows a developer to set properties, such as colors and length, to variable names that retain their meaning and can be used everywhere in the code. Examples: @base-color: red, @primary: green.  By providing these definitions in a central location, developers create code consistency in all areas of the website. Creating an Organized File St...
Read more

Why “Human Error” Is Usually a System Design Problem

In complex systems, failure rarely comes from a single bad decision. It comes from problems that evolve slowly, cross boundaries, and remain unresolved while everyone involved behaves reasonably. Managing risk in these environments means managing trajectories, not just incidents. When ownership is divided strictly by role, function, or severity threshold, gaps are inevitable. Those gaps are where issues linger, age, and quietly accumulate risk, not because they were ignored, but because no one was responsible for carrying them forward end to end. This is common in healthcare, where delay is often necessary. A patient may require observation, referrals, or time to clarify diagnosis. The failure is not that care takes time; it is that the trajectory of care becomes fragmented. Each clinician escalates correctly within scope, yet no one owns the evolving picture across visits, domains, and decisions. The patient is evaluated repeatedly, reassured locally, and sent away without continuity ...
Read more

Challenges in Prosecuting Deep Web and Darknet Crimes: The Case of Ross Ulbricht and the Silk Road

  The deep web represents online information that is not easily accessible through search engines. Prosecuting crimes on the deep web is no more challenging than prosecuting crimes for any standard website because law enforcement can still track the user's location through a domain or IP address. Alternately, the darknet poses a challenge for law enforcement to address illicit activity because while the darknet is a web-based system, it is accessible only through the Tor protocol that encapsulates HTTP and HTTPS traffic, much like a VPN that hides a user’s location and identity. The Tor protocol, often called the Onion Router, contains methods for encrypting and routing traffic between peers. The purpose of the Tor protocol is to make web browsing anonymous by routing each request through multiple peers and altering encryption at various steps until the request reaches its destination. Subsequent requests may hop through different peers, making traffic appear random, unpredictable,...
Read more