• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Ethical Hacking

William Bailey

Ethical Hacking

MIS 5211.701 ■ Fall 2021 ■ William Bailey
  • Home
  • INSTRUCTOR
  • SYLLABUS
  • Gradebook

Week 03: Reconnaissance

September 5, 2019 by William Bailey 13 Comments

One of the topics this week is about Reconnaissance, or learning about the target.  You may be hired to think just like an outsider, someone trying to “hack” their way in.  Remember that some of the “hacking” techniques may not require specific coding.  There are so many methods, that for this week’s question, everyone needs to post a unique method of performing reconnaissance in order to earn full points.  Describe the method of reconnaissance, and if possible, provide an example of a “hack” or other breach that can be tied back to the information learned due to reconnaissance.

I’ll start with an example that you’re likely seeing on television as part of New Jersey Transit’s “See Something, Say Something” campaign.  The commercial promotes security awareness, with several suspicious actors.  One of the scenes shows two people along the road, possibly looking at their potential target, but more specifically, another actor taking pictures, and the scene is shown from the viewpoint where we see that the pictures being taken are those of the CCTV system.  Why?   By taking pictures of the facility, the outsider is learning about the physical security controls of the facility, and can plan the attack to avoid the line of sight from these cameras.

Reconnaissance - Examining Physical Security Controls (Cameras)

Filed Under: Week 03: Reconnaisance Tagged With:

Reader Interactions

Comments

  1. Eugene Angelo Tartaglione says

    August 31, 2021 at 4:58 pm

    A good example of reconnaissance would be dumpster diving in the companies trash / dumpsters to see if you can find any sensitive information that was not properly destroyed. The issue with this is if someone sees you rummaging through the trash you may have security / the police called on you for doing so.

    Log in to Reply
    • Antonio Cozza says

      September 2, 2021 at 11:34 pm

      I like this classic example of physical reconnaissance. I would argue that many people tend to forget about this method, which makes it prove to be still quite useful today especially with how freely people disregard the privacy of their own data. It is not all that rare for organizations to place sensitive legible information in the trash on site.

      Log in to Reply
  2. Antonio Cozza says

    September 2, 2021 at 11:16 pm

    Another example of (passive) reconnaissance would be identifying an IP block with nslookup in the context of an external or black-box penetration test or an unethical malicious hack as well. Using the nslookup command is OSINT, and can reveal information on DNS records relevant for gaining entry to a system. After performing this type of reconnaissance, the penetration tester will then be able to try to map the network from the obtained ip block, and proceed to follow the cyclic process of enumerating, identifying vulnerabilities, and, provided the skill and experience, exploiting them to eventually escalate privileges in the target system(s).

    Log in to Reply
  3. Dhaval Patel says

    September 4, 2021 at 7:30 pm

    Reconnaissance could come in the form of social media. Sites like Facebook, Twitter, and even LinkedIn contain large amounts of information that could become valuable to a hacker. Particularly with LinkedIn, an attacker has the ability to see where an individual works, who their team members are, and even what they are working on. This can allow them to gain insider information. As we discussed in class, an employer or even an employee could state what current technologies they are working on/looking for. An article from Trend Micro states that engineers from AMD had leaked information related to their next-generation products on their LinkedIn.

    Source: Pernet, C. (2015, June 2). Reconnaissance via professional social networks. TrendLabs Security Intelligence Blog. https://blog.trendmicro.com/trendlabs-security-intelligence/reconnaissance-via-professional-social-networks/.
    Link: https://blog.trendmicro.com/trendlabs-security-intelligence/reconnaissance-via-professional-social-networks/

    Log in to Reply
    • Tal Eidenzon says

      September 12, 2021 at 11:18 pm

      It is amazing how much people claim to care about privacy and spying from the government while willingly laying out their entire life on social media. Really boggles the mind. This method provides con-men with even more information than they need to fool an unsuspecting person by playing off of the target’s interests, hobbies, place of employment, and vacation schedules.

      Log in to Reply
  4. Andrew Nguyen says

    September 6, 2021 at 6:40 pm

    A form of reconnaissance could simply be observation. For instance, what times do the security guards (if any) go on break? Are there any gaps in their schedule? What would the best times to break in be? Who works at the company, and what are they like? For example, if an individual at the company is disgruntled, they could potentially be more likely be a target for social engineering.

    Log in to Reply
    • Dhaval Patel says

      September 12, 2021 at 9:00 pm

      This is a great example that often gets overlooked. Observations can tie into many different forms of reconnaissance whether physical or in a digital form. Physical like you said, noticing when security guards go on break or knowing where all of the security cameras are located, and digital going along your statement could be an employee database or even LinkedIn.

      Log in to Reply
  5. Krish Damany says

    September 11, 2021 at 10:35 pm

    In the attack against Microsoft back in April, it is believed that the Chinese hacking group gathered lots of information on personal accounts through reconnaissance before carrying out the final attack. By gathering this personal information and accounts, they used them to infiltrate universities, law firms, and infectious-disease researchers. After those initial infiltrations, they found a universal exploit for Microsoft exchange as a whole and used that information to carry out the global attack.

    https://www.wsj.com/articles/suspected-china-hack-of-microsoft-shows-signs-of-prior-reconnaissance-11617800400

    Log in to Reply
  6. Tal Eidenzon says

    September 12, 2021 at 11:06 pm

    My favorite technique for performing recon is to attend a job interview at the company of interest. The information gathered during an interview can be quite sensitive and useful to an attacker because interviewers are often overworked/unsatisfied employees whom might look kindly upon an intriguing technical discussion or an opportunity to complain about the company’s unwillingness to either invest in newer more secure technologies or mitigate glaring risks.

    In addition to the information that can be attained during the actual conversational process of the interview, the threat actor can observe the layout of the building and check which physical security controls are in place.

    Log in to Reply
    • Antonio Cozza says

      September 13, 2021 at 5:42 pm

      This is a great social engineering example, Tal. This is realistically impossible to prevent in my opinion and interestingly enough it does provide that extra internal information from within the organization.

      Log in to Reply
  7. Patrick Jurgelewicz says

    September 13, 2021 at 2:21 pm

    One form of recon could be walking through a company’s parking lot and looking for valuable information on employee vehicles. This link shows what information can be obtained about someone just from their bumper stickers:
    http://ecbpublishing.com/what-do-your-bumper-stickers-really-tell-people/

    With information about a person, an intruder could then potentially socially engineer their way into more information. For example, they could target an employee with a phishing email with a subject line that pertains to one of their interests.

    Log in to Reply
    • Parmita Patel says

      September 20, 2021 at 3:25 pm

      This is really interesting because I would have never thought you could gain so much information through bumper stickers. I think the littlest details can really help uncover major details about the person. It would not be hard to guess what the person likes or what they like to do.

      Log in to Reply
  8. Parmita Patel says

    September 20, 2021 at 3:22 pm

    Reconnaissance could be learning about other through what they and where they work. This could be at work or companies that are in the same industry. When you how the life is like yourself it is very easy to learn about others. You can easily tell if the person after work likes to go out or do they other reservations. You can easily pick up things they like to do at work or who they like to talk to and these activities would fall through the cracks. It would not be hard to learn about someones lifestyle when you have had your experience and you know how to dig deeper.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (1)
  • Week 01: Overview (2)
  • Week 02: TCP/IP and Network Architecture (2)
  • Week 03: Reconnaisance (2)
  • Week 04: Vulnerability Scanning (1)
  • Week 05: System and User Enumeration (1)
  • Week 06: Metasploit (1)
  • Week 08: Malware (1)
  • Week 09: Web Application Security (1)
  • Week 10: Web Application Hacking (1)
  • Week 11: Cloud Computing & Virtualization (2)
  • Week 12: Wireless (2)
  • Week 14: Review of all topics (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in