Prajwal Desai

SCCM | ConfigMgr | Intune | Windows 11 | Azure

  • Home
  • Cloud
    • Autopilot
    • Azure
    • Endpoint Analytics
    • Intune
    • PowerShell
    • Teams
    • Windows 365
  • Microsoft
    • Active Directory
    • Group Policy
    • SCCM
    • SCOM
    • Windows 10
    • Windows 11
    • Windows Server
    • WSUS
  • Software
  • Forums
  • Newsletter
  • Contact
Notification Show More
Latest News
Fix Windows Autopilot Reset Error 0x80070032
Fix Windows Autopilot Reset Error 0x80070032
Autopilot Intune
Windows activation error 0xc004c020
Fix: Windows Activation Error 0xC004C020 with 2 Easy Methods
Windows 11 Windows 10
Find the Package ID of SCCM Application
3 Best Ways to Find the Package ID of SCCM Application
SCCM
SCCM Updates Install Error 0x800b0109 0x8024b303
Fix: SCCM Updates Install Error 0x800b0109 | 0x8024b303
SCCM
Disable Windows Hello for Business using Intune ftimg
Disable Windows Hello for Business using Intune – Comprehensive Guide
Intune Autopilot
Aa

Prajwal Desai

SCCM | ConfigMgr | Intune | Windows 11 | Azure

Aa
Search
  • Home
  • Cloud
    • Autopilot
    • Azure
    • Endpoint Analytics
    • Intune
    • PowerShell
    • Teams
    • Windows 365
  • Microsoft
    • Active Directory
    • Group Policy
    • SCCM
    • SCOM
    • Windows 10
    • Windows 11
    • Windows Server
    • WSUS
  • Software
  • Forums
  • Newsletter
  • Contact
Follow US

Home » Security » The Reconnaissance phase in network penetration

Security

The Reconnaissance phase in network penetration

By Prajwal Desai 1 View Add a Comment November 2, 2021 5 Min Read

In this post we will discuss about the Reconnaissance phase in network penetration. Reconnaissance means you gain information about computers or networks. This is a initial steps before exploiting the target system.

Reconnaissance attack can either be active or passive. Active reconnaissance involves port scans and OS scans, while passive reconnaissance relies on sniffing regular host traffic. In both of these methods the goal is to gain information about its capabilities and vulnerabilities.

Reconnaissance for a targeted attack takes several forms. Let’s take a look at each one of them.

Address Reconnaissance

Address reconnaissance is identification of the address space in use by the target organization. An attacker could use DNS to identify the address of the organization’s web server.

- Advertisement -
Ad image

DNS will also provide the critical information such as address of the primary DNS server for the domain and the mail server addresses for the organization.

An attacker could do name searches through ARIN to find other address blocks assigned to the target organization.

DNS can also be used to identify additional web servers, mail servers, and address ranges. All of this information can be found without alerting the target.

Phone Number Reconnaissance

From what I know, phone number reconnaissance is very difficult than identifying the network addresses associated with a target organization.

Directory assistance can be used to identify the primary phone number for the target. Many organizations list contact phone or fax numbers on their web sites.

After finding a few numbers, the hacker may decide to look for working numbers. He might use some tools like war dialer or something of similar kind.

The hacker may choose to perform this activity during off hours or on weekends to lessen the potential for discovery.

The other downside of this activity is that the hacker does not know for sure which of the numbers are used by the target organization. The hacker may identify a number that leads to other organizations.

Wireless Reconnaissance

A lot of organizations use wireless technology for the advantages that it offers in terms of connectivity. The hacker is likely to check the surrounding areas to find out the wireless technology.

The hacker can perform this reconnaissance easily by walking or driving around the building. This type of reconnaissance does require the hacker to be physically near the target.

System Reconnaissance

The goal of System reconnaissance is to identify the operating system and the OS vulnerabilities.

The hacker may use ping sweeps or scans to identify the systems. If the hacker wants to remain hidden, a very slow ping rate or scan rate is most effective.

In this case, the hacker sends a ping to one address every hour or so. Most Administrators may not even notice this.

Operating system identification scans are harder to keep hidden. That’s because the packet signatures of most tools are well known. Furthermore the intrusion detection systems will likely identify any attempts.

Most of all the hacker can easily guess the operating system. In the next step, hacker can gather the OS Vulnerabilities.

The hacker can run vulnerability scanner to list the vulnerabilities found in the discovered OS.

Physical Reconnaissance

Physical Reconnaissance is hacker’s favorite. The hacker may choose to observe certain things like the cameras in the building. Time the employees enter and exit, time the employees go for a smoke breaks etc.

The hacker may note common paths taken by employees to enter or exit the facility. Such paths may be the perfect location to plant something like a USB memory stick for employees to find.

The hacker may also examine about paper recycle handling. With this a hacker may be able to find all the information he wants by searching through the dumpster at night.

Sign Up For Weekly Newsletter

Get the most recent information on Configuration Manager, Intune, Windows 11, Windows 365, Autopilot, Azure, Software Reviews, and much more by subscribing to the newsletter.
By signing up, you agree and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share this Article
Facebook Twitter Copy Link Print
Avatar photo
By Prajwal Desai
Follow:
Prajwal Desai is a Microsoft MVP in Enterprise Mobility. He writes articles on SCCM, Intune, Configuration Manager, Microsoft Intune, Azure, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.
Previous Article coding banner How to Deploy Microsoft LAPS Using SCCM
Next Article rep com How to change default banner in SCCM Reports
Leave a comment Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recast Sponsored AD
Ad image
Patch My PC Sponsored AD
Ad image

Latest Articles

Fix Windows Autopilot Reset Error 0x80070032
Fix Windows Autopilot Reset Error 0x80070032
Autopilot Intune
Windows activation error 0xc004c020
Fix: Windows Activation Error 0xC004C020 with 2 Easy Methods
Windows 11 Windows 10
Find the Package ID of SCCM Application
3 Best Ways to Find the Package ID of SCCM Application
SCCM
SCCM Updates Install Error 0x800b0109 0x8024b303
Fix: SCCM Updates Install Error 0x800b0109 | 0x8024b303
SCCM
Subscribe to Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

You Might Also Like

KB2267602 Defender Update Deletes Shortcuts & ASR Issues
SecurityIntune

KB2267602 Defender Update Deletes Shortcuts & ASR Issues

By Prajwal Desai
How to Disable Side Channel Mitigations for VMware VM
SoftwareSecurity

How to Disable Side Channel Mitigations for VMware VM

By Prajwal Desai
How to Enable Dark Mode for Bitdefender Total Security
SoftwareSecurity

How to Enable Dark Mode for Bitdefender Total Security

By Prajwal Desai

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?