Week 4: Passive OSINT

Hacking in Five Steps - This lesson will introduce the five key components of hacking: reconnaissance, enumeration, exploitation, maintaining access, and covering tracks. These five key concepts will be built upon as we progress, with at least one part dedicated to each component. The Art of Reconnaissance - This lesson will discuss reconnaissance in depth and cover common tools used in the process. Some of the tools that will be covered are the OSINT Framework, SET, theHarvester, Bluto, Google Dorks, and Shodan. More tools will likely be added as the lesson is written.

Five Stages of Hacking







Scanning and Enumeration

Gaining Access

Maintaining Access

Covering Tracks

Passive Recon - Physical / Social

Location Information

ā€¢ Satellite images ā€¢ drone recon ā€¢ building layout (badge readers, break areas, security, fencing)

Job Information

ā€¢ Employees (name, job title, phone number, manager, etc.) ā€¢ Pictures (badge photos, desk photos, computer photos, etc.)

Passive Recon - Web / Host

Target Validation

ā€¢ WHOIS, nslookup, dnsrecon

Finding Subdomains

ā€¢ Google-fu, dig, Nmap, Sublist3r, Bluto, crt.sh, etc.


ā€¢ Nmap, Wappalyzer, WhatWeb, BuiltWith, Netcat

Data Breaches

ā€¢ HaveIBeenPwned and similar lists

Last updated