Reconnaissance (CKC) - Modern Cyber Range - Attacker PoV
Types of Reconnaissance
CKC = Cyber Kill Chain
Disclaimer: Everything is all virtualize in the host computer. Fake simulations
Passive Reconnaissance
Definition: When you’re not engaging with the target to extract information. Example of Passive reconnaissance is google dorking, whois, nslookup, dig.
Usually passive reconnaissance can not be easily detected simply because you’re mimicking a visitor of a site.
This post won’t be covering it. Please refer to here if you want to get practice: https://tryhackme.com/room/passiverecon
Active Reconnaissance
You’re actively engaging with the target to extract information. This can be in form of an Nmap scan, Recon-ng and etc…
For this post, I will only be showcasing Active Reconnaissance.
Engaging the Target [[NMAP]]
I will be engaging a NMAP scan on my vulnerable web server (metasploitable2) to see what information appear. Then on the blue team side, we will see how these scan look from a network/packet perspective.
First