Understanding Reconnaissance in Cybersecurity

Introduction

Wondering how hackers manage to get people's data? Are you a security professional who wants to protect your organization from cyber attack or just an individual who wants to be safe from cyber attacks? Well, this article is for you.

What is reconnaissance?

Reconnaissance(Recon) refers to the process of gathering information about a potential target. It is divided into two main categories, that is, Passive Recon and Active Recon.
Passive recon: In this process, there is no engagement with the target. One relies on public resources such as social media accounts to gather information.
Active recon: The person gathering information engages with the target. This can be through one on one communication such as phone calls or even using devices belonging to the target company.

This article will focus on passive recon.

Prerequisites

In order to follow along, and understand the concepts here, one will need a basic understanding of the Linux operating system and also some networking basics.

Tools used for passive Recon

whois: This command gives us information about a certain domain. It gives us information such as when the domain was registered, when it was updated etc. An attacker can use the information found such as the company email to send phishing attacks. Open your terminal and write the command whois followed by domain name.
Example:

root@99a8ec2bac69:/# whois apple.com Domain Name: APPLE.COM Registry Domain ID: 1225976_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.comlaude.com Registrar URL: http://www.comlaude.com Updated Date: 2023-08-28T18:33:11Z Creation Date: 1987-02-19T05:00:00Z Registry Expiry Date: 2025-02-20T05:00:00Z Registrar: Nom-iq Ltd. dba COM LAUDE Registrar IANA ID: 470 Registrar Abuse Contact Email: abuse@comlaude.com Registrar Abuse Contact Phone: +442074218250 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: A.NS.APPLE.COM Name Server: B.NS.APPLE.COM Name Server: C.NS.APPLE.COM Name Server: D.NS.APPLE.COM 

nslookup: This is used to query the Domain Name System. It shows us the IP addresses for a given domain and information related to each IP address such as mail servers etc.
When an attacker spots vulnerability in any of the IP addresses, he or she might use this to launch an attack.

To get ip addresses write nslookup followed by domain name. In order to get more information such as email servers used, the nslookup will take another argument called OPTIONS.
Syntax: nslookup OPTION [domain name]. In our example,
**-type=MX **is the option for getting email servers
Example:

root@99a8ec2bac69:/# nslookup apple.com Server: 10.251.0.2 Address: 10.251.0.2#53 Non-authoritative answer: Name: apple.com Address: 17.253.144.10 Name: apple.com Address: 2620:149:af0::10 

root@99a8ec2bac69:/# nslookup -type=MX apple.com Server: 10.251.0.2 Address: 10.251.0.2#53 Non-authoritative answer: apple.com mail exchanger = 20 mx-in-hfd.apple.com. apple.com mail exchanger = 20 mx-in-vib.apple.com. apple.com mail exchanger = 10 mx-in.g.apple.com. apple.com mail exchanger = 20 mx-in-mdn.apple.com. apple.com mail exchanger = 20 mx-in-rno.apple.com. 

DNSdumpster: A part from the command line tools, we have online tools that one can use to get information about a target. DNSdumpster is an online tool that one can use to get more information about a certain domain such us sub domains, IP addresses and even graphical representation of each IP address in relation to others. To use this tool, go to your browser, navigate to the DNSdumpster website then on the search bar write your domain name.

Conclusion

We have reached the end of today's learning but this does not mean you should stop here. To gain more skills in this field, you will need to do more practice and also explore other available tools. See you soon, Adios!!