Scanning

Reconnaissance

… ye gotta know where ye’re just gonna rush in and with what. Ye cannae just rush in anywhere. It looks bad, havin’ to rush oout again straight awa’ … ~ Terry Pratchett

Terry Pratchett

The wee free men

Portrait

What?

Reconnaissance is the first, most critical, and most time consuming phase of any hack.

Why?

Key is to narrow the scope as much as possible:

  • Who is the target?
  • What is the target?
  • Where is the target?
  • When is the best time for an attack?
  • How is the target defended and how to best attack?

How?

Gather as much information as possible on the target by using public sources. Create a map of the network to determine what operating systems, applications, and address ranges are being used and to identify any accessible open ports.

  • Gather information
  • Locate network range
  • Discover active machines
  • Determine operating systems
  • Define running services
  • Map the network

Concretely

Check and double-check. Think about it. Check again. And return here with all new information for updates after doing something else “hacky”.