Back to course

Phase 1: Reconnaissance (Passive vs. Active)

Cyber Security Mastery: From Zero to Hero

The Reconnaissance Phase

Recon is the most critical phase. The more you know about the target before you attack, the higher your chances of success.

Passive Reconnaissance

  • Definition: Gathering information without directly touching the target system or network. The target should not know they are being investigated.
  • Sources: Public records, social media, Google, archived websites, DNS records, job postings.
  • Goal: Collecting names, email addresses, IP ranges, technology stack (OS, servers).

Active Reconnaissance

  • Definition: Directly interacting with the target network, which may trigger IDS/IPS alarms or be logged by the target (e.g., pinging, scanning ports).
  • Tools: Nmap (scanning), Netcat (banner grabbing).

Strategy: Always maximize passive recon before moving to active recon to minimize the risk of detection.