Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,260 --> 00:00:01,680 -: In this section of the course, 2 00:00:01,680 --> 00:00:04,200 we're gonna discuss passive reconnaissance. 3 00:00:04,200 --> 00:00:05,370 As we move from our planning 4 00:00:05,370 --> 00:00:08,160 and scoping phase of our penetration test, we find ourselves 5 00:00:08,160 --> 00:00:10,110 in the second stage of the engagement: 6 00:00:10,110 --> 00:00:12,780 information gathering and vulnerability scanning. 7 00:00:12,780 --> 00:00:14,670 During this stage, we're gonna be focused 8 00:00:14,670 --> 00:00:16,980 on conducting reconnaissance and scanning. 9 00:00:16,980 --> 00:00:18,870 Now reconnaissance focuses on gathering 10 00:00:18,870 --> 00:00:21,660 as much information about the target as possible. 11 00:00:21,660 --> 00:00:23,730 This reconnaissance can either be passive 12 00:00:23,730 --> 00:00:25,050 or active in nature, 13 00:00:25,050 --> 00:00:27,240 and we're gonna focus this section of the course 14 00:00:27,240 --> 00:00:29,370 on the different passive reconnaissance actions 15 00:00:29,370 --> 00:00:31,590 that we can conduct during our engagements. 16 00:00:31,590 --> 00:00:34,230 This includes things like using open source intelligence, 17 00:00:34,230 --> 00:00:37,410 social media scraping, reviewing the company's own website 18 00:00:37,410 --> 00:00:39,570 and using publicly available repositories 19 00:00:39,570 --> 00:00:41,310 to gain as much information as we can 20 00:00:41,310 --> 00:00:43,380 about the target organization. 21 00:00:43,380 --> 00:00:45,600 As I said, in this section of the course, 22 00:00:45,600 --> 00:00:47,850 we're gonna focus on passive reconnaissance, 23 00:00:47,850 --> 00:00:48,960 which is just one part 24 00:00:48,960 --> 00:00:52,020 of the larger set of objectives inside of domain two: 25 00:00:52,020 --> 00:00:54,690 information gathering and vulnerability scanning. 26 00:00:54,690 --> 00:00:56,730 In this section, we're only gonna be focusing 27 00:00:56,730 --> 00:00:59,880 on a single objective though: Objective 2.1. 28 00:00:59,880 --> 00:01:01,860 This states that given a scenario 29 00:01:01,860 --> 00:01:04,440 you must perform passive reconnaissance. 30 00:01:04,440 --> 00:01:06,360 Now, while this objective seems short, 31 00:01:06,360 --> 00:01:09,360 there's a lot of sub bullets listed underneath it by CompTIA 32 00:01:09,360 --> 00:01:11,670 and we're gonna cover all of them in this section 33 00:01:11,670 --> 00:01:12,720 as we go through the concepts 34 00:01:12,720 --> 00:01:14,160 surrounding passive reconnaissance 35 00:01:14,160 --> 00:01:16,140 that you need to know for the exam. 36 00:01:16,140 --> 00:01:17,580 As we begin this section, 37 00:01:17,580 --> 00:01:19,740 we're gonna first talk about information gathering 38 00:01:19,740 --> 00:01:22,650 and some of the key sources of openly available information 39 00:01:22,650 --> 00:01:24,780 that you can gather during an engagement. 40 00:01:24,780 --> 00:01:26,190 Then we're gonna move into the world 41 00:01:26,190 --> 00:01:29,430 of open source intelligence, also known as OSINT. 42 00:01:29,430 --> 00:01:31,710 Now, open source intelligence is simply defined 43 00:01:31,710 --> 00:01:33,720 as any publicly available information 44 00:01:33,720 --> 00:01:35,670 and the tools we use to aggregate 45 00:01:35,670 --> 00:01:37,500 and search that information. 46 00:01:37,500 --> 00:01:38,910 We're also gonna spend some time looking 47 00:01:38,910 --> 00:01:42,930 at common OSINT tools, such as Shodan and Recon-ng. 48 00:01:42,930 --> 00:01:45,780 After that, we're gonna discuss social media scraping 49 00:01:45,780 --> 00:01:47,070 which is a technique that allows you 50 00:01:47,070 --> 00:01:49,710 to identify key administrative and technical contacts 51 00:01:49,710 --> 00:01:51,120 of a given organization, 52 00:01:51,120 --> 00:01:53,640 find key job responsibilities of those people, 53 00:01:53,640 --> 00:01:56,520 and use job listings to identify the types of technology 54 00:01:56,520 --> 00:01:58,980 that's used by the targeted organization. 55 00:01:58,980 --> 00:02:01,440 We'll also discuss how to conduct DNS lookups 56 00:02:01,440 --> 00:02:04,140 to identify important information about an organization, 57 00:02:04,140 --> 00:02:05,790 and I'm gonna demonstrate how to perform 58 00:02:05,790 --> 00:02:07,980 some basic passive reconnaissance functions 59 00:02:07,980 --> 00:02:10,919 using a great website known as CentralOps. 60 00:02:10,919 --> 00:02:13,830 Next, we're gonna cover the use of public repositories 61 00:02:13,830 --> 00:02:16,920 as a key to find the data about your target organization 62 00:02:16,920 --> 00:02:19,170 and how you can use search engine analysis 63 00:02:19,170 --> 00:02:20,760 also known as Google hacking 64 00:02:20,760 --> 00:02:23,460 to find all sorts of hidden information on your target 65 00:02:23,460 --> 00:02:24,720 during an engagement. 66 00:02:24,720 --> 00:02:27,390 Finally, we'll discuss how to identify cryptographic flaws 67 00:02:27,390 --> 00:02:29,010 at your targeted organization 68 00:02:29,010 --> 00:02:31,410 using some passive reconnaissance techniques. 69 00:02:31,410 --> 00:02:34,650 So, let's get started in our coverage of domain two: 70 00:02:34,650 --> 00:02:36,900 information gathering and vulnerability scanning 71 00:02:36,900 --> 00:02:39,800 with passive reconnaissance in this section of the course. 5512