A CEH (Certified Ethical Hacker) is a professional who typically works within a Red Team environment. A Certified Ethical Hacker’s focus must be on attacking systems and accessing applications, networks, databases, or other crucial data on the secured systems.
5. www.infosectrain.com | sales@infosectrain.com
We will discuss the second domain of CEH, which is ‘Reconnaissance
Techniques’.
What is reconnaissance?
Reconnaissance is the initial step that every ethical hacker follows.
Reconnaissance is a method of gathering all the important information about
our target system and network.
The ethical hacker follows the below steps to gather the maximum information
about the target:
1.Collect the initial information
2.Determine the range of the network
3.Identifies the active machines
4.Identifies the access ports and open ports
5.Fingerprint the operating system
6.Uncover services on ports
7.And finally, map them.
6. www.infosectrain.com | sales@infosectrain.com
Types of reconnaissance
There are two types of reconnaissance:
1.Active reconnaissance: Active reconnaissance is a process of gathering
information by directly engaging with the target system. Ethical hackers can
perform active reconnaissance by using different tools like Netcat, Ping, and
Traceroute. This recon is faster and accurate; simultaneously, the chances of
getting detected are also very high because the ethical hacker is directly
interacting with the target system.
2.Passive reconnaissance: Passive reconnaissance is the process of gathering
information about a target computer or network without actively using it.
It’s a way to acquire data about a victim without making them aware of it.
Ethical hackers use tools like Shodan and Wireshark to perform passive
reconnaissance.
8. www.infosectrain.com | sales@infosectrain.com
1.Footprint and reconnaissance: Footprinting is a technique used to gather
as much information as possible about a target network, victim, or system.
It aids hackers in several ways to compromise a company’s infrastructure.
The security posture of the target may also be determined using this kind
of penetration testing.
Footprinting can be done passively or actively. Passive footprinting, such as
looking at a company’s website and collecting information, active
footprinting, such as using social engineering techniques to access sensitive
data.
During this phase, ethical hackers will collect information like:
IP addresses
Domain name
Employee information
Namespaces
E-mails
Phone numbers
9. www.infosectrain.com | sales@infosectrain.com
2. Network scanning: Network scanning identifies active ports, hosts, and
the various services used by the target application. For example, assume
you are an ethical hacker and trying to find weak points in the application.
You use network scanning to find out those points.
In simple terms, to hack a network, you’ll need to discover a weak point in
the system that can be exploited. Such network nodes can be located by
performing a Network Scanning operation.
The difference between reconnaissance and network scanning
Assume you are a police officer and are planning to find some criminal.
First of all, you will gather all the information about the criminals like
name, location, and daily routine, which is called reconnaissance. Then
you will find an entry point to enter into his home to attack him, and the
process of finding the entry point is called network scanning.
10. www.infosectrain.com | sales@infosectrain.com
Types of network scanning
There are two types of network scanning:
Port scanning: Port Scanning, as its name suggests, finds out which ports are
active on the network. Scanners transmit client requests to a range of ports on
the target network and then store the details of the ports that respond to the
requests. In this way, active ports are discovered.
There are various types of port scanning. They are:
TCP scanning
SYN scanning
UDP scanning
ACK scanning
Window scanning
FIN scanning
Vulnerability scanning: An ethical hacker uses vulnerability scanning to find out
the weaknesses in the network. This identifies vulnerabilities that are caused by
inappropriate programming or misconfigured networks.
11. www.infosectrain.com | sales@infosectrain.com
3. Enumeration: Enumeration is described as the procedure by which the
user names, hostnames, network resources, shares, and services may be
extracted from a system. In this step, the attacker connects with the system
and makes directed requests to learn more about the target.
By using enumeration, ethical hackers can get the information of:
SNMP data, if they are not secured correctly.
Network shares
Usernames of different systems
IP tables
Password policies lists
12. www.infosectrain.com | sales@infosectrain.com
CEH with InfosecTrain:
InfosecTrain is one of the leading training providers with a pocket-friendly
budget. We invite you to join us for an unforgettable journey with industry
experts to gain a better understanding of the Certified Ethical Hacker
course. Courses can be taken as live instructor-led sessions or as self-paced
courses, allowing you to complete your training journey at your convenience.
13. About InfosecTrain
• Established in 2016, we are one of the finest
Security and Technology Training and
Consulting company
• Wide range of professional training programs,
certifications & consulting services in the IT
and Cyber Security domain
• High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com | sales@infosectrain.com
15. Why InfosecTrain Global Learning Partners
Flexible modes
of Training
Tailor Made
Training
Post training
completion
Certified and
Experienced Instructors
Access to the
recorded
sessions
www.infosectrain.com | sales@infosectrain.com
18. Contact us
Get your workforce reskilled
by our certified and
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 /
UK : +44 7451 208413
sales@infosectrain.com
www.infosectrain.com