Uploaded byEslamAkl
PDF, PPTX794 views

Different Methodology To Recon Your Targets

The document outlines a methodology for reconnaissance in penetration testing, including different types of recon (passive and active) and the information required based on the scope of the target. It emphasizes automating the recon process and provides resources and tools to enhance vulnerability discovery. Recommendations for practices and links to additional resources are also included.

Embed presentation

Download as PDF, PPTX
DIFFERENT METHODOLOGY TO RECON TARGETS CAT RELOADED ~$Eslam Akl 2020
$~:whoami 
 eslam3kl
 Penetration tester CAT Reloaded Cyber Security member Python script lover, Technical blogger and Vuln machine attacker
Hunting & Penetration testing Steps. Recon Types. Before & After Recon. Recon based on SCOPE. Small Scope required information Medium Scope required information Large Scope required information Recommended options. Simple Methodology Automation framework 3klcon v1.0 Practice on real target. Juicy links and resources. $~:Agenda
Hunting & Penetration testing Steps: Recon / Information Gathering Scanning Vuln. Assessment Post-Exploitation Reporting
Recon Types: 1. Passive Recon Collecting information about the target without any type of interaction with it. > Scan web application itself ! We don’t do that here D: 2. Active Recon Scan the web application domain, subdomains, acquisitions, servers, etc > Actually, we do that here :)
Before Recon After Recon Company name Available scope User credentials to login (more than account) Overview about the company business, works and logic Information from program page related to security purposes Subdomains ASN&Acquisitions Service info Database info Backend technology used Information Exposure Interesting directories& Endpoints Juicy links which may be vulnerable More and more
Recon based SCOPE Small Scope Target > domain or subdomain Ex. target.com / support.target.com / api.target.com Medium Scope Target > list of subdomains Ex. *.target.com Large Scope Target > All website related to the company is in scope
Small Scope required information ! All processes here will be performed on specific subdomain Directory enum. GitHub Dorking Server enum. Database enum. Google dorking for sensitive files Extract juicy vulnerable links by GF-Patterns Waybackurls enum. Parameter discovery Automation vulnerability scanning JS file analysis Backend enum. WAF detection GitHub search links Port scan
Medium Scope required information ! All processes here will be performed on all subdomains List of subdomains Subdomains takeover Misconfiguration in Storage vuln (S3 buckets) Directory enum. GitHub Dorking GitHub search links Server enum. Google dorking for sensitive files Database enum. Waybackurls enum. Parameter discovery Automation vulnerability scanning JS file analysis Backend enum. Search Engine discovery(Shodan, Spyse, Censys, etc) Port scan WAF detection
Large Scope required information ! All processes here will be performed on all targets Seeds/Roots ASN to get IP ranges Acquisitions DNS & SSL enum. List of subdomains Subdomains takeover Misconfiguration in Storage vuln (S3 buckets) Directory enum. GitHub Dorking GitHub search links sensitive files Waybackurls enum. Parameter discovery Automation vulnerability scanning JS file analysis Backend enum. Search Engine discovery (Shodan, Spyse, Censys, etc) Port scan WAF detection Database enum. Server enum. Google dorking for
Simple Methodology
Recommended options Don’t perform all this steps MANUALLY! Automate it <3 Let your remote machine discover vulnerabilities while sleeping. VPS machines via Amazon or Google Stay in touch with new tools and technologies to update your framework! Update it every week <3 Use bash or python to script any process which may take much time like using regex to extract special pattern of data
3klcon v2.0 Automation Recon framework Link: https://github.com/eslam3kl/3klCon
That’s enough ! Let’s PRACTICE !!
GitHub Dorking https://www.bugcrowd.com/resources/webinars/github-recon-and- sensitive-data-exposure/ Js analysis https://blog.appsecco.com/static-analysis-of-client-side- javascript-for-pen-testers-and-bug-bounty-hunters-f1cb1a5d5288 Just another recon methodology from jhaddix Just another Recon Guide for Pentesters and Bug Bounty Hunters | Offensity Bug bounty hunting methodology v4.0 from jhaddix (Recommended) https://www.youtube.com/watch?v=p4JgIu1mceI Active recon by using Nmap, Metasploit, etc https://www.infopulse.com/blog/pentesters-training-and-practice- recon-active-information-gathering-and-vulnerability-search/ Juicy references and resources.
Don’t forget ! Google Is your friend <3
Thank you <3 Stay in Touch ! Medium Blog | GitHub | Twitter

More Related Content

PPTX
Owasp top 10 vulnerabilities
byOWASP Delhi
 
PPTX
Password craking techniques
byأحلام انصارى
 
PPT
Reconnaissance
bymaroti164
 
PPTX
Reconnaissance - For pentesting and user awareness
byLeon Teale
 
PPT
Port scanning
byHemanth Pasumarthi
 
PPTX
Footprinting and reconnaissance
byNishaYadav177
 
PDF
Database security
byMurchana Borah
 
PPTX
Vulnerabilities in modern web applications
byNiyas Nazar
 
Owasp top 10 vulnerabilities
byOWASP Delhi
 
Password craking techniques
byأحلام انصارى
 
Reconnaissance
bymaroti164
 
Reconnaissance - For pentesting and user awareness
byLeon Teale
 
Port scanning
byHemanth Pasumarthi
 
Footprinting and reconnaissance
byNishaYadav177
 
Database security
byMurchana Borah
 
Vulnerabilities in modern web applications
byNiyas Nazar
 

What's hot

PPTX
Android Device Hardening
byanupriti
 
PPT
Introduction to Web Application Penetration Testing
byAnurag Srivastava
 
PDF
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
PPTX
How to Test for The OWASP Top Ten
bySecurity Innovation
 
PPT
Information Security Principles - Access Control
byidingolay
 
PDF
Live Hacking like a MVH – A walkthrough on methodology and strategies to win big
byFrans Rosén
 
PPTX
It security and awareness training 5 10-2018
byjubke
 
PPTX
Reconnaissance
byn|u - The Open Security Community
 
PPT
Phishing
byAlka Falwaria
 
PPT
Web Application Security
byAbdul Wahid
 
PPTX
OWASP Top 10 2021 Presentation (Jul 2022)
byTzahiArabov
 
PDF
Introduction to Web Application Penetration Testing
byNetsparker
 
PPTX
Web application security
byKapil Sharma
 
PDF
Mobile Malware
byMartin Holovský
 
PDF
Azure Penetration Testing
byCheah Eng Soon
 
PPTX
phishing-awareness-powerpoint.pptx
byvdgtkhdh
 
PDF
aclpwn - Active Directory ACL exploitation with BloodHound
byDirkjanMollema
 
PPTX
Network scanning
byoceanofwebs
 
PDF
Web vulnerabilities
byKrishna Gehlot
 
PPTX
Password Cracking
bySagar Verma
 
Android Device Hardening
byanupriti
 
Introduction to Web Application Penetration Testing
byAnurag Srivastava
 
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
How to Test for The OWASP Top Ten
bySecurity Innovation
 
Information Security Principles - Access Control
byidingolay
 
Live Hacking like a MVH – A walkthrough on methodology and strategies to win big
byFrans Rosén
 
It security and awareness training 5 10-2018
byjubke
 
Reconnaissance
byn|u - The Open Security Community
 
Phishing
byAlka Falwaria
 
Web Application Security
byAbdul Wahid
 
OWASP Top 10 2021 Presentation (Jul 2022)
byTzahiArabov
 
Introduction to Web Application Penetration Testing
byNetsparker
 
Web application security
byKapil Sharma
 
Mobile Malware
byMartin Holovský
 
Azure Penetration Testing
byCheah Eng Soon
 
phishing-awareness-powerpoint.pptx
byvdgtkhdh
 
aclpwn - Active Directory ACL exploitation with BloodHound
byDirkjanMollema
 
Network scanning
byoceanofwebs
 
Web vulnerabilities
byKrishna Gehlot
 
Password Cracking
bySagar Verma
 

Similar to Different Methodology To Recon Your Targets

PDF
Recon
byUTD Computer Security Group
 
PDF
Recon-Fu @BsidesKyiv 2016
byVlad Styran
 
PPTX
Tool presentation - Recon-Lit
byn|u - The Open Security Community
 
PDF
Weaponizing Recon - Smashing Applications for Security Vulnerabilities & Profits
byHarsh Bothra
 
PDF
Recon for Bug Bounty by Agnibha Dutta.pdf
bynull - The Open Security Community
 
PPTX
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
byBoston Institute of Analytics
 
PPTX
Recon like a pro
byNirmalthapa24
 
PPTX
Tools and Methods of Reconnaissance in Cybersecurity: A Comprehensive Guide b...
byBoston Institute of Analytics
 
PDF
technical-information-gathering-slides.pdf
byMarceloCunha571649
 
PPTX
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
byKenneth Kwon
 
PPTX
Recon in Pentesting
byKomal Armarkar
 
PDF
Reconnaissance not always about resources
byidsecconf
 
PDF
Bug bounty recon.pdf
byEusebiuDanielBlindu
 
PPTX
Hacking - penetration tools
byJenishChauhan4
 
PDF
Ekoparty 2017 - The Bug Hunter's Methodology
bybugcrowd
 
PPTX
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
byAlfredObia1
 
PPTX
06- 1 Active Information Gathering part 1.pptx
bywassimahmad9
 
PPTX
Web hacking 1.0
byQ Fadlan
 
DOCX
Backtrack Manual Part5
byNutan Kumar Panda
 
PDF
BugBounty Roadmap with Mohammed Adam
byMohammed Adam
 
Recon
byUTD Computer Security Group
 
Recon-Fu @BsidesKyiv 2016
byVlad Styran
 
Tool presentation - Recon-Lit
byn|u - The Open Security Community
 
Weaponizing Recon - Smashing Applications for Security Vulnerabilities & Profits
byHarsh Bothra
 
Recon for Bug Bounty by Agnibha Dutta.pdf
bynull - The Open Security Community
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
byBoston Institute of Analytics
 
Recon like a pro
byNirmalthapa24
 
Tools and Methods of Reconnaissance in Cybersecurity: A Comprehensive Guide b...
byBoston Institute of Analytics
 
technical-information-gathering-slides.pdf
byMarceloCunha571649
 
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
byKenneth Kwon
 
Recon in Pentesting
byKomal Armarkar
 
Reconnaissance not always about resources
byidsecconf
 
Bug bounty recon.pdf
byEusebiuDanielBlindu
 
Hacking - penetration tools
byJenishChauhan4
 
Ekoparty 2017 - The Bug Hunter's Methodology
bybugcrowd
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
byAlfredObia1
 
06- 1 Active Information Gathering part 1.pptx
bywassimahmad9
 
Web hacking 1.0
byQ Fadlan
 
Backtrack Manual Part5
byNutan Kumar Panda
 
BugBounty Roadmap with Mohammed Adam
byMohammed Adam
 

Recently uploaded

PPTX
Designing Work for Humans, Not Machines: Human-Centered Maintenance Excellence
byMaintWiz Technologies Private Limited
 
PPTX
Energy_Conservation_in_Cement_Factories.pptx
bysibirajmurugan8
 
PDF
Module 4 python programming-1BPLCK105B-2025 by Dr.SV.pdf
bySURESHA V
 
PPTX
Week 1.pptx dynamics particle kinetics introduction
byfmsalih06
 
PPTX
Basic Volume Mass Relationship and unit weight as function of volumetric wate...
byMahmoodKhalid11
 
PPTX
uADPF Topology_SFP requirements_locked slides.pptx
byMd Bellal Hossain
 
PPTX
Distresses in Road Flexible pavement.pptx
byMahmoodKhalid11
 
PPTX
The Most Controversial TPM Debate in Maintenance Today Checklist TPM vs Outco...
byMaintWiz Technologies Private Limited
 
PDF
Chemical Hazards at Workplace – Types, Properties & Exposure Routes, CORE-EHS
byCORE EHS
 
PDF
0.39 Inch Micro-OLED Display 1024×768 XGA Panel Silicon OLED
bySyluxdisplay
 
PDF
Infinite Sequence and Series: It Includes basic Sequence and Series
byDynamicDomain1
 
PPTX
Origin of Soil and Grain Size with Introduction and explanation
byMahmoodKhalid11
 
PDF
Soil Compressibility (Elastic Settlement).pdf
byMahmoodKhalid11
 
PPTX
Theory to Practice of Unsaturated Soil Mechanics-1.pptx
byMahmoodKhalid11
 
PDF
Python programming basics Unit-1 for R25 regulation
byssuser492e7f
 
PPTX
We-Optimized-Everything-Except-Decision-Quality-Maintenance-MaintWiz.pptx
byMaintWiz Technologies Private Limited
 
PPTX
Unit 1_Importance of modelling(Object oriented concepts).pptx
byVidyaranichougule
 
PDF
BOQ LESSON 2-QUANTITY TAKE-OFF & RATE BUILD-UP.pdf
byGabrielTambwe1
 
PPTX
Optimized access control techniques in Cloud Computing with Security and Scal...
bymareswariesteru
 
PPTX
Why TPM Succeeds in Some Plants and Struggles in Others | MaintWiz
byMaintWiz Technologies Private Limited
 
Designing Work for Humans, Not Machines: Human-Centered Maintenance Excellence
byMaintWiz Technologies Private Limited
 
Energy_Conservation_in_Cement_Factories.pptx
bysibirajmurugan8
 
Module 4 python programming-1BPLCK105B-2025 by Dr.SV.pdf
bySURESHA V
 
Week 1.pptx dynamics particle kinetics introduction
byfmsalih06
 
Basic Volume Mass Relationship and unit weight as function of volumetric wate...
byMahmoodKhalid11
 
uADPF Topology_SFP requirements_locked slides.pptx
byMd Bellal Hossain
 
Distresses in Road Flexible pavement.pptx
byMahmoodKhalid11
 
The Most Controversial TPM Debate in Maintenance Today Checklist TPM vs Outco...
byMaintWiz Technologies Private Limited
 
Chemical Hazards at Workplace – Types, Properties & Exposure Routes, CORE-EHS
byCORE EHS
 
0.39 Inch Micro-OLED Display 1024×768 XGA Panel Silicon OLED
bySyluxdisplay
 
Infinite Sequence and Series: It Includes basic Sequence and Series
byDynamicDomain1
 
Origin of Soil and Grain Size with Introduction and explanation
byMahmoodKhalid11
 
Soil Compressibility (Elastic Settlement).pdf
byMahmoodKhalid11
 
Theory to Practice of Unsaturated Soil Mechanics-1.pptx
byMahmoodKhalid11
 
Python programming basics Unit-1 for R25 regulation
byssuser492e7f
 
We-Optimized-Everything-Except-Decision-Quality-Maintenance-MaintWiz.pptx
byMaintWiz Technologies Private Limited
 
Unit 1_Importance of modelling(Object oriented concepts).pptx
byVidyaranichougule
 
BOQ LESSON 2-QUANTITY TAKE-OFF & RATE BUILD-UP.pdf
byGabrielTambwe1
 
Optimized access control techniques in Cloud Computing with Security and Scal...
bymareswariesteru
 
Why TPM Succeeds in Some Plants and Struggles in Others | MaintWiz
byMaintWiz Technologies Private Limited
 

Different Methodology To Recon Your Targets

  • 1.
    DIFFERENT METHODOLOGY TO RECONTARGETS CAT RELOADED ~$Eslam Akl 2020
  • 2.
    $~:whoami 
 eslam3kl
 Penetration tester CATReloaded Cyber Security member Python script lover, Technical blogger and Vuln machine attacker
  • 3.
    Hunting & Penetrationtesting Steps. Recon Types. Before & After Recon. Recon based on SCOPE. Small Scope required information Medium Scope required information Large Scope required information Recommended options. Simple Methodology Automation framework 3klcon v1.0 Practice on real target. Juicy links and resources. $~:Agenda
  • 4.
    Hunting & Penetrationtesting Steps: Recon / Information Gathering Scanning Vuln. Assessment Post-Exploitation Reporting
  • 5.
    Recon Types: 1. PassiveRecon Collecting information about the target without any type of interaction with it. > Scan web application itself ! We don’t do that here D: 2. Active Recon Scan the web application domain, subdomains, acquisitions, servers, etc > Actually, we do that here :)
  • 6.
    Before Recon AfterRecon Company name Available scope User credentials to login (more than account) Overview about the company business, works and logic Information from program page related to security purposes Subdomains ASN&Acquisitions Service info Database info Backend technology used Information Exposure Interesting directories& Endpoints Juicy links which may be vulnerable More and more
  • 7.
    Recon based SCOPE SmallScope Target > domain or subdomain Ex. target.com / support.target.com / api.target.com Medium Scope Target > list of subdomains Ex. *.target.com Large Scope Target > All website related to the company is in scope
  • 8.
    Small Scope requiredinformation ! All processes here will be performed on specific subdomain Directory enum. GitHub Dorking Server enum. Database enum. Google dorking for sensitive files Extract juicy vulnerable links by GF-Patterns Waybackurls enum. Parameter discovery Automation vulnerability scanning JS file analysis Backend enum. WAF detection GitHub search links Port scan
  • 9.
    Medium Scope requiredinformation ! All processes here will be performed on all subdomains List of subdomains Subdomains takeover Misconfiguration in Storage vuln (S3 buckets) Directory enum. GitHub Dorking GitHub search links Server enum. Google dorking for sensitive files Database enum. Waybackurls enum. Parameter discovery Automation vulnerability scanning JS file analysis Backend enum. Search Engine discovery(Shodan, Spyse, Censys, etc) Port scan WAF detection
  • 10.
    Large Scope requiredinformation ! All processes here will be performed on all targets Seeds/Roots ASN to get IP ranges Acquisitions DNS & SSL enum. List of subdomains Subdomains takeover Misconfiguration in Storage vuln (S3 buckets) Directory enum. GitHub Dorking GitHub search links sensitive files Waybackurls enum. Parameter discovery Automation vulnerability scanning JS file analysis Backend enum. Search Engine discovery (Shodan, Spyse, Censys, etc) Port scan WAF detection Database enum. Server enum. Google dorking for
  • 11.
  • 12.
    Recommended options Don’t performall this steps MANUALLY! Automate it <3 Let your remote machine discover vulnerabilities while sleeping. VPS machines via Amazon or Google Stay in touch with new tools and technologies to update your framework! Update it every week <3 Use bash or python to script any process which may take much time like using regex to extract special pattern of data
  • 13.
    3klcon v2.0 AutomationRecon framework Link: https://github.com/eslam3kl/3klCon
  • 14.
  • 15.
    GitHub Dorking https://www.bugcrowd.com/resources/webinars/github-recon-and- sensitive-data-exposure/ Js analysis https://blog.appsecco.com/static-analysis-of-client-side- javascript-for-pen-testers-and-bug-bounty-hunters-f1cb1a5d5288 Justanother recon methodology from jhaddix Just another Recon Guide for Pentesters and Bug Bounty Hunters | Offensity Bug bounty hunting methodology v4.0 from jhaddix (Recommended) https://www.youtube.com/watch?v=p4JgIu1mceI Active recon by using Nmap, Metasploit, etc https://www.infopulse.com/blog/pentesters-training-and-practice- recon-active-information-gathering-and-vulnerability-search/ Juicy references and resources.
  • 16.
  • 17.
    Thank you <3 Stayin Touch ! Medium Blog | GitHub | Twitter