Researching a target with passive reconnaissance tools

Hunting and Gathering

© Photo by Goh Rhy Yan on Unsplash

© Photo by Goh Rhy Yan on Unsplash

Article from Issue 279/2024
Author(s):

Cyberattacks often start with preliminary research on network assets and the people who use them. We'll show you some of the tools attackers use to get information.

When sizing up potential targets, attackers try to get as much information as possible without raising any alarms. The ability to passively research the details of online resources and their associated humans has never been easier. If you're wondering what kind of information about you and your network is available online right now, the best way to find out is to look for it yourself.

This article examines some online services that tabulate known information on users and websites. Some of these services use information that is freely available through online sources; others delve into the dark web to find data that has turned up in security breaches. For privacy, and in order to demonstrate richer examples, identifying information in the output of the tools described in this article will be redacted.

Certifiable

A few years ago, the mighty Google announced [1] that it was putting more weight on websites running HTTPS, as opposed to the unencrypted HTTP alternative, for its search engine indexing results.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Credential Stuffing

    A credential stuffing cyberattack uses username and password credentials stolen in a data breach to gain access to your accounts. We explain how it works and how to prevent yourself from becoming a victim.

    more »
  • KnujOn

    Although spam filtering and blocking is helpful for the end user, it doesn't stop the production of spam. KnujOn strikes spam at the source.

    more »
  • Linux with Active Directory

    We explore some leading tools for integrating your Linux network with an Active Directory environment.

    more »
  • Maltrail

    Maltrail is a lightweight analysis tool that examines network traffic and raises the alarm if it detects suspicious access or dubious name resolution.

    more »
  • Mozilla Data Breach

    A partial database of Mozilla's addons.mozilla.org user accounts were inadvertently left on a publicly accessible server.

    more »
comments powered by Disqus