Reconnaissance for Ethical Hackers: Focus on the starting point of data breaches and explore essential steps for successful pentesting

Use real-world reconnaissance techniques to efficiently gather sensitive information on systems and networks
Purchase of the print or Kindle book includes a free PDF eBook

Key Features

• Learn how adversaries use reconnaissance techniques to discover security vulnerabilities on systems
• Develop advanced open source intelligence capabilities to find sensitive information
• Explore automated reconnaissance and vulnerability assessment tools to profile systems and networks

Book Description

This book explores reconnaissance techniques – the first step in discovering security vulnerabilities and exposed network infrastructure. It aids ethical hackers in understanding adversaries’ methods of identifying and mapping attack surfaces, such as network entry points, which enables them to exploit the target and steal confidential information.
Reconnaissance for Ethical Hackers helps you get a comprehensive understanding of how threat actors are able to successfully leverage the information collected during the reconnaissance phase to scan and enumerate the network, collect information, and pose various security threats. This book helps you stay one step ahead in knowing how adversaries use tactics, techniques, and procedures (TTPs) to successfully gain information about their targets, while you develop a solid foundation on information gathering strategies as a cybersecurity professional. The concluding chapters will assist you in developing the skills and techniques used by real adversaries to identify vulnerable points of entry into an organization and mitigate reconnaissance-based attacks.
By the end of this book, you’ll have gained a solid understanding of reconnaissance, as well as learned how to secure yourself and your organization without causing significant disruption.

What you will learn

• Understand the tactics, techniques, and procedures of reconnaissance
• Grasp the importance of attack surface management for organizations
• Find out how to conceal your identity online as an ethical hacker
• Explore advanced open source intelligence (OSINT) techniques
• Perform active reconnaissance to discover live hosts and exposed ports
• Use automated tools to perform vulnerability assessments on systems
• Discover how to efficiently perform reconnaissance on web applications
• Implement open source threat detection and monitoring tools

Who this book is for

If you are an ethical hacker, a penetration tester, red teamer, or any cybersecurity professional looking to understand the impact of reconnaissance-based attacks, how they take place, and what organizations can do to protect against them, then this book is for you. Cybersecurity professionals will find this book useful in determining the attack surface of their organizations and assets on their network, while understanding the behavior of adversaries.

使用真實世界的偵察技術，有效地收集系統和網絡上的敏感信息
購買印刷版或Kindle書籍將包括一本免費的PDF電子書

主要特點

- 學習對手如何使用偵察技術來發現系統上的安全漏洞
- 發展高級的開源情報能力以尋找敏感信息
- 探索自動化的偵察和漏洞評估工具，以繪製系統和網絡的概況

書籍描述

本書探討偵察技術 - 發現安全漏洞和暴露的網絡基礎設施的第一步。它幫助道德黑客了解對手識別和映射攻擊面的方法，例如網絡入口點，從而使他們能夠利用目標並窺取機密信息。
《道德黑客的偵察》幫助您全面了解威脅行為者如何成功利用偵察階段收集的信息來掃描和列舉網絡，收集信息並構成各種安全威脅。本書幫助您在了解對手如何使用戰術、技術和程序（TTP）成功獲取有關目標的信息的同時，作為一名網絡安全專業人員，建立信息收集策略的堅實基礎。最後幾章將幫助您開發真實對手用於識別組織易受攻擊點並減輕基於偵察的攻擊的技能和技術。
通過閱讀本書，您將對偵察有了全面的了解，並學會如何在不造成重大干擾的情況下保護自己和組織。

您將學到什麼

- 了解偵察的戰術、技術和程序
- 理解組織的攻擊面管理的重要性
- 找出如何作為道德黑客在線上隱藏身份
- 探索高級的開源情報（OSINT）技術
- 執行主動偵察以發現活動主機和暴露的端口
- 使用自動化工具對系統進行漏洞評估
- 發現如何高效地對Web應用程序進行偵察
- 實施開源威脅檢測和監控工具

本書適合對象

如果您是一名道德黑客、滲透測試人員、紅隊成員或任何網絡安全專業人員，希望了解基於偵察的攻擊的影響、如何進行以及組織可以採取什麼措施來防範這些攻擊，那麼本書適合您。網絡安全專業人員將發現本書有助於確定組織和網絡上的資產的攻擊面，同時了解對手的行為。

1. Fundamentals of Reconnaissance
2. Setting up a Reconnaissance Lab
3. Understanding Passive Reconnaissance
4. Domain and DNS Intelligence
5. Organizational Infrastructure Intelligence
6. Imagery, People and Signals Intelligence
7. Working with Active Reconnaissance
8. Performing Vulnerability Assessments
9. Delving into Website Reconnaissance
10. Implementing Recon Monitoring and Detection Systems

- 偵察基礎知識
- 建立偵察實驗室
- 了解被動偵察
- 域名和 DNS 情報
- 組織基礎設施情報
- 圖像、人員和信號情報
- 使用主動偵察
- 執行漏洞評估
- 深入網站偵察
- 實施偵察監控和檢測系統