Can you explain the concept of the reconnaissance phase in the cyber kill chain? Why is it critical to cyber defense?
Assuming that a threat has been detected and determined its origin, be that of internally spawned or from an external source, the path to the reconnaissance phase is laid out by the initial network traffic detected.
Recon can be as simple as looking for soft targets via brute force attacks. However, brute force attacks are openly hostile and mostly designed to bring down services.
I believe the Cyber Kill Chain should be employed from the “Inside Out” you start by assuming you are compromised and start looking for patterns in network traffic.
Normal traffic ports are DNS (53) , smtp (25) ssh (22) . One must pay attention to any traffic sent over Port 1 , ICMP is the primary use for port 1 and data exfiltration. For instance if you start seeing encrypted traffic outside of HTTPS over ports 8080 or 8443, then you have to look at the connection times and duration. Reconnaissance is the foundation to the success of the mission be that of a defensive or offensive posture.
What are the most common techniques used by attackers during the reconnaissance phase?
Target selection, economic impact on the recon process, risks associated with failure, and return on investments. All these factors come into play before any attack can commence. In my opinion, low tech approaches....
Read the rest of this story with a free account.
Already have an account? Sign in
Author
BlogFebruary 9, 2022Using AutoPWN to get a backdoor | Metasploit Tutorial [FREE COURSE CONTENT
BlogAugust 10, 2021Password spraying attacks [FREE COURSE CONTENT]
OpenJune 25, 2021Fuzzing with Metasploit [FREE COURSE CONTENT]
BlogJune 16, 2021Linux Passwords [FREE COURSE CONTENT]
I cannot believe that is true!!! I was able to find this website at the very top of the list of blogs that were displayed in the search engine when I searched for it at the time. Upon discovering that it was present, I was taken aback. lol beans