0

Reconnaissance - Questions and Answers with Gilbert Oviedo

(56 views)

Can you explain the concept of the reconnaissance phase in the cyber kill chain? Why is it critical to cyber defense? Assuming that a threat has been detected and determined its origin, be that of internally spawned or from an external source, the path to the reconnaissance phase is laid out by the initial network traffic detected.   Recon can be as simple as looking for soft targets via brute force attacks.  However, brute force attacks are openly hostile and mostly designed to bring down services. I believe the Cyber Kill Chain should be employed from the “Inside Out”  you start by assuming you are compromised and start looking for patterns in network traffic.   Normal traffic ports are DNS (53) , smtp (25) ssh (22) .  One must pay attention to any traffic sent over Port 1 , ICMP is the primary use for port 1 and data exfiltration.  For instance....

Read the rest of this story with a free account.

Already have an account? Sign in

April 29, 2024
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Get unlimited access

Become an Instructor

Become a Reviewer

Writing on Hakin9

LOOKING for a JOB in IT security?



© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
Please review your information and consent to the processing of your personal data.(Required)
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?
Please review your information and consent to the processing of your personal data.(Required)

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.