Summary

The first real step in the attack process or kill chain is to conduct reconnaissance to identify the target with the use of OSINT. Passive reconnaissance provides a complete attacker's view of a company. This is a stealthy assessment – the IP address and the activities of the attacker are almost indistinguishable from normal access. Nevertheless, this information can be critical when conducting social engineering attacks or facilitating other attack types. We have now built our own custom script to save time and perform passive reconnaissance using OSINT.

In the next chapter, we will assess the types of reconnaissance that are active and also make use of OSINT results. Although active reconnaissance techniques produce more information, there is an increased risk of detection. Therefore, the emphasis will be on advanced stealth techniques.