New Training: Pentesting Reconnaissance
In this 7-video skill, CBT Nuggets trainer Bob Salmans takes you through the reconnaissance phase of a penetration test. This includes identifying tools that can be used and how to use them to identify information about a target that may be useful during the engagement. Watch this new CompTIA training.
Learn CompTIA with one of these courses:
This training includes:
- 7 videos
- 50 minutes of training
You’ll learn these topics in this skill:
- Introduction to Pentesting Reconnaissance
- Pentesting Reconnaissance Tools
- Domain Information Tools
- IP and DNS Information Tools
- Combination OSINT Tools
- Breach Data Tools
- Pentesting Reconnaissance Review
What is PenTesting Reconnaissance?
Today, organizations are under cyber-attack more than ever before. So much so that cyber-attacks are expected to incur $6 trillion in global losses annually by 2021. This massive increase in cyber-attacks has emphasized the need for sophisticated penetration testing to challenge these growing threats.
Pentesting Reconnaissance is one component of an effective pentesting strategy, where pentesters gather an organization's online footprint. By gathering all the accessible information about a company on the internet, a Pentester can better assess what information a hacker has available to them to leverage in a cyber-attack.
Often, the first step can simply be searching the internet through common search channels to gather an inventory of what information is freely available about a company. This is a process known as open-source intelligence (OSINT). There are many tools available for OSINT data reconnaissance. For instance, Maltego is a tool that can be used to find relationships among people, companies, or domains.
Once a basic data inventory is assembled, PenTesters have access to hundreds of pentesting reconnaissance tools (like Maltego mentioned above) that are designed to provide a deeper survey of available exploitable information.