Recon: Peeking vs. Poking
Passive or active? Learn the difference between window shopping and actually ringing the doorbell.
What is Information Gathering?
Information Gathering, also known as Reconnaissance, is the process of collecting as much information as possible about a target organization or system before attempting any exploitation. It's like a detective gathering clues.
Types of Reconnaissance:
- Passive Reconnaissance: Gathering information without directly interacting with the target's systems. This involves using publicly available resources like search engines, social media, and public records. It's stealthy and less likely to be detected.
- Active Reconnaissance: Directly probing the target's systems to gather information. This can include port scanning, network mapping, or sending crafted packets. This method yields more detailed technical information but is more likely to be detected by intrusion detection systems (IDS).
Think of it as the difference between looking at a house from across the street (passive) and walking up to jiggle the doorknobs (active).
This phase is crucial because the more information you have, the higher your chances of finding a vulnerability.