Reconnaissance -Searching, Phishing
Here's a refined and visually structured version with better readability and organization:
π΅οΈ Reconnaissance π
Goal:
π The attacker gathers intelligence about the target to plan future attacks.
Techniques:
π Open-Source Intelligence (OSINT) | π Network Scanning | π Social Engineering
π£ What is Phishing?
Phishing for information is a social engineering attack where adversaries attempt to trick targets into revealing sensitive data such as:
β
Credentials (Usernames, Passwords)
β
Financial Information (Bank Details, Credit Card Numbers)
β
Internal Company Data (Organizational Structure, Policies)
Unlike traditional phishing, which often focuses on delivering malware, this method primarily aims to gather actionable intelligence for future attacks.
π Sub-Techniques:
πΉ Spearphishing Service β Using third-party platforms like social media & personal email.
πΉ Spearphishing Attachment β Sending malicious files via email (PDF, DOC, XLS).
πΉ Spearphishing Link β Directing victims to credential-harvesting phishing pages.
πΉ Spearphishing Voice (Vishing) β Using phone calls to extract sensitive information.
π Search Methods for Intelligence Gathering
π π Search Closed Sources (λΉκ³΅κ° μμ€ κ²μ)
Collection of technical/threat intelligence from non-public sources:
β Paid/non-public databases (e.g., RocketReach, CrunchBase business databases)
β Dark web monitoring for leaked credentials and internal documents
β Goal: Gain initial access or prioritize advanced attacks based on collected intelligence
π π Search Open Technical Databases (κ³΅κ° κΈ°μ λ°μ΄ν°λ² μ΄μ€ κ²μ)
Collection of technical/threat intelligence from public sources:
β WHOIS database β Identifying domain registration details (organization names, location)
β Digital certificates β Extracting information from SSL/TLS certificates
β CDN (Content Delivery Network) insights β Analyzing CloudFlare CDN and related services
π Internet-Connected Device Search:
β Shodan β Searches for exposed internet-connected devices using various filters (open ports, services, IPs)
β FOFA β The Chinese equivalent of Shodan for identifying exposed devices
π π Search Open Websites & Domains (κ³΅κ° μΉμ¬μ΄νΈ/λλ©μΈ κ²μ)
β Social media, search engines, business hosting sites, code repositories
β Kimsuky β Known to initiate reconnaissance via Google searches
β LAPSUS$ β Exploited credentials exposed in code repositories (e.g., GitHub leaks)
π’ π Search Victim-Owned Websites (곡격 λμ μΉμ¬μ΄νΈ λΆμ)
β Analyzing target websites to extract:
πΉ Department & business unit names
πΉ Physical locations
πΉ Organizational hierarchy & key personnel
πΉ Employee roles, emails, and other relevant details
This version enhances clarity, structure, and readability while making it more visually appealing. π