00_reconnaissance - Reconnaissance¶
Information gathering is where every engagement starts No intel means blind attacks and that's how 03_operations fail before they begin. Reconnaissance covers OSINT , network scanning , service enumeration , asset discovery , and all the pre-attack intel gathering techniques that separate professional engagements from script kiddie guessing games
What you'll find here:
- Passive Reconnaissance - OSINT , DNS enumeration , certificate transparency , search engine dorking , social media intel , breach data 02_analysis
- Active Reconnaissance - port scanning , service fingerprinting , banner grabbing , firewall enumeration , network mapping
- Infrastructure Recon - cloud asset discovery , CDN detection , 02_reverse IP lookups , WHOIS , ASN 02_analysis
- Technology Fingerprinting - WAF detection , framework identification , version enumeration , stack 02_analysis
first topic => OSINT Introduction
From the 0x1RIS OffSec library - for authorized 06_testing only , Document everything