Reconnaissance -Searching, Phishing

박서경박서경
2 min read

Here's a refined and visually structured version with better readability and organization:


🕵️ Reconnaissance 🔍

Goal:

📌 The attacker gathers intelligence about the target to plan future attacks.

Techniques:

🛠 Open-Source Intelligence (OSINT) | 🌐 Network Scanning | 🎭 Social Engineering


🎣 What is Phishing?

Phishing for information is a social engineering attack where adversaries attempt to trick targets into revealing sensitive data such as:
Credentials (Usernames, Passwords)
Financial Information (Bank Details, Credit Card Numbers)
Internal Company Data (Organizational Structure, Policies)

Unlike traditional phishing, which often focuses on delivering malware, this method primarily aims to gather actionable intelligence for future attacks.

🛠 Sub-Techniques:

🔹 Spearphishing Service – Using third-party platforms like social media & personal email.
🔹 Spearphishing Attachment – Sending malicious files via email (PDF, DOC, XLS).
🔹 Spearphishing Link – Directing victims to credential-harvesting phishing pages.
🔹 Spearphishing Voice (Vishing) – Using phone calls to extract sensitive information.


🔍 Search Methods for Intelligence Gathering

🔐 🔎 Search Closed Sources (비공개 소스 검색)

Collection of technical/threat intelligence from non-public sources:
Paid/non-public databases (e.g., RocketReach, CrunchBase business databases)
Dark web monitoring for leaked credentials and internal documents
Goal: Gain initial access or prioritize advanced attacks based on collected intelligence


🌎 📂 Search Open Technical Databases (공개 기술 데이터베이스 검색)

Collection of technical/threat intelligence from public sources:
WHOIS database – Identifying domain registration details (organization names, location)
Digital certificates – Extracting information from SSL/TLS certificates
CDN (Content Delivery Network) insights – Analyzing CloudFlare CDN and related services

🔍 Internet-Connected Device Search:
Shodan – Searches for exposed internet-connected devices using various filters (open ports, services, IPs)
FOFA – The Chinese equivalent of Shodan for identifying exposed devices


🌐 🔗 Search Open Websites & Domains (공개 웹사이트/도메인 검색)

Social media, search engines, business hosting sites, code repositories
Kimsuky – Known to initiate reconnaissance via Google searches
LAPSUS$ – Exploited credentials exposed in code repositories (e.g., GitHub leaks)


🏢 📑 Search Victim-Owned Websites (공격 대상 웹사이트 분석)

Analyzing target websites to extract:
🔹 Department & business unit names
🔹 Physical locations
🔹 Organizational hierarchy & key personnel
🔹 Employee roles, emails, and other relevant details


This version enhances clarity, structure, and readability while making it more visually appealing. 🚀

0
Subscribe to my newsletter

Read articles from 박서경 directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

박서경
박서경