Reconnaissance -Searching, Phishing

Here's a refined and visually structured version with better readability and organization:
🕵️ Reconnaissance 🔍
Goal:
📌 The attacker gathers intelligence about the target to plan future attacks.
Techniques:
🛠 Open-Source Intelligence (OSINT) | 🌐 Network Scanning | 🎭 Social Engineering
🎣 What is Phishing?
Phishing for information is a social engineering attack where adversaries attempt to trick targets into revealing sensitive data such as:
✅ Credentials (Usernames, Passwords)
✅ Financial Information (Bank Details, Credit Card Numbers)
✅ Internal Company Data (Organizational Structure, Policies)
Unlike traditional phishing, which often focuses on delivering malware, this method primarily aims to gather actionable intelligence for future attacks.
🛠 Sub-Techniques:
🔹 Spearphishing Service – Using third-party platforms like social media & personal email.
🔹 Spearphishing Attachment – Sending malicious files via email (PDF, DOC, XLS).
🔹 Spearphishing Link – Directing victims to credential-harvesting phishing pages.
🔹 Spearphishing Voice (Vishing) – Using phone calls to extract sensitive information.
🔍 Search Methods for Intelligence Gathering
🔐 🔎 Search Closed Sources (비공개 소스 검색)
Collection of technical/threat intelligence from non-public sources:
✔ Paid/non-public databases (e.g., RocketReach, CrunchBase business databases)
✔ Dark web monitoring for leaked credentials and internal documents
✔ Goal: Gain initial access or prioritize advanced attacks based on collected intelligence
🌎 📂 Search Open Technical Databases (공개 기술 데이터베이스 검색)
Collection of technical/threat intelligence from public sources:
✔ WHOIS database – Identifying domain registration details (organization names, location)
✔ Digital certificates – Extracting information from SSL/TLS certificates
✔ CDN (Content Delivery Network) insights – Analyzing CloudFlare CDN and related services
🔍 Internet-Connected Device Search:
✔ Shodan – Searches for exposed internet-connected devices using various filters (open ports, services, IPs)
✔ FOFA – The Chinese equivalent of Shodan for identifying exposed devices
🌐 🔗 Search Open Websites & Domains (공개 웹사이트/도메인 검색)
✔ Social media, search engines, business hosting sites, code repositories
✔ Kimsuky – Known to initiate reconnaissance via Google searches
✔ LAPSUS$ – Exploited credentials exposed in code repositories (e.g., GitHub leaks)
🏢 📑 Search Victim-Owned Websites (공격 대상 웹사이트 분석)
✔ Analyzing target websites to extract:
🔹 Department & business unit names
🔹 Physical locations
🔹 Organizational hierarchy & key personnel
🔹 Employee roles, emails, and other relevant details
This version enhances clarity, structure, and readability while making it more visually appealing. 🚀
Subscribe to my newsletter
Read articles from 박서경 directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
