Which of the following is NOT reconnaissance?
- scanning without completing the three way handshake
- installation of a RAT
- searching for the robots.txt file
- communicating over social media
Installation comes after exploitation and involves the installation of additional tools and resources the hacker will use. These tools allow the attacker to maintain persistence while plotting the next step.
The first and most important step is reconnaissance when information is gathered that helps penetrate the network. For example, consider an exploit takes advantage of an injection vulnerability in an exploitable Hypertext Preprocessor php file by sending an HTTP POST with specific variables. If the hacker sends an HTTP GET request to the page, the attack is still in reconnaissance.
Other examples of reconnaissance include obtaining IP blocks, researching social media accounts and obtaining DNS records.
The seven steps in the kill chain are:
– Reconnaissance is the attacker gathers information to aid in penetrating the network
– Weaponization is the attacker turns a legitimate utility or function into a weapon that can be used in the attack
– Delivery is the attacker transmits the crafted exploit to the target
– Exploitation is the exploit is executed
– Installation is the hacker installs additional tools and resources on the target device or in the target network
– Command and control is the attacker takes remote control of the target device from the Command and Control server
– Actions on objectives is the attacker takes action (deletes data, steals data, defaces website)