Recon

As your online presence is dynamic and constantly evolving, we suggest you periodically perform Recon to stay up-to-date. Some of our clients run a recon yearly, while others run them quarterly.

It’s good you are wondering about that! The term Recon comes from the word reconnaissance. It is a process of gathering information about a target system or organization, focusing on identifying potential vulnerabilities or weaknesses. During this process, a variety of techniques and tools are used: like port scanning, vulnerability scanning, and open-source intelligence (OSINT) gathering. These tools are used to collect information about your assets. The goal of a Recon is to identify potential attack vectors that could be exploited by attackers and to provide you with information about your security posture that can be used to improve your defenses.

The more information the better!  We usually start with your main domain used for your main site and email, and take it from there. Keep in mind that we need a validated ownership of the company to start with. Don’t be surprised if we turn up a lot of forgotten or unknown stuff though.

They will start with the info they have, and then use their knowledge, creativity, tools and open source intelligence to map out everything they can find about your organization. From there they will create an overview of your complete attack surface and look for some low hanging fruit. In the end you’ll get a complete report of everything they found, and don’t be surprised if they turn up a lot of forgotten or unknown stuff though.

Attack vector is basically any asset that is yours that is reachable through the internet. It can be a well known or forgotten server, or that old vpn service you used to have, or maybe even that old fax server in the basement. We will try to find everything that has your name on it out there, and please keep in mind that all those things are potentially vulnerable and thus part of your attack surface or attack vector.

You can also use a tool for this, but please keep in mind that a tool will do active recon, which means scanning etc, and won’t find all of your assets. We humans can make links that no software can.

Recon means that the hackers will spend 10 hours to get as much information about your assets as possible. So, depending on what they find, and the amount of time they have, yes they will. They won’t go deep, but the low hanging fruit will certainly pop up.

We hear this a lot. And most of the time, the asset is yours in the end. It’s either because someone bought in on a credit card to bypass procurement. Or you took over another business, and you both were not aware this asset existed, but now it is yours. So please, we trust our hackers and we will certainly double check if needed, but most of the time if the report says it’s yours… it is.

You mean you forgot that the webserver existed and now you want to know if you have to unplug it or not? Or maybe you just want a security check on it? You can use our Dedicated Hacker Time product on your specific concern. Just give us the scope and a hacker will check it for you in an instant!

We know. And while we are sorry to be the messenger, it’s better that you know and can take action than that you have no clue how the bad guys came in. And it’s not just you. For example, one of our clients wanted to see if we could find their 80 servers just by doing a Zerocopter Recon. We ended up finding around 1400 assets, and they had to shut down 40% of those immediately. Better safe than sorry right?

You can always do another Recon, or ask one of our hackers to search for more during Dedicated Hacker Time. But please take a look and fix what we found before starting another program. It can be a bit overwhelming for your team if the results keep pouring in.