Cybersecurity Workshop

Gathering subdomain information using OSINT tools

Scanning open ports on the target system

Checking data breaches using HaveIBeenPwned

Identifying technologies used on a website with Wappalyzer

Scan for malware in an infected system

Check if email credentials have been exposed in data breaches

Test network packet loss

Identify open ports on a web server

Creating a backdoor or persistence method after gaining entry

Gathering initial system information

Installing antivirus to protect the system

Scanning network firewalls

Netcraft

Wayback Machine

Wappalyzer

Shodan

Passive methods involve direct interaction with the target

Active methods rely on open-source intelligence only

Active reconnaissance can alert the target due to direct probing

Passive reconnaissance is illegal in all cases

The operating system of a target host

The technologies and frameworks used by a website

IP address location

Email server vulnerabilities

Scanning → Reconnaissance → Gaining Access → Maintaining Access → Covering Tracks

Reconnaissance → Scanning → Gaining Access → Maintaining Access → Covering Tracks

Gaining Access → Scanning → Reconnaissance → Covering Tracks → Maintaining Access

Reconnaissance → Gaining Access → Scanning → Covering Tracks → Maintaining Access

Real-time visualization of global cyber attacks

Finding open ports

Tracking personal data leaks

Testing phishing emails

Netcraft

DVWA

HaveIBeenPwned

OSINT Framework

Performing password cracking

Creating phishing pages to simulate credential theft

Identifying Web server vulnerabilities

Monitoring real-time threats