Reconnaissance – the Eagle’s Eye of Cyber Security

Reconnaissance CCTV cameras focusing on people

Studies show that, more than 4.5 billion records were compromised in the year 2018 and this number is likely to increase by the end of 2019. With an advancement in technology, cyber criminals are also advancing. They are using modern tools to commit cyber crimes.

Which way a hacker can take to intrude into the security systems and steal the sensitive information, is always a mystery. But, there are five major steps in hacking a target, in which reconnaissance or simply recon plays a key role.

What is Reconnaissance?

A Recon is an important step in exploring an area to steal confidential information. It also plays a key role in penetration testing. A proper recon would provide detailed information and open doors to attackers for scanning and attacking all the way. By using a recon, an attacker can directly interact with potential open ports, services running etc. or attempt to gain information without actively engaging with the network.

It can provide all the critical information, which helps gain access to the networks beyond the internet. In short, a recon is an endless treasure of information prone to attack.

Surprisingly, it is unknown how much time a recon can take to ingress into networks, it may be days or months. Also, sometimes a recon cannot gain access to any information system at all and at times, it can cause potential data breach, collecting all the sensitive data in one go, exploiting networks.

Most entities neglect the recon at its early stage, where the true and precise information of the network and their functions are lost. The purpose to perform a recon operation is to perform scanning and attacking in much more precise and stealthy manner.

A hacker can have an opportunity to ingress into the network, through the systems that are unpatched and outdated. They can stalk an employee physically or a breach might happen when a company has high security measures by an outdated update policy.

The golden snitch – critical information:

Generally, people think that a hacker would get the information of a company’s central accessing server and gain access to the entire network. But in reality, that’s a gold coin under a running lake. A hacker might gather pieces of information from everywhere and finally conclude to one single diagram of the network with all the services, ports, requests and applications inside an environment.

A hacker might target on the following information and prepare a report on his recon work which includes:

  • Subdomains
  • Whois Information
  • Dir info
  • S3 Buckets
  • Social accounts etc.

The above listing does not conclude the identities of recon, rather they are a few examples.


Recon is not a breach or exploit, but could lead to the path of exploitation. It can be prevented by using tools that can give a broad understanding of the networks, ports, finding whether any cracks are present in the security systems, constantly updating security policies are some of the measures that help preventing the recon to collect information.

Also, to protect themselves from breaches, organizations need to be aware of the networks, and the services installed on their networks. It is also suggested for companies to go for a Red Team Exercise, which helps in understanding the security posture.

True security can never make up to 100%, yet we can mitigate the attacks by providing maximum security possible in order to make it harder for recon to learn the systems.

Sathish Kishore
Sathish has an experience in cyber security and penetration testing projects.
SISA’s Latest
close slider