You break it you buy it (on the risks of active reconnaissance)

Today I learned about various concepts surrounding active and passive reconnaissance. Using OSINT sources to gather public information, like checking IP addresses or investigating a mail server, still counts as passive. Port mapping is already getting into active territory. It’s important to understand from day one which sources are passive and which are active. Keeping that distinction clear matters, if only because one is legal and the other, less so.

You can of course do active reconnaissance if the owner of the server allows you to, and as a matter of fact, he might pay you to do so during pentesting. But one slip, scanning a server you shouldn’t touch, and well…

Maybe it’s not as strict as it sounds, but it’s still a good idea to get familiar with the difference. Most of all because the tools that are offered in the first lessons are already quite capable of doing both. Both DNSdumpster and Sublist3r will allow you to do active reconnaissance with the press of a key or the click of a button.

Observations about the teaching methods employed by INE

INE offers a wide range of information and top-tier instructors at a good price, but I find their teaching methods a bit hard to grasp. I just came fresh from Security+ where Professor Messer put everything in very clear boxes. I was also very satisfied with the structured way of teaching that TryHackMe offered.

Perhaps instead of focusing on the lessons INE provides, which feel a bit all over the place, I can follow the pentest path that TryHackMe gives and use INE as a guideline. Then I can layer the INE classes and practical boxes on top of that. I didn’t rely on just one source during Security+ either. I used ChatGPT to zoom in on topics I didn’t fully understand, and I can do the same here.