|Publication Type||Book Chapter|
|Year of Publication||2020|
|Authors||Mathas C-M, Vassilakis C|
|Editor||Kolokotronis N, Shiaeles S|
|Book Title||Cyber-Security Threats, Actors, and Dynamic Mitigation|
|Keywords||Actors, Cyber-Security Threats, Dynamic Mitigation, Reconnaissance|
Reconnaissance is the phase of gathering information about an organization’s network and computing devices. This information includes both technical characteristics, such as IP addresses and software, and non-technical aspects, such as people operating the devices and the business value of tangible or intangible assets associated with the computing infrastructure. This information allows attackers to better understand their target and prepare elaborate attack plans. The reconnaissance phase is itself divided in a number of subphases, and each subphase is supported by a multitude of tools. In this chapter, we firstly describe in more detail the reconnaissance phase, while subsequently we present the different subphases and the methods and tools supporting each one, providing specific examples of how reconnaissance actions are performed. The information presented in this chapter can be used by organizations’ cyber-security officers to identify weaknesses in the organizations’ security plan implementations and take appropriate mitigation measures.