Pluralsight Reviews: Ethical Hacking: Reconnaissance/Footprinting

This review covers Dale Meredith’s Ethical Hacking:  Reconnaissance/Footprinting.  The material in this course follows pretty closely to the Certified Ethical Hacker material on the topic, and I think Meredith’s rendition has many of the same benefits and flaws that I found with the CEH literature.

The course is 3 1/2 hours long, so it might take a couple plane flights to get through this, and fortunately, it’s not the type of course where you need to be sitting in front of a computer typing away with the instructor to get anything out of it.  Meredith covers topics at a fairly high level and then drills into tools and techniques for collecting information on a target.  The primary emphasis of this course is looking at methods with no or low visibility to defenders, such as doing Google searches, researching employees through social media sites, looking at the public website, and finding ambient information from sources like job postings, news articles, and company blogs.  This is recon, so we’re collecting information that we’ll use later in a penetration test.  Meredith does show off some tools like WinHTTrack, and running that tool might raise the ire of a capable defender, but otherwise it’s smooth sailing for an attacker.  Meredith finishes up the course discussing methods to mitigate exposure in public records.

I’m assuming that many of the people watching this course are preparing for the CEH, and I think Meredith tailored his material to the topic.  The big downside to this is that the CEH hits you with lots of tools and techniques all at once, with relatively little focus on any of them.  I think Meredith did a good job focusing on some of the most important of these (such as Googledorks), but it felt like there were too many things happening all at once in this course, and there were times in which I really wish we could have seen a deep dive on more techniques than just Googledorks.  I hope that the later classes in this series offer much deeper looks at tools like nmap rather than a shotgun blast of software (which is how the CEH presents a lot of their material).

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s