Local positioning systems: LBS applications and services Krzysztof W. Kolodziej, Johan Hjelm download Z-Library. Download books for free. Advances in Communication and Networking: Second International Conference on Future Generation Communication and Networking, FGCN 2008, Sanya, Hainan Island. In Computer and Information Science). Flotato 24.
Phase 2: RECON
Recon, reconnaissance. This phase is the most important phase. If you do it right, it will most likely end in the success of the project. A good team can ID the targets quickly, modify the plan accordingly, adapt the tools and finish the project successfully.
During the last phase, OPORD, an initial plan of action was drafted. During this phase, the team observes the target and learns about it. Physical and digital surveillance are performed, as well a deeper level of open source intelligence gathering. The physical, digital and social footprints of the target are mapped and analyzed, providing a much clearer view of the possible venues of attack, vulnerabilities to exploits and, very important, the who's who of the target. Usually, during this phase, all activities are passive - no direct contact with the target. However in some cases, when the target is open to attack, a more active scan/surveillance is performed. This will depend on the target's avility AND the Team's ability.
Types of Recon
Depending on the project or target, recon can be remote or on location. Remote recon is safer, since most of it is done via a computer or by using people that already live at the location and can perform the recon for you. On the other hand, sometimes the project calls for physical recon on-site, or due to security controls at the target, you might need to be physically present at the location. This type of recon sometimes can be a bit more challenging and dangerous.
Initial Recon
Regardless of whether you are performing a remote or on-site location, start with an open source recon. This means: open your browser and search information about your target.
For a physical recon, perform some initial activities online: perform a site survey using google maps (both topo and street view), see what's around the area, where people can eat, drink coffee or what bars are presents (social gathering places). Check parking lots in and around the target, cameras in the area that you can tap to remotely (Shodan is your friend!) and try to observe patterns of life. Learn who owns the building (records are public), gather information about the building (try to get blueprints, who provides utilities, cleaning company, security company, etc), map wireless networks in the area (Wigle is your friend!), understand traffic flows in the area, read police reports and see crime-related info. In short, understand patterns of life and atmospherics
For a digital recon, perform an initial, surface OSINT sweep: search information about the company or target, who founded it, when, it's history, it's competitors. Search social media sites for information such as marketing releases, press releases. Begin compiling a list of employees (if applicable) from the same social media websites. Search email addresses using different search engines (for example search @target.com and see what pops up, usually you can get a lot information from technical forums where IT and network people go to ask questions, and you can learn a lot about their tech stack). Finally, search WHOIS and other DNS related stuff for their IP ranges, MX records, etc. Perform a very light initial scan on those systems/networks. Mask it as a the usual annoyance scans that happen constantly. Focus on their website (learn whether it's hosted on a hosting company, or ran at a target's itself), understand who provides their email services, learn whether they site behind a service such as Akamai, or if they route traffic through a 3rd party security provider.
Initial recon is tedious, but brings a lot of clarity about the target.
Physical Recon
Physical recon can be challenging. Depending what the location is, or what the project is, being on-site can many things you have to think about before going there. There’s the issue of whether the area is permissive, or semi-permissive / non permissive. How you carry yourself, and how you act on a permissive environment is completely different of what you can do, or how you act on a semi permissive, or even non permissive environment. Either way, atmospherics and patterns of life, as well as crime information and local customs should be your first priority. As mention in the initial recon section above, learn what, how, when and why before you even go there. Learn about public transportation (buses, trains, taxis, etc). What hotels are in there area, which of those hotels are actually good vs dangerous to stay at. Understand the local laws, before you even bring any kind of equipment. Also, what’s the scope of this recon. You have to know what’s permitted by your customer, or what’s are the limits of the things you can do before you perform something illegal.
Stumbler 103 3 – Find Local Wireless Networks Customer Service Phone
When traveling international, and especially to semi permissive environments, know where the embassy or consulate are. Have the phone number’s memorized, or written in different places. Know the routes (plural) to the embassy from your hotel or other places. Know how to get there by public transportation or walking. Pre game this, google it and try to find both chock points or places where you can potentially rest if needed. Call the embassy ahead of you going there, and ask if they have any information about the area where your target or customer is. In other words: situational awareness. You have to act, not react.
Stumbler 103 3 – Find Local Wireless Networks Customer Service Center
Yes, I know, it sounds a little too much. But if you begin to Red Team internationally, you’d be surprise of the things that happen.