Falconry

Getting to know the target using methods like researching publicly available information and network scanning.

---

Preparation

• Build a local testlab

Footprinting

• Introduction
• Gather network information
• Gather system information
• Collect organisation information

Initial scanning

• Introduction
• War-dialing-driving-flying-shipping
• Live host discovery
• Host discovery with ICMP
• Host discovery with TCP
• Host discovery with UDP
• Port scanning
• Service and OS detection
• Diving deeper in discovery
• Defence detection
• Stealth scans
• Firewall evasion

Canopy of apple-blossom

• Introduction
• Manually walk through the target
• Scope discovery
• Other sneaky OSINT techniques
• Tech stack fingerprinting

API Mayhem

• Introduction
• Collect data
• Understand application functionality
• Analyse traffic
• Document key parameters
• Check for exposed secrets

Head in the clouds

• Introduction
• Mapping endpoints
• Investigating AWS S3 URLs

Pocketful of acorns

• Introduction
• Passive reconnaissance
• Recon of facilities

---