Reconnaissance with Shodan

Shodan is a search engine that continuously scans the internet identifying internet-connected devices and can be used to plan future red team operations. In this course, you will learn Reconnaissance using Shodan.
Course info
Level
Intermediate
Updated
Jun 25, 2021
Duration
27m
Table of contents
Description
Course info
Level
Intermediate
Updated
Jun 25, 2021
Duration
27m
Your 10-day individual free trial includes:

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.
Description

When planning future operations, a red team needs information about the target organization. Specifically, details about the organization’s internet-connected devices, their software, services, IP addresses, and locations can be leveraged to plan and execute other phases of the adversary life cycle. In this course, Reconnaissance with Shodan, I’ll cover how to utilize Shodan to execute reconnaissance in a red team environment. First, I’ll demonstrate how to identify devices associated with a specific organization. Next, I’ll apply search filters for refine the information to specific software and versions. Finally, I’ll simulate reviewing specific device information as a potential attack target. When you’re finished with this course, you’ll have the skills and knowledge to execute MITRE ATT&CK techniques, such as T1592 Gather Victim Host Information, T15960 Gather Victim Network Information, and T1596 Search Open Technical Databases, using Shodan. More importantly, knowing how these techniques can be used against you, will ultimately lend to your ability as an organization, or an individual, to detect and defend against specific attack vectors.

About the author
About the author

Keith Watson is currently focused on assisting clients with their security needs as a Core Services Architect at Optiv Security and has been an active information security professional since 1997.

More from the author
Reconnaissance with Spiderfoot
Intermediate
38m
Oct 13, 2021
Metasploit: Getting Started
Beginner
2h 4m
Sep 4, 2020
More courses by Keith Watson
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hello, everyone! Welcome to Pluralsight and this course, Reconnaissance with Shodan. In this Red Team Tools course, you'll learn how to gather information about potential targets using Shodan. In the reconnaissance phase, red teams collect detailed and relevant information about specific targets to plan a variety of attacks from first exploitation through lateral movement and even social engineering and physical attacks. Reconnaissance is the first step in a red team engagement. Shodan is a proprietary search engine that is actively gathering information about devices connected to the internet, often referred to as the Internet of Things. Shodan is a valuable tool in reconnaissance because it maintains current information on almost every accessible device on the internet. We will start this course by learning more about the capabilities of Shodan to enable us to find connected devices with IP addresses, open network ports, software versions and configuration details, digital certificate information, and a list of potential vulnerabilities. We will also look at using Shodan from a red team project perspective, where we will focus on a specific organization and their connected devices and locations. As Shodan does the active exploration for us, we are utilizing the information collected in a passive manner. The target will have no indication of our activities. Whether you're trying to gather open source intelligence as part of a red team engagement or want to discover and protect your organization's connected devices from attackers, join me in learning more about performing reconnaissance with Shodan, here at Pluralsight.