My Games
Account 🔐
Sign Up
Login
Global Leaderboard
Case Vault
Badge Backpack
Blue Team Glossary
Login and start playing
Leaving so soon?
×
You really want to log out? We were having so much fun!
Home
›
Glossary
›
reconnaissance
Reconnaissance
Definition
Reconnaissance is the phase of a cyber attack in which an attacker gathers information about a target system, network, or organization. The goal is to learn how the environment is set up, who uses it, and where weaknesses might exist. This information lets attackers plan later stages of the intrusion with precision. Reconnaissance is often the first phase in the Cyber Kill Chain. There are two main forms of reconnaissance: **Passive reconnaissance** Collecting information that is already public. Examples include DNS records, WHOIS registration data, leaked-data collections, company websites, social media profiles, and public job postings that reveal what technologies an organization uses. Because the attacker never directly interacts with the target systems, detection is less likely. **Active reconnaissance** Interacting directly with the target in order to collect technical information. Examples include network scanning for open ports, probing services, and mapping network structure. Since the attacker must communicate with target systems, there is a higher risk of detection.
Explore More Terms
Has
Impact
Comment
Count
Contains
Examples & Use Cases
An attacker begins by gathering publicly available data. They might check domain registration records to discover a company’s IP ranges. They might also look on social media or job postings to learn what software a company runs and who works there. Then they might run an active scan against public-facing IPs to find open services. With that information, they can craft a phishing email targeting particular employees or attempt to exploit a vulnerability in a detected service. **Why it matters** Reconnaissance does not cause direct damage, but it sets the stage for further attack phases. For defenders, understanding reconnaissance techniques helps to reduce publicly exposed information, monitor for suspicious probing activity, and patch or isolate vulnerable systems before attackers can exploit them. ([Bitsight][2]) **References** * Cybersecurity reconnaissance. BitSight. (What is cybersecurity reconnaissance?) ([Bitsight][2]) * Cybersecurity reconnaissance. Cymulate. (What is cyber-reconnaissance?) ([Cymulate][4]) * Network reconnaissance. Pentera. (Network reconnaissance glossary entry) ([Pentera][3]) * Reconnaissance tactic for adversaries. MITRE ATT&CK — Reconnaissance (TA0043). ([MITRE ATT&CK][5]) * Cyber Kill Chain. Lockheed Martin. (Cyber Kill Chain overview) ([Lockheed Martin][6]) --- If you like, I can also supply **DOI or publication-date-based** references (for academic or report-style use) for each source. [1]: https://en.wikipedia.org/wiki/Cyber_kill_chain?utm_source=chatgpt.com "Cyber kill chain" [2]: https://www.bitsight.com/glossary/cybersecurity-reconnaissance?utm_source=chatgpt.com "What is Cybersecurity Reconnaissance?" [3]: https://pentera.io/glossary/network-reconnaissance/?utm_source=chatgpt.com "What is Network Reconnaissance?" [4]: https://cymulate.com/cybersecurity-glossary/cyber-reconnaissance/?utm_source=chatgpt.com "What Is Cybersecurity Reconnaissance?" [5]: https://attack.mitre.org/tactics/TA0043/?utm_source=chatgpt.com "Reconnaissance, Tactic TA0043 - Enterprise - MITRE ATT&CK®" [6]: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html?utm_source=chatgpt.com "Cyber Kill Chain"
.png)
