Adversaries are often able to penetrate networks and compromise systems by
exploiting vulnerabilities in people and systems. The key to the success of
these attacks is information that adversaries collect throughout the phases of
the cyber kill chain. We summarize and analyze the methods, tactics, and tools
that adversaries use to conduct reconnaissance activities throughout the attack
process. First, we discuss what types of information adversaries seek, and how
and when they can obtain this information. Then, we provide a taxonomy and
detailed overview of adversarial reconnaissance techniques. The taxonomy
introduces a categorization of reconnaissance techniques based on the technical
approach, including target footprinting, social engineering, network scanning,
and local discovery. This paper provides a comprehensive view of adversarial
reconnaissance that can help in understanding and modeling this complex but
vital aspect of cyber attacks as well as insights that can improve defensive
strategies, such as cyber deception.

By admin