Course 34 - Cybersecurity Kill Chain | Episode 1: Reconnaissance and Footprinting Fundamentals

Course 35 - Footprinting and Reconnaissance | Episode 4: Email and Domain Information Mapping

In this lesson, you’ll learn about: Maltego for visual footprinting and OSINT analysis1. What is Maltego? * Maltego * A tool used for: * Information gathering (OSINT) * Footprinting * Visual link analysis 👉 Key idea: * Instead of raw data → Maltego gives you a visual map of relationships 2. Lab Setup (Kali Linux Environment)🔹 Platform * Kali Linux 🔹 Setup Steps * Install Maltego Community Edition * Register an account * Launch and create a new graph 👉 The graph is your workspace where: * Entities (emails, domains, IPs) are connected visually 3. Email Reconnaissance in Maltego🔹 Process * Add an email entity to the graph * Run transforms (automated queries) 🔹 Example Data Source * Have I Been Pwned 🔹 What You Discover * Data breaches linked to the email * Associated accounts or services * Connections to other entities 👉 Value: * Helps identify: * Compromised credentials * Attack vectors 4. Domain-Level Investigation🔹 Example Target * Microsoft (microsoft.com) 🔹 What Maltego Can Find * Associated email addresses * Subdomains * Infrastructure components 👉 This builds: * A complete map of the organization’s digital presence 5. Visualization Power🔹 What Makes Maltego Unique * Displays relationships between: * Emails * Domains * IP addresses * Organizations 🔹 Unexpected Insights * Can reveal: * Physical locations * Cities * Additional contextual data 👉 Result: * A clear attack surface map instead of scattered data 6. Why Maltego is Important * Automates OSINT collection * Correlates data from multiple sources * Makes complex relationships easy to understand Key Takeaways * Maltego is a visual OSINT and footprinting tool * Uses transforms to gather and connect data * Email analysis can reveal breach exposure * Domain analysis maps full infrastructure * Visualization helps identify hidden relationships Big PictureMaltego helps you:👉 Move from data collection → intelligence visualization * Not just gathering info * But understanding how everything is connected Mental Model * Raw tools → give data * Maltego → gives insight + connections You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]

Course 35 - Footprinting and Reconnaissance | Episode 3: Exploring Shodan and the Google Hacking Database

In this lesson, you’ll learn about: Shodan and Google Dorking (GHDB) in footprinting1. Shodan (Internet-Wide Device Discovery)🔹 What is Shodan? * Shodan * A search engine designed to find: * Internet-connected devices * Exposed services 🔹 What You Can Discover * IP addresses * Open ports * Operating systems * Device types (e.g., routers, cameras, servers) 🔹 Example Use Case * Searching for: * Cisco routers * Filtering by: * Geographic location 👉 Why it matters: * Helps identify: * Exposed infrastructure * Potential attack surface 2. Key Shodan Capabilities * Advanced filters: * Location-based searches * Service-specific queries * Real-world visibility into: * Global internet exposure 👉 Insight: * Many systems are: * Misconfigured * Publicly accessible 3. Google Dorking (GHDB)🔹 What is GHDB? * Google Hacking Database * A collection of: * Advanced Google search queries (dorks) 🔹 Purpose * Find: * Sensitive files * Misconfigured web pages * Hidden data 4. Common Google Dorking Techniques🔹 File Type Searches * Example: * .xlsx (Excel files) 👉 Can reveal: * Reports * Credentials (sometimes) * Internal data 🔹 Targeted Queries * Use operators like: * site: * filetype: * intitle: 5. Practical Considerations🔹 Handling Limitations * Google may: * Trigger CAPTCHA (human verification) * Requires: * Careful, slow searching 🔹 Navigating Results * Review multiple pages * Refine queries for accuracy 6. Legal & Ethical Use * Always: * Stay within authorized scope * Use tools for: * Security research * Defensive purposes 👉 Important: * These tools are powerful: * Misuse can lead to legal consequences Key Takeaways * Shodan reveals internet-exposed devices and services * GHDB enables precision searching for sensitive data * Both tools are critical for OSINT and footprinting * Advanced search techniques improve accuracy * Ethical usage is mandatory Big PictureThese tools help you:👉 Move from basic information → deep exposure analysis * Shodan → “What devices are exposed?” * GHDB → “What data is publicly accessible?” Mental Model * Shodan → Infrastructure visibility * Google Dorking → Data discovery You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]

Course 35 - Footprinting and Reconnaissance | Episode 2: Gathering Intelligence with NSlookup and WHOIS

In this lesson, you’ll learn about: network footprinting using NSlookup and WHOIS1. What is Network Footprinting? * The process of gathering technical information about a target domain * Focuses on: * DNS data * IP addresses * Domain ownership 👉 Goal: * Build a clear profile of the target’s infrastructure 2. Using NSlookup (DNS Intelligence)🔹 Tool Overview * NSlookup * A command-line tool used to query: * DNS (Domain Name System) records 🔹 What You Can Discover * Domain → IP address mapping * DNS servers * Network-related details 🔹 Interactive Mode * Allows advanced queries like: * MX Records (Mail Servers) * Identify email infrastructure 👉 Why it matters: * Reveals: * Email servers * Attack surface for phishing or targeting 3. Using WHOIS (Administrative Intelligence)🔹 Tool Overview * WHOIS * Often accessed via: * ICANN 🔹 What You Can Discover * Domain registrar * Registration & expiration dates * Name servers * Contact details: * Emails * Phone numbers * Addresses 4. Key Data ExtractedData TypeSourceValueIP AddressNSlookupNetwork targetingMX RecordsNSlookupEmail infrastructureRegistrar InfoWHOISDomain ownershipContact DetailsWHOISSocial engineeringName ServersBothInfrastructure mapping5. Strategic Importance * This data helps build: * A complete footprint of the target 🔹 Potential Use Cases (High-Level) * Identifying: * Entry points * Services to investigate * Supporting: * Security assessments * Risk analysis 6. Role in Footprinting Phase * Part of: * Early-stage reconnaissance 👉 It enables you to: * Move from: * Domain name → full infrastructure visibility Key Takeaways * NSlookup is used for DNS-level intelligence * WHOIS provides administrative and ownership data * MX records reveal email systems * Public data can expose critical infrastructure details * Footprinting is the foundation of any security assessment Big PictureThis stage is about:👉 Turning public data into actionable intelligence * Before any testing begins * You must understand: * Who owns the system * How it is structured * What services it exposes Mental Model * NSlookup → “Where is the system?” * WHOIS → “Who owns the system?” You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]

Course 35 - Footprinting and Reconnaissance | Episode 1: Methodology, OSINT Tools, and Lab Setup

In this lesson, you’ll learn about: footprinting, OSINT, and setting up a penetration testing lab1. Penetration Testing Methodology🔹 The First Rule: Legal Scope * Before any testing: * Define scope clearly * Get explicit permission 👉 Why it matters: * Protects you legally * Defines what systems you can test * Prevents unauthorized access issues 2. Footprinting & Reconnaissance🔹 Definition * The process of gathering information about a target before attacking 🔹 Types of Footprinting🟢 Passive Footprinting * No direct interaction with the target * Uses publicly available data 🔴 Active Footprinting * Direct engagement with the target * Higher risk of detection 🌐 OSINT (Open Source Intelligence) * Collecting intelligence from: * Public databases * Websites * Social platforms 3. Essential OSINT & Footprinting Tools🔹 Basic Network Tools * nslookup * DNS records and IP resolution * whois * Domain registration and ownership details 🔹 Search & Intelligence Platforms * Shodan * Discover exposed devices and services 🔹 Visual Intelligence Tool * Maltego * Maps relationships between: * Domains * Emails * Infrastructure 🔹 Website Analysis * HTTrack * Clone websites for offline analysis 🔹 Advanced Recon Frameworks * Recon-ng * theHarvester 👉 Used for: * Automated data collection * Email harvesting * Domain intelligence 4. Building a Safe Lab Environment🔹 Why You Need a Lab * Avoid testing on real systems * Practice safely and legally * Simulate real-world attacks 🔹 Virtualization Platform * Oracle VM VirtualBox 👉 Important: * Install: * Base platform * Extension Pack 🔹 Operating System for Pentesting * Kali Linux 👉 Includes: * Pre-installed security tools * Ready-to-use environment 5. Troubleshooting Setup * Always: * Follow guides specific to your OS (Windows / Linux / Mac) * Check virtualization support (VT-x / AMD-V) Key Takeaways * Always start with scope and permission * Footprinting is the foundation of pentesting * OSINT provides powerful public intelligence * Tools automate and enhance data gathering * A lab environment is essential for safe practice Big PictureThis phase is where you:👉 Move from zero knowledge → complete visibility * Understand the target * Map the attack surface * Prepare for deeper testing Mental Model * Methodology → “What am I allowed to do?” * Footprinting → “What can I learn?” * Lab → “Where can I practice safely?” You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]

Course 34 - Cybersecurity Kill Chain | Episode 4: Command, Objectives, and Defense in Depth

In this lesson, you’ll learn about: Command & Control (C2), Actions on Objectives, and Defense in Depth1. Command & Control (C2) Phase🔹 Definition * The stage where an attacker establishes a communication channel with a compromised system 🔹 Purpose * Send commands to the infected machine * Receive exfiltrated data * Maintain persistent remote access 🔹 Evasion Techniques * Attackers disguise communication as normal traffic 👉 Example: * Using platforms like: * Twitter * Why this works: * Traffic appears legitimate * Blends into normal user behavior * Harder for detection systems to flag 2. Actions on Objectives (Final Goal)🔹 Definition * The phase where the attacker achieves their intended objective 🔹 Common Targets * Sensitive data such as: * Financial records * Credit card data * Credentials * Intellectual property 🔹 Attacker Behavior * Operate stealthily * Maintain long-term access * Avoid detection while extracting value 3. Defense in Depth🔹 Definition * A layered security strategy designed to protect systems at multiple levels 🔹 Framework * Cyber Defense Matrix 4. Six Core Defensive Actions🛡️ Detect * Identify malicious or suspicious activity 🚫 Deny * Prevent unauthorized access ⚡ Disrupt * Interrupt attacker operations 📉 Degrade * Reduce the effectiveness of the attack 🎭 Deceive * Mislead attackers (e.g., honeypots, fake assets) 🔒 Contain * Limit the spread and impact of an attack 5. Why Defense in Depth Matters * No single security control is sufficient * Attacks occur in multiple stages 👉 Effective defense must: * Cover every phase of the Cyber Kill Chain Key Takeaways * C2 enables attackers to remotely control compromised systems * Attackers often hide communication within legitimate traffic * Actions on Objectives is where real damage or data theft occurs * Defense in Depth provides layered protection across all stages * Security should be proactive, not reactive Big Picture👉 This is the final stage of the attack lifecycle: * C2 → Control the system * Actions → Achieve the objective * Defense → Detect, limit, and stop the attack You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]