Ethical Hacking — Reconnaissance & Footprinting: Know the Target Before You Test

Find the facts—legally, cleanly, and fast. This hands-on module teaches modern reconnaissance and footprinting techniques used by professional penetration testers and red teams — all inside legal, sandboxed workflows. Learn to harvest publicly available intelligence, map attack surfaces, and produce crystal-clear reports that help defenders fix problems before attackers exploit them. No illegal scanning, no targeting without permission — only ethical, repeatable methods hiring managers trust.

What You'll Learn

• OSINT fundamentals: how to find domain history, public leaks, employee footprints, and exposed assets.
• Passive vs active reconnaissance: when to stay covert and when to switch to authorized scanning.
• Subdomain discovery, DNS enumeration, and how to read DNS records for risk signals.
• Port & service fingerprinting in lab environments — identify versions and prioritize risk legally.
• Web and API surface mapping: locate hidden endpoints, forgotten admin panels, and exposed directories.
• Social engineering awareness: what attackers look for and how to harden people and processes.
• Automation & tooling: safe scripts and toolchains for scalable, responsible discovery (lab-only).
• Reporting: produce prioritised, evidence-based findings and remediation guidance that dev teams can act on.
• Ethics & legal scope: engagement rules, consent, and responsible disclosure templates included.

Why this module matters: reconnaissance tells the real story — who’s exposed, how, and why it matters. You’ll get plug-and-play templates, lab exercises, and instructor feedback so you can deliver defensible findings employers respect. Limited seats keep feedback personal — early enrollees receive bonus OSINT checklists and a one-on-one lab review.

Ethical use only — all exercises use public data or isolated lab targets. This training is intended for authorized testers, defenders, and students following legal and disclosure best practices.