OSINT and Passive Reconnaissance
Objective 2.1 · Recon Enumeration
Active Scanning and Enumeration
Objective 2.2 · Recon Enumeration
Vulnerability Identification
Objective 2.3 · Recon Enumeration
Nmap Scanning Techniques
Objective 2.2 · Recon Enumeration
BloodHound and Active Directory Enumeration
Objective 2.2 · Recon Enumeration
Passive DNS Reconnaissance Techniques
Objective 2.1 · Recon Enumeration
Shodan and Censys for Asset Discovery
Objective 2.1 · Recon Enumeration
WHOIS, Certificate Transparency, and ARIN
Objective 2.1 · Recon Enumeration
Google Dorking for OSINT
Objective 2.1 · Recon Enumeration
LinkedIn and Social Media OSINT
Objective 2.1 · Recon Enumeration
Maltego and Recon-ng Frameworks
Objective 2.1 · Recon Enumeration
Advanced Nmap: Scripting Engine (NSE)
Objective 2.2 · Recon Enumeration
Masscan and ZMap for Fast Port Scanning
Objective 2.2 · Recon Enumeration
SMB Enumeration with enum4linux and CrackMapExec
Objective 2.2 · Recon Enumeration
LDAP and Active Directory Enumeration
Objective 2.2 · Recon Enumeration
SNMP Enumeration Techniques
Objective 2.2 · Recon Enumeration
Web Fuzzing: Dirbusting and Parameter Discovery
Objective 2.2 · Recon Enumeration
Subdomain Enumeration and Takeover
Objective 2.1 · Recon Enumeration
API Endpoint Enumeration
Objective 2.2 · Recon Enumeration
Free PT0-002 practice questions with full explanations. Test what you learn chapter by chapter.
PT0-002 Practice Questions