What is meant by 'Passive Reconnaissance'?

Passive reconnaissance refers to the process of collecting information about a target without directly engaging with the target system or network. This approach is particularly valuable for ethical hackers and security professionals because it allows for the accumulation of intelligence while remaining undetected. Techniques typically used in passive reconnaissance include researching publicly available information such as social media profiles, websites, domain registries, and other open-source intelligence (OSINT) sources. The goal is to gather as much information as possible to understand the target’s structure, assets, and potential vulnerabilities without alerting the target to the reconnaissance efforts.

The other choices imply a degree of direct interaction or active engagement with the target. Direct interaction with the system, such as attempting to connect with it or probe its defenses, characterizes active reconnaissance and may expose the reconnoitering activities to detection. Scanning for open ports and services also falls under active reconnaissance as it involves sending packets directly to the target in order to learn about its services and identify potential vulnerabilities. Similarly, exploiting detected vulnerabilities assumes prior knowledge or access to the target system, which also goes beyond the scope of passive reconnaissance.