O'Reilly logo
live online training icon Live Online training

Hands-on Bug Hunting

Active and Passive Reconnaissance and Dark Web Research

Topic: Math, Science, Engineering
Joseph Mlodzianowski
Omar Santos

This live and interactive training is designed to help you perform passive and active reconnaissance in ethical hacking and bug bounty hunting engagements. You will learn intermediate-to-advanced recon methodologies using open source intelligence (OSINT). In this training you will also learn how to perform dark web research and reconnaissance. You will learn how to use Tor, proxies and proxychains, and even how to create your own VPN servers in cloud environments.

What you'll learn-and how you can apply it

  • Learn passive reconnaissance and OSINT techniques.
  • Learn how to perform active reconnaissance for bug bounty hunting and ethical hacking engagements.
  • Learn how to stay safe while performing dark web research and reconnaissance.
  • Learn through step-by-step demonstrations.
  • Complete hands-on exercises and participate in interactive discussions.

This training course is for you because...

  • You have an understanding of cybersecurity fundamentals.
  • You want to prepare for certifications such as OSCP, OSWE, GIAC Web Application Penetration Tester (GWAPT), GIAC Certified Incident Handler (GCIH), and the GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).
  • You want to learn how to perform reconnaissance for bug bounty and ethical hacking engagements.
  • Anyone interested in cybersecurity, dark web research, and penetration testing (ethical hacking) will benefit from this training.


Course participants should have a basic understanding of cybersecurity, virtualization, and networking concepts.

The following books and video courses provide a good overview of cybersecurity fundamentals that are prerequisites for this course:

Course Set-up

Recommended Preparation

Recommended Follow-up

About your instructors

  • Joseph Mlodzianowski is a highly respected member of the Cybersecurity community, with over twenty years in the Cybersecurity field. Joseph is currently involved in organizing a number of Cybersecurity Conferences around the world including the Texas Cyber Summit in Texas, The Grayhat Conference in Orlando Florida, and founding member of the DEFCON Red Team Village. Joseph has run events at some of the largest Cybersecurity events in the world including Black Hat, Defcon and RSA Conference for over fifteen years. Joseph spent more than ten years as an I.S Operator working for the U.S State Department, and the Department of Defense. For over twenty years Joseph has been an “Dark Arts” offensive researcher and has developed training systems and training courseware for packet analysis, as well as web application hacking that is taught at the RSA Conference and other events as the evilcorp courses available at evilcorp.biz . Joseph worked for over ten years in the oil and gas industry, designing, implementing and securing complex ICS/Scada networks in harsh environments as a principal architect. Joseph has a Cisco Systems CCIE, a Novel CNE, CNSSI 4012, ITILv4, CISSP, and many other certifications and certificates.

  • Omar Santos is an active member of the cybersecurity community, where he leads several industry-wide initiatives. He is the lead of the DEF CON Red Team Village; the chair of the Common Security Advisory Framework (CSAF) technical committee; the co-chair of the Forum of Incident Response and Security Teams (FIRST) Open Source Security working group; and has been the chair of several initiatives in the Industry Consortium for Advancement of Security on the Internet (ICASI). His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures.

    Omar is the author of over twenty books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities. Additional information about Omar’s current projects can be found at omarsantos.io and you can follow Omar on Twitter @santosomar.


The timeframes are only estimates and may vary according to how the class is progressing

Introduction to Passive Recon and OSINT 20 mins

Using Recon-NG and SpiderFoot 30 mins

Break: 10 mins

Using Shodan and the Shodan API 30 mins

Using Maltego and the Harvester 30 mins

Break: 10 mins

Introduction to Active Recon 20 mins

Port and Vulnerability Scanning 30 mins

Break: 10 mins

Subdomain Enumeration 20 mins

Directory Enumeration 20 mins

Account Enumeration 10 mins

Day 2

The Deep Web vs. the Dark Web 20 mins

Introduction to Tor 20 mins

Using the Tor Browser 20 mins

Break: 10 mins

Using Proxies and Proxy Chains 20 mins

Creating Your Own VPN Server in the Cloud 30 mins

Break: 10 mins

Staying Safe when Performing Dark Web Research 50 mins

Break: 10 mins

Performing Dark Web Reconnaissance 50 mins