Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Cybersecurity Fundamentals: Reconnaissance & Scanning
Rating: 4.7 out of 5(126 ratings)
906 students

Cybersecurity Fundamentals: Reconnaissance & Scanning

From Human Hacking to Network Scanning: The First Steps in Cybersecurity.
Created byMark Pinchen
Last updated 1/2026
English

What you'll learn

  • Define social engineering and explain the psychological principles that make it effective.
  • Identify and differentiate between common social engineering attacks like phishing, vishing, and smishing.
  • Recognise the key red flags and tactics used in social engineering attempts.
  • Apply practical defense strategies to protect against social engineering, including verification and MFA.
  • Conduct passive and active reconnaissance to gather intelligence on a target using OSINT.
  • Utilise key information-gathering tools like WHOIS, Shodan, theHarvester, and Recon-ng.
  • Perform network scanning to identify active hosts, open ports, and running services.
  • Execute service enumeration to gather detailed information like software versions and banners.
  • Operate essential security tools such as Nmap, Netcat, and Nessus for scanning and vulnerability assessment.
  • Understand CVEs and the vulnerability management process to identify and assess known security flaws.

Course content

4 sections27 lectures1h 21m total length
  • Social Engineering : Hack the Human2:11

    Understanding social engineering means understanding human psychology. Attackers know people are naturally inclined to trust authority figures, whether they claim to be a manager, IT support, or even the police. Fear is another powerful motivator, threats such as “your account will be locked” or “legal action will be taken” trigger panic and fast reactions. Curiosity is often exploited through clickbait style traps: messages promising to reveal private photos or profile views. Reciprocity plays a role too; if someone gives a gift or reward, people often feel obliged to respond. Finally, social proof is leveraged, if “everyone else is doing it,” we’re more likely to follow. This section highlights how these psychological triggers are used not in isolation, but in combination, making them harder to resist. By being aware of how our minds can be manipulated, we strengthen our ability to pause, think, and resist manipulation.

  • How to Defend Yourself2:13

    This page highlights the most common types of social engineering attacks, each designed to exploit human behaviour rather than technical flaws. Phishing remains the most widespread, with attackers creating emails that appear to come from trusted sources. Vishing takes the scam to the phone, while Smishing adapts it for text messages. Pretexting involves an attacker inventing a believable scenario, often impersonating IT or banking staff,  to gain trust. Baiting plays on curiosity, leaving infected USBs or files where someone is tempted to pick them up. Each method may seem simple, yet all have the power to compromise individuals and entire organisations. The key lesson is clear: attackers use whatever communication channel people trust most. By recognising the hallmarks of each technique, staff can remain alert and avoid falling for tricks. The defence against these attacks starts with knowing how they are deployed in the first place.

  • Red Flags to Watch For2:06

    Spotting social engineering relies on noticing subtle red flags. Urgency is one of the most common traps: messages demanding immediate action or threatening consequences are almost always suspicious. Another warning sign is when someone requests sensitive information, no legitimate organisation will ever ask for passwords or two factor codes by email, call, or text. Unexpected links or attachments are another danger, even when they appear to come from a trusted contact. Attackers also rely on fake authority, posing as managers, IT staff, or even law enforcement to pressure quick decisions. Poor spelling, unusual grammar, or generic greetings such as “Dear User” should immediately raise suspicion. This page underlines the importance of pausing before responding, clicking, or sharing. By recognising these patterns and taking a moment to verify requests, individuals can protect themselves and their organisation. Awareness of these common signs is the best first line of defence.

  • The Psychology Behind It1:54

    Understanding social engineering means understanding human psychology. Attackers know people are naturally inclined to trust authority figures, whether they claim to be a manager, IT support, or even the police. Fear is another powerful motivator, threats such as “your account will be locked” or “legal action will be taken” trigger panic and fast reactions. Curiosity is often exploited through clickbait style traps: messages promising to reveal private photos or profile views. Reciprocity plays a role too; if someone gives a gift or reward, people often feel obliged to respond. Finally, social proof is leveraged, if “everyone else is doing it,” we’re more likely to follow. This section highlights how these psychological triggers are used not in isolation, but in combination, making them harder to resist. By being aware of how our minds can be manipulated, we strengthen our ability to pause, think, and resist manipulation.

  • How to Defend Yourself2:37

    Defending against social engineering begins with simple but powerful habits. Always verify unexpected requests through trusted channels before taking action, especially when money, access, or sensitive data is involved. Treat unsolicited links, attachments, and USB devices with extreme caution, as these are common attack vectors. Oversharing on social media is another risk, since criminals collect personal details to make their attacks more convincing. Multi-factor authentication (MFA) should be enabled wherever possible; it adds an extra barrier beyond just passwords, significantly reducing the risk of compromise. Finally, prompt reporting of suspicious messages, calls, or encounters is essential. Early reporting not only protects the individual but also prevents attacks from spreading within an organisation. This page emphasises that defending yourself does not always require advanced technical knowledge, it requires vigilance, scepticism, and a willingness to follow security best practices every day.

  • Tools of the Trade2:19

    To understand social engineering, it helps to know the tools attackers use. Gophish allows realistic phishing simulations, testing how easily people fall for fake emails. HiddenEye and SocialFish generate fake login pages to capture usernames and passwords. EvilURL creates deceptive lookalike web addresses, while Evilginx acts as a “man in the middle,” stealing both credentials and login tokens. The Social Engineering Toolkit (SET) is perhaps the most versatile, offering phishing campaigns, fake websites, and payload delivery options all in one. While these tools can be misused by attackers, they are also widely used by security professionals in ethical penetration testing and staff training. This page highlights the dual purpose of such software, as both weapons for criminals and teaching aids for defenders. Awareness of these tools helps individuals understand how convincing modern attacks can appear, and why caution is essential when interacting online.

  • AI, Faces & the Death of Anonymity3:48

    The final section explores the growing role of artificial intelligence in social engineering. AI makes it easier to create realistic fake profiles, generate convincing phishing messages, and even replicate human voices for vishing scams. Deepfake technology allows attackers to impersonate colleagues, managers, or public figures with startling accuracy. The concept of anonymity is under increasing threat with facial recognition, voice synthesis, and AI driven behavioural analysis, it is harder than ever to remain unseen online. This shift presents both new risks and new responsibilities. Organisations must educate staff about these evolving dangers, while individuals must be cautious about the personal information and images they share. The message is clear: the boundary between the digital and real world is blurring. As attackers adopt advanced AI tools, awareness and vigilance must keep pace. The human element remains both the greatest target and the strongest defence against these threats.

  • Phishing Demo7:48

    In this walkthrough, we explore GoPhish, a free and open source phishing simulation platform used by security teams and ethical hackers. You’ll learn how to safely set up a phishing campaign in a controlled environment without putting real users at risk.

    We’ll cover:

    • Setting up a secure sending profile using Mailtrap (a sandboxed email testing tool).

    • Creating realistic landing pages, such as a cloned Microsoft 365 login page, to demonstrate how attackers mimic trusted services.

    • Designing phishing email templates that simulate urgent or suspicious messages.

    • Launching a controlled campaign and monitoring results using GoPhish’s dashboard.

    By the end of this session, you’ll clearly understand how phishing attacks are constructed, the psychology behind them, and most importantly how to recognise the red flags. This hands-on demo is ideal for cybersecurity learners, ethical hackers, and IT professionals who want to see phishing from the attacker’s perspective without any real world risk.

Requirements

  • A basic understanding of how to use a computer and the internet is all you need.
  • No prior hacking, programming, or IT experience is required.
  • A Computer: You will need a laptop or desktop computer (Windows, macOS, or Linux).
  • Internet Connection: A standard broadband connection is required for downloading tools and research.
  • Software: All the tools we will use (like Nmap) are free and open-source. We will guide you through the installation process step-by-step.
  • A willingness to learn and a strong ethical compass. This knowledge is for educational and defensive security purposes only.

Description

In today's digital landscape, understanding cybersecurity is no longer optional, it's essential. This comprehensive course demystifies the world of cybersecurity by taking you through the crucial first steps that both attackers and defenders use: social engineering, reconnaissance, scanning, and enumeration. You'll learn how hackers exploit human psychology through phishing, vishing, and other manipulation techniques, and more importantly, how to recognize and defend against these attacks.

We then dive into the technical fundamentals, teaching you how to gather intelligence using Open Source Intelligence (OSINT) tools like Shodan, theHarvester, and Recon-ng. You'll master network scanning with industry-standard tools including Nmap and Netcat, learning to identify open ports, services, and vulnerabilities. Through practical demonstrations and real-world examples, you'll understand how to conduct both passive and active reconnaissance, perform vulnerability assessments, and interpret CVEs to evaluate security threats.

Designed specifically for beginners, this course requires no prior experience in hacking or IT. All you need is a computer and curiosity. Whether you're an aspiring cybersecurity professional, IT administrator, or simply someone concerned about digital safety, this course provides the essential knowledge and hands-on skills to either launch your cybersecurity career or significantly enhance your organization's security posture. Join thousands of students who have taken their first confident steps into cybersecurity through this practical, engaging learning experience.

Who this course is for:

  • Aspiring Cybersecurity Professionals: Anyone looking to start a career in cybersecurity or ethical hacking and wants to master the foundational first steps of any security assessment.
  • IT Professionals & System Administrators: Those in tech roles who need to understand how attackers gather information and exploit human factors to better defend their organisations.
  • Help Desk & SOC Analysts: Front-line defenders who want to improve their ability to recognise and respond to social engineering attempts and network scanning alerts.
  • Students & Career Changers: Individuals looking for a structured, practical introduction to the world of information security without needing a technical background.
  • Curious Beginners: Anyone fascinated by how cyberattacks work "from the other side" and wants to learn these skills for educational purposes and personal digital safety.