Digital Shadows and Cyber Recon: A Workshop on Ethical Intelligence Gathering
Originally published on LinkedIn - August 5, 2025
This morning, I attended a fascinating Cyber Reconnaissance workshop hosted by Technocamps at the Volcano Theatre, Swansea that explored the often misunderstood world of online intelligence gathering.
While the term “reconnaissance” may conjure images of spy thrillers and Hollywood hacking scenes, this session provided a grounded, real-world perspective on how digital information is accessed, analysed, and protected in both business and personal cybersecurity contexts.
For many, this kind of talk conjures up images of 007 eluding SPECTRE or Matthew Broderick preventing (after nearly causing) WWIII. The reality is not quite as outlandish, but on occasion, personal information and a profile picture can be built relatively easily with basic know-how and especially if the potential victim has a heavy, unmonitored social media presence.
The dots can be connected all too easily.
What is Cyber Reconnaissance?
At its core, cyber reconnaissance is the process of collecting and analysing publicly available information online — also known as open source intelligence (OSINT). Whether you’re in cybersecurity, investigative journalism, or even marketing, this discipline is increasingly relevant.
We explored how publicly available data can be used ethically and strategically for:
Business risk and investment assessments
Threat intelligence and vulnerability testing
Digital profiling in advertising
Investigative journalism and criminal investigations
It was a powerful reminder that everything connected to the Internet is potentially accessible — and that strong firewalls and strict access protocols are our first line of defence.
⚖️ White Hat, Black Hat, and the Grey In-Between
We examined the spectrum of ethical hacking roles:
White hat hackers work with permission, testing systems for vulnerabilities as part of authorised security efforts.
Black hat hackers exploit systems illegally for personal or criminal gain.
Grey hat hackers operate in a legal grey area — often accessing systems without permission, but sometimes reporting vulnerabilities rather than exploiting them.
Regardless of intentions, we were reminded that unauthorised access is illegal, with ethical hacking bound tightly to consent, compliance, and clear test parameters.
🌍 Seeing Attacks in Real Time
A live demonstration of a global threat map was a highlight, showcasing blocked cyberattacks in real time. Interestingly, malware was noted as the least common threat type, while exploits — vulnerabilities used by attackers — were both more frequent and harder to detect.
I have seen similar technology before with Darktrace. However, the following is accessible for all: https://threatmap.checkpoint.com/
Also makes a marvellous screensaver.
🛠️ Five Phases of Security Testing
We were introduced to the standard methodology used in ethical hacking:
Information Gathering (Reconnaissance)
Scanning
Exploitation
Maintaining Access
Covering Tracks / Reporting
Most of our workshop focused on phase one — arguably the most intellectually stimulating, as it involved sleuthing through search engines, social media, and archived content like the Wayback Machine to map digital footprints. The breadcrumbs, if you will..
📚 Legal and Ethical Boundaries
A crucial part of the session explored the legal frameworks governing ethical hacking:
The Computer Misuse Act (1990) criminalises unauthorised system access.
GDPR ensures individuals can request deletion of their data and mandates transparency in data collection.
The Human Rights Act guarantees privacy in digital communications, including emails and home networks.
Ethical reconnaissance operates within these boundaries, and participants were urged to stay within authorised targets during practical exercises.
🔎 Practical Insights
The session also covered:
URL Analysis: Exploring unsecured directories on websites to identify misconfigured or exposed pages.
Active vs Passive Recon: Actively probing systems vs. passively monitoring public data.
Social Engineering Techniques: Including tactics like blending in with employees using dress codes or habits (e.g. “funky tie Fridays”) to gain trust and information.
We concluded with a hands-on exercise exploring open source research techniques — a reminder that in the digital age, our footprints say more than we think.
🧩 Final Thoughts
This workshop wasn’t just about security — it was about digital awareness. Whether you're a technologist, a team leader, or an interested observer, understanding how your online presence can be tracked, analysed, or protected is essential.
In an interconnected world, data is power, and with great power comes great responsibility — both in how we collect it and how we guard it.
I want to thank Technocamps for this brilliant session, and I will be looking out for more opportunities to attend. I am keen to do more work with Python, further to a self-study course I am working on, so I hope to join that later in the year. These sessions are highly recommended, funded by the UK Government, and you can find out more about them here:
https://www.technocamps.com/en/
🔐 Have you explored the world of cyber reconnaissance? What steps are you taking to secure your digital footprint? Let’s talk about it 👇
#CyberSecurity #OpenSourceIntelligence #EthicalHacking #DigitalTransformation #GDPR #SecurityAwareness #Reconnaissance #OSINT #LeadershipInTech
