Offensive Recon
Master reconnaissance — OSINT, web recon, bug bounty and red team applications in one complete practical course.
The most complete offensive reconnaissance course available — OSINT, web recon, bug bounty and red team in one practical programme. Every concept is backed by a hands-on lab; nothing is hypothetical. You will build a full passive-and-active recon pipeline, learn to find what automated scanners miss, and finish able to produce a professional pre-engagement intelligence package.
Where recon sits in the Diamond, Kill Chain, and CHM frameworks and why it decides an engagement.
Staying anonymous, in-scope, and legal while gathering intelligence.
Advanced dorking and cached-content analysis to surface exposed data.
Username enumeration, breach correlation, and social footprinting.
Extracting intel from images, metadata, and documents.
Profiling org structure, tech stack, and supply-chain relationships.
Enumerating DNS, discovering subdomains, and mapping external infrastructure.
Cataloguing endpoints, technologies, and hidden functionality.
Extracting endpoints and secrets from client-side JS and APIs.
Finding exposed credentials, keys, and tokens across public sources.
Discovering exposed cloud assets and misconfigured services.
Sourcing and correlating breach data as factual context.
A repeatable recon-to-report workflow that gets findings paid.
Building the pre-engagement intelligence package for operations.
Automating the pipeline and applying every technique end to end.
Security Practitioners
Pentesters and red teamers building a professional pre-engagement intelligence workflow.
Bug Bounty Hunters
Researchers who want to find what scanners miss and write reports that get paid.
Security Students
Anyone starting in offensive security who wants a complete, practical foundation.
Security Teams
Defenders who want to understand exactly what attackers see before an engagement.
Active practitioners
Built from real engagement experience, not textbooks.
30 hands-on labs
Every concept has a dedicated lab. No theory without practice.
5 disciplines in one
OSINT, web recon, bug bounty, red team and automation.
KCORP certificate
Recognised by security teams and hiring clients.
Interested in this course? Our team will reach out within 1 business day.
Enquire Now