Reconnaissance is the first phase of any attack—and the first opportunity for defenders to detect malicious intent. In this episode, we break down both passive and active reconnaissance techniques used by ethical hackers and adversaries alike. Passive recon relies on publicly available data, such as DNS records, social media, job postings, WHOIS data, or open-source intelligence (OSINT), to build a picture of a target without direct interaction. Active recon, by contrast, involves probing systems through port scans, service enumeration, or banner grabbing to uncover exploitable information. We explore how to identify when recon is taking place through network monitoring, anomaly detection, and early-warning alerts. By understanding recon techniques, defenders can better identify precursors to attack—and attackers can refine their assessments before launching a payload. Knowledge is power—and in recon, it’s the first move.