This beginner to intermediate course provides a comprehensive introduction to Google Dorking and Shodan for ethical hacking reconnaissance. Google Dorking refers to the use of advanced Google search operators to find sensitive information and exposed data unintentionally made public on the internet. Shodan is a specialized search engine that indexes internet-connected devices, allowing users to discover servers, webcams, routers, and even Industrial Control Systems (ICS) that are accessible online.

Participants will learn to identify internet-connected devices, exposed systems, sensitive data, and vulnerabilities using advanced search techniques. Students will gain hands-on experience using these tools to conduct reconnaissance on IoT devices and Industrial Control Systems (ICS), identifying potential security risks in critical infrastructure. The course also includes defensive strategies to protect sensitive information from hacker scans. Combining theory with hands-on practice, it equips learners—especially those interested in offensive security—with practical cybersecurity skills.

• Introduction to passive reconnaissance techniques

• Shodan as a tool for identifying internet-connected assets

• Using Shodan to analyze exposed services and misconfigured devices

• Google Dorking methods for discovering sensitive data online

• Search operators and advanced query construction for Google Dorking

• Techniques for identifying vulnerabilities in Industrial Control Systems (ICS)

• Defensive strategies to mitigate exposure to reconnaissance activities

Upon successful completion of this course, learners will be able to:

• Describe the different phases of ethical hacking and their significance in cybersecurity
• Explain the key features of Shodan, its role as a search engine for internet-connected devices, and perform passive reconnaissance using Shodan
• Execute essential Shodan CLI commands to collect information about devices, services
• Analyze misconfigured IoT devices and Industrial Control Systems (ICS) to identify potential security risks
• Demonstrate the use of Google Dorking to uncover sensitive information and assess cybersecurity risks
• Evaluate and implement defensive strategies to prevent hackers from obtaining information through scanning

The course uses PowerPoint slides to introduce theoretical concepts of passive scanning, supported by practical, hands-on exercises. This blended approach ensures students understand both the underlying principles and their application in real-world scenarios.