GitHubWrite Ups

Information Gathering

Information Gathering

  • Essential part of any security assessment

  • Gather all available information about the company, its employees, infrastructure, and how they're organized

  • The most frequent and vital phase throughout the whole process

  • All the steps for exploit are based on the information gathered during this phase

  • 4 Main Categories:

    • Open Source Intelligence (OSINT)

    • Infrastructure Enumeration

    • Service Enumeration

    • Host Enumeration

  • All four categories should, and must, be performed

Open Source Intelligence

  • Finding publicly available information online

  • Possible to find passwords, hashes, keys, tokens, etc.

    • Repos on GitHub, GitLab, etc.

Infrastructure Enumeration

PreviousPre-EngagementNextTunneling

Last updated