Information Gathering
Information Gathering
Essential part of any security assessment
Gather all available information about the company, its employees, infrastructure, and how they're organized
The most frequent and vital phase throughout the whole process
All the steps for exploit are based on the information gathered during this phase
4 Main Categories:
Open Source Intelligence (OSINT)
Infrastructure Enumeration
Service Enumeration
Host Enumeration
All four categories should, and must, be performed
Open Source Intelligence
Finding publicly available information online
Possible to find passwords, hashes, keys, tokens, etc.
Repos on GitHub, GitLab, etc.
Infrastructure Enumeration
Last updated