To begin any penetration test engagement I always start with at least a full day of recon. Depending on the type of engagement, I might start with more information or less, but for the purposes of this article, I will start with knowing nothing but the company name and domain name. There are a number of tools to help with the process, and I will not go too deep with the tools, but will mention some of the ones I use.
Since recon is such an important process in a penetration test, I will make this a multiple part post, and will update this post with links to the other parts as they are written. So how do I start?
We will look through Whois Recon, Google Searching, Website Crawling, and some other methods of recon. In Recon Part 2, we will look at the simplest method for gaining information on a target organization, by using their own website. Part of this will also look at possible subdomains the target might have.
No comments:
Post a Comment