Reconnaissance
A huge portion of your penetration testing time will be spent in this first critical part of the test. While some break down this phase into active and passive, I prefer to clump them together as the data acquired would speak for itself.
Reconnaissance is the systematic approach where you attempt to locate and gather as much information on your target, this is otherwise known as foot-printing.
The techniques involved in foot-printing include but are not limited to the following:
- Social engineering (this is great fun)
- Internet research (Google, Bing, LinkedIn, and so on)
- Dumpster-diving (getting your hands dirty)
- Cold-calling
It's basically any way you can acquire any information on your target, so be creative. So, what are we looking for?
Well, every bit of info is useful, but it needs to be prioritized and keep in mind that something that you may not find useful at first just might come in handy somewhere else. But for starters the important things would be the following:
- Contact names within the organization
- Other locations of the organization (if any)
- Email addresses (which we could later used for phishing, whaling, or spear-phishing)
- Phone numbers of important figures within the company (these can be used for phishing)
- Systems used within the company such as Windows or Linux
- Job postings
- Employee CVs (past/present)
While all of this might be self-explanatory, job postings seems a bit strange; however, let's say you come across one for a system admin, and based on the requirements that they are asking for the position it would provide, you with a lot of information about their internal systems. This can then be used to come up with attack vectors or to find exploits.
Employee CVs work in a similar manner; by knowing what their employees' skill sets are, you can determine what kind of systems they may or may not be running.
While this might seem tedious, keep in mind that the more information you have, the more capable you would be when making decisions later. I personally find myself coming back to this phase throughout the engagement. ?