Reconnaissance

The first step in penetration testing will most likely be performing reconnaissance, especially in a black-box test. This step is not as important– (although it might still be!) in white or grey-box testing. Also known as footprinting, your main goal in this phase is to gather as much information about an organization, such as:

  • Organizational structure
  • Services utilized
  • Phone numbers and names
  • Career listings and resumes

A good place to start to look for information is by looking at the organization’s website. You can get an idea of what their organization’s mission is. Also, by looking at career listings and resumes, you can get an idea of what services and devices they use. By looking at desirable traits and qualifications, you can get an idea of if they use Windows Server or Red hat Enterprise Linux.

You can also perform dumpster diving if you want to be more hands on. One mans trash may be another mans treasure. In the case of your goal, if the organization doesn’t have a proper paper shredding/destruction policy, you might strike gold. Thrown out letters or paper might disclose names, confidential information.

You may perform other searches too such as domain and email dossier. Whois can be vital in obtaining contact information. Social engineering can be used as well. Facebook and LinkedIn can provide valuable information too. Typosqautting or domain name squatting can be used to fool customers or employees to give you information that was not intended for you.

As you start to collect information, you should begin to piece together everything. By combining the information you retrieve by the methods explained above, you can create a compelling attack campaign.