Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
4 Cards in this Set
- Front
- Back
|
When attempting stage 1 for pen testing, reconnaissance, we look for: |
1) Contact names within the organization (for spear phishing, whaling, phishing) 2)Phone numbers (for vishing) 3)Systems used within the company ie linux or windows, etc 4)Job postings or CV's |
|
|
Tools for recon |
Nslookup Traceroute Ping Whois Social Networking - Facebook, LinkdIn, Twitter, Pinterest, Tumbler, etc. |
|
|
Info you can get feom social media |
Facebook - birthdays, family members, home addresses LinkdIn - Employment history & skills Twitter - controversial (?) personal views Google+ - Pattern of life, friend circle |
|
|
The info you should collect: |
Names Phone numbers Email addresses Target systems Rough target network strength (how long the TTL test took determines how 'thick' the network is to get to the target system) Server addresses Mail server addresses Legit documents |
