vault backup: 2025-03-16 18:59:42
This commit is contained in:
boris
@@ -1,4 +1,5 @@
|
||||
# Intelligence Gathering
|
||||
|
||||
- More information gathered, more vectors of attack may be able to use
|
||||
- Better knowledge of target, more likely to succeed
|
||||
- Better target company knows what is common knowledge, better it can prepare.
|
||||
@@ -21,7 +22,7 @@
|
||||
# Limits
|
||||
|
||||
- Gathering information to identify entry points
|
||||
- physical, electronic, human...
|
||||
- physical, electronic, human…
|
||||
- and try to map out internal structure
|
||||
- physical, network, organisational
|
||||
- and external dependencies
|
||||
@@ -53,7 +54,7 @@
|
||||
- Have a deadline
|
||||
- Make sure time allocated to use intelligence
|
||||
|
||||
# Passive vs Active Reconnaissance
|
||||
# Passive Vs Active Reconnaissance
|
||||
|
||||
## Passive
|
||||
|
||||
@@ -80,12 +81,11 @@
|
||||
- Passive recon using OSINT sources
|
||||
- Include some semi-passive recon
|
||||
- Write report, outlining what has been found and why company should be aware.
|
||||
|
||||
- Look for:
|
||||
- Corporate
|
||||
- Personal
|
||||
- Technical information
|
||||
- http://www.pentest-standard.org/index.php/Intelligence_Gathering
|
||||
- <http://www.pentest-standard.org/index.php/Intelligence_Gathering>
|
||||
|
||||
## How to Obtain Information
|
||||
|
||||
@@ -104,4 +104,3 @@
|
||||
- Some tools rely on network inspection between you and target
|
||||
- "Active Packet Sniffing" means specific things cause traffic to flow to you
|
||||
- "Passive Packet Sniffing" means you inspect the traffic that happens to come past sniffer.
|
||||
-
|
||||
Reference in New Issue
Block a user