Information Gathering

Technical - Reconnaissance

Technical information could be for example sensitive errors,  web-server hosting/information, ips/ip-ranges, knowledge about hardware or software versions, modules or models, information about the internal or external network infrastructure of a company.

Non-Technical - Reconnaissance

Non-technical information could be for example internal company structures (office), location (company) and area (country) information, employee, internal phone numbers, email addresses to social company contacts. Non-technical information are mostly bound to the social and structure of the target company.

Combining the Technical & Non-Technical

Both part of the information gathering sector can be combined on each test case in a separate way to grant excellent penetration testing results. Sometimes a company has an internal non-technical structure problem. Remote attackers can combine the non-technical with a technical information to successful perform an attack against the target company. We combine the non-technical with the technical information gaterhing procedure to secure infrastructures.

Public Information - Only!

All the data and information we capture or gather are accessed without vulnerabilities or exploits. During the reconnaissance phase no active cyber attacks or actions are taking place, the company computer systems are completely safe.

Next Phase Exploitation

After the information gathering process in the reconnaissance phase, the next step would be the enumeration phase. Watch the enumeration phase information as next step.

Additional Images: 

Languages

Syndicate

Subscribe to Syndicate

 

© Evolution Security GmbH - IT Security Services | 2024
#PenTesting #PenTest #Penetrationstest #Whitebox #Blackbox #Infosec #Germany
#Kassel #Hessen #Deutschland #Itsec #Audit #Awareness #Europe #International