Internet and Social Media Profile

A review of public information exposed by the organisation, possibly unintentionally, which could be of value to an attacker.

Most organisations will have at least one website, with publically accessible domain registration information, multiple employees’ social media profiles providing an insight into the organisational structure, and a plethora of clues about internal activities that individually are of little value, but in aggregate can lead to compromise of sensitive information.

The team will utilise a combination of techniques to map out likely pathways an attacker might take to gain unauthorised access to an organisation’s information or systems. The exact process to be undertaken will depend on the agreed rules of engagement, but will typically include: