A review of public information exposed by the organisation, possibly unintentionally, which could be of value to an attacker.
Most organisations will have at least one website, with publically accessible domain registration information, multiple employees’ social media profiles providing an insight into the organisational structure, and a plethora of clues about internal activities that individually are of little value, but in aggregate can lead to compromise of sensitive information.
The team will utilise a combination of techniques to map out likely pathways an attacker might take to gain unauthorised access to an organisation’s information or systems. The exact process to be undertaken will depend on the agreed rules of engagement, but will typically include:
- Search Engine Querying – Utilising Internet based search engines to understand the official online profile of the organisation.
- Registry Searching – Reviewing company, domain and network connection registration information to identify technical resources and contacts.
- Social Media Profiling – Searching for, and if rules of engagment permit, interacting with employees of the organisation.
- Leak Hunting – Searching for and identifying references to internal or sensitive details on leak or bragging sites.
- Automated Vulnerability Scanning – If appropriate, Internet-connected services that are positively identified as being in scope may be scanned for remotely exploitable vulnerabilities.
- Reporting – Production of a detailed report on areas of non-compliance, non-conformance, potential technical risks, and suggested remedial steps where appropriate.