TABLE OF CONTENTS In this chapter, we'll discuss what's called pre-assessment information-gathering techniques. During this phase of an assessment, the security tester is most interested in obtaining preliminary information about the target. This does not include specific information such as IP addresses and DNS names (which we discuss in the next chapter) but rather information that could be used for social manipulation (talking a help desk operator into a password change), physical compromise of a target (gaining information about building structures or badge layouts), and general reconnaissance.
Throughout this chapter, we focus on methods to locate information about the target that will most likely be used in later phases of the assessment. In a twisted sort of way, pre-assessment work is a bit like preparing for the perfect date. You might do a bit of research about the person, get some information about them and their friends and family, spend quality time with them, and learn as much as you can about their interests. Although the stakes are much higher, courting your target can be like courting your mate. When things get rough, plan to spend some time sleeping in a chair or a couch instead of in a nice, warm bed where you belong!
Let's carry that analogy through the chapter and examine how the stages of pre-assessment mirror the stages of courtship.
One of the first steps you need to take is to try to understand the target company structure and environment. Visiting the...
