Gathering Proper Intel



I have been looking at several forums and one of the things that frustrate me the most is the lack of talk on the areas of proper target enumeration and intel gathering. Everybody is focused in running Nmap, fierce or any other host of tools and forget the true time basics of simply surfing the targeted client’s site taking note of the contact information and sending someone from the attack team to do a physical recon, to look for:

  • Wireless networks
  • Trash disposal methods
  • Physical security to the building
  • Open and exposed Ethernet network ports
  • Exposed USB ports
  • Unlocked and unused machines

Not everything has to be done thru the internet, most people are focused on the latest tool and not in thinking outside the box, in many of my presentation clients are impressed that their biggest hole is physical security. I know I’m ranting but I had to get it off my chest. take care and be secure.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s