I have been looking at several forums and one of the things that frustrate me the most is the lack of talk on the areas of proper target enumeration and intel gathering. Everybody is focused in running Nmap, fierce or any other host of tools and forget the true time basics of simply surfing the targeted client’s site taking note of the contact information and sending someone from the attack team to do a physical recon, to look for:
- Wireless networks
- Trash disposal methods
- Physical security to the building
- Open and exposed Ethernet network ports
- Exposed USB ports
- Unlocked and unused machines
Not everything has to be done thru the internet, most people are focused on the latest tool and not in thinking outside the box, in many of my presentation clients are impressed that their biggest hole is physical security. I know I’m ranting but I had to get it off my chest. take care and be secure.