=======================================

Summary

=======================================

OSINT is usually the longest phase of a penetration test, and rightfully so. It entails not only combing through vast amounts of information directly related to the customer or target organization, but it also means looking in other places such as support forums, mailing lists, and other resources that might reveal technologies used. It is most effective when applied procedurally as best to filter out the signal from the all the noise you find on the Internet. Finding out everything you can about an organization, it’s employee’s, technologies used, and then analyzing and sifting through that information to weed out misleading, outdated, or otherwise unactionable information, all to finally prioritize and organize your findings so that the information can be used in an attack plan. This process can take days, weeks, and sometimes even months depending on the scope of the engagement, so plan accordingly and document well. Once we have all of our intelligence, including email addresses, users, domains, applications, services and hosts, we can begin to compile a wordlist to be used further on in our testing.