Gathering Proper Intel
I have been looking at several forums and one of the things that frustrate me the most is the lack of talk on the areas of proper target enumeration and intel gathering. Everybody is focused in running Nmap, fierce or any other host of tools and forget the true time basics of simply surfing the targeted client's site taking note of the contact information and sending someone from the attack team to do a physical recon, to look for:
- Wireless networks
- Trash disposal methods
- Physical security to the building
- Open and exposed Ethernet network ports
- Exposed USB ports
- Unlocked and unused machines