8Enumeration
Collecting information about the target company from the Internet, sifting through trash cans, walking the halls, or talking to friends is considered passive information collection because there is minimal interaction with the target. During the reconnaissance phase the tester looks for information that is readily available, collecting data that can provide greater insights when combined, and setting the foundation for an allout attack.
The enumeration phase takes on a much more aggressive collection tactic by interacting with systems and networking elements to gather as much information as possible. This goes beyond scanning ...
Get CISO's Guide to Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
