Company Intelligence
| Information | Can be used for... |
|---|---|
| Locations and Addresses | General understanding of a companys geographical layout. Targets for physical engagements. |
| Phone Numbers Ranges | War Dialing |
| Business Areas | General understanding of a companys business and to identify business processes. |
| Products / Portfolio | Targets for exfiltration (digital assets) or for Social Engineering |
| Organigram | Knowledge about a companys personal structure and allocate VIPs as targets for Social Engineering |
| Employees and contact information | Targets for Social Engineering |
| Technologies (Systems / Software) | Allocating vulnerabilities and weak points to attack during Gaining Access and Maintaining Access phase. |
| (Security-) Policies | Get an understanding of a companys security posture and find weak spots tu utilize during Gaining Access and Maintaining Access phase. |
| Events | Physical engagements and Social Engineering |
Personal Information
| Information | Can be used for... |
|---|---|
| Names and Contact information | Social Engineering |
| Usernames and Passwords | Gaining Access phase. |
| Family and Pents | Social Engineering |
| Interests and Hobby | Social Engineering |
Network Information
| Type | Used for... |
|---|---|
| Domain- and Hostnames | Targets for Scanning and Enumeration phase. Attack Surface during Gaining Access phase. |
| IP-Blocks and -Addresses | Targets for Scanning and Enumeration phase. Attack Surface during Gaining Access phase. |
| Routing Information | Communication Paths through the target network and allocating network devices for Scanning and Enumeration and Gaining Access phase. |
| System Types (Routers, Firewalls,Servers,...) | Target information for Gaining Access phase. |
| Remote Access Services | Targets for Scanning and Enumeration phase. Attack Surface during Gaining Access phase. |
System Information
| Type | Used for... |
|---|---|
| Operating System and Patch Versions | Identification of target environment. Detection of vulnerabilities and exploits during Gaining Access and Maintaining Access phases. |
| Ports and Services | Targets for Scanning and Enumeration phase. Detection of vulnerabilities and exploits during Gaining Access and Maintaining Access phases. |
| Applications and Software Versions | Targets for Scanning and Enumeration phase. Detection of vulnerabilities and exploits during Gaining Access and Maintaining Access phases. |
| Authentication Mechanisms | Detection of vulnerabilities and exploits during Gaining Access and Maintaining Access phases. |
| Access Control Lists (ACL) | Detection of vulnerabilities and exploits during Gaining Access and Maintaining Access phases. |
| Encryption (Types and Algorithms) | Detection of vulnerabilities and exploits during Gaining Access and Maintaining Access phases. |