Q: How would you conduct information gathering on a target?
A: The information gathering process includes:
- Subdomain Enumeration: Discovering subdomains to expand the attack surface.
- IP Address Discovery: Identifying the target's infrastructure IP addresses.
- Sensitive Information Leakage: Searching for exposed data like API keys, credentials, or internal paths.
- Fingerprinting: Identifying the operating system, web server, programming language, and technologies in use.
- WAF Detection: Identifying the presence and type of Web Application Firewall.
- CDN Detection: Checking if a Content Delivery Network is in use and finding the origin server.
- C-Side Discovery: Finding other servers on the same physical network (C-Class subnet) for potential lateral movement.