Skip to main content

Q: How would you conduct information gathering on a target?

A: The information gathering process includes:

  • Subdomain Enumeration: Discovering subdomains to expand the attack surface.
  • IP Address Discovery: Identifying the target's infrastructure IP addresses.
  • Sensitive Information Leakage: Searching for exposed data like API keys, credentials, or internal paths.
  • Fingerprinting: Identifying the operating system, web server, programming language, and technologies in use.
  • WAF Detection: Identifying the presence and type of Web Application Firewall.
  • CDN Detection: Checking if a Content Delivery Network is in use and finding the origin server.
  • C-Side Discovery: Finding other servers on the same physical network (C-Class subnet) for potential lateral movement.