Intelligence gathering

Once you have completed the pre-engagement phase, you need to gather as much information as you can before you begin your attack. In the intelligence-gathering phase, also referred to as information gathering, you start looking at how much information you can obtain about your target. You will gather information from publicly accessible resources. This is known as Open Source Intelligence (OSINT). You will start leveraging tools that can assist you, such as Maltego and Shodan.

The importance of intelligence gathering is that you are able to detect entry points into the target organization. Businesses and employees do not take into account how much of their data they can expose on the internet, so this data becomes a wealth of information for a determined attacker.

In Chapter 3, Performing Information Gathering, we will cover information gathering in more detail.