13 hours 9 minutes
hello and welcome to another penetration testing, execution Standard discussion. Today we're going to be going over the areas that we're going to hit in the intelligence gathering section of Pee Tests. So with that, let's jump right in.
The first section we're going to hit is general background concepts. And so we're going to talk about
the different types of intelligence that you can get, what those levels are
and what the considerations are for obtaining that level of information. Within this intelligence gathering phase,
we're going to talk about some basics of intelligence gathering. So what it is,
why do it and what it is not and going over each of those areas,
we're going to talk about target selection, specifically identification and naming of targets. Consider considering the rules of engagement limitations within that, considering time links for the test and considering in goal of the test, which you're hoping to achieve by the end of the penetration test,
we're going to break open source intelligence into two parts where we're going to cover the combined sets of information covering corporate data and several subsections such as physical logical, the order chart, electronic infrastructure, assets and financial for corporate data. And then we're going to look at individual data
such as employee information and things of that nature.
We'll talk about covert gathering such a za corporate gathering on site and off site, as well as some discussions on human intelligence and the results of that and how it will look.
We're going to break foot pointing up into two separate discussions where we'll talk about external foot printing what it is. Areas within external foot printing, active foot printing and establishing external target listening, as well as touching on some tools within the technical guidelines that we can use. Within this phase an area
we'll talk about internal foot printing what it is. Passive reconnaissance, identifying customer internal ranges and active reconnaissance. Again looking at tools that can assist in doing that internal foot printing activity.
We'll also look at identity protection mechanisms. What are those mechanisms such as network based protections, host based protections, application level protections, storage protections and user protections. Each of those areas will identify some key systems that are associated with those protection types
and some common technical guides, as well as information that could be used to potentially
circumvent those protections as well. So with that in mind, I want to thank you for your time today. And I look forward to seeing you again soon.