# OSINT - incorrectly configured github repo - publicly posted code with incidental disclosure of passwords, keys, user names, etc. # Infrastructure Enumeration - Create a list of hosts and IP addresses (using DNS) and compare against our scope/RoE - Determine security measures such as AV, FW, WAF, IPS/IDS, EDR, DLP, etc. # Service Enumeration - Identify interactive services - version - info provided by service - banner grabbing - `nc ip_address 22` to grab port 22 banner # Host Enumeration - Examine hosts in scoping doc - Identify host info - OS - version - service+ports - Examiner hosts from within for sensitive files, local services, scripts, apps, info # Pillaging - Collective sensitive local info on exploited hsot