The first baby step in the attack process or kill chain is to conduct information harvesting, or reconnaissance, to identify the right information on the target with the use of OSINT. Passive reconnaissance provides a real-time view of an attacker's eye on a company. This is a stealthy assessment; the IP address or activities of an attacker are almost indistinguishable from normal business as usual. The same information is extremely fruitful during social engineering types of attacks, or facilitating other attacks. We have now built our own custom script to save time, and performed passive reconnaissance using both offensive and defensive OSINT.
In the next chapter, we will be learning the different types of reconnaissance in an active sense, and make use of the data that we harvested using OSINT. Although active reconnaissance techniques will provide more information...