Questions? Call 877-752-7170 or


Advanced Recon Techniques or How We Find All The Things (part 1)

After the rules of engagement are finalized but before we actually start a penetration test, we perform no-touch reconnaissance or “recon”, all without sending a single packet to our target organization’s environment. The goal is to identify all the in scope assets and data exposures, as the more coverage we attain of a target environment the more thorough we can be with our penetration testing. This information can include things like ip addresses, subdomains, code repositories, employee data or anything that tells us more about the company and introduces a crack in the external defenses.

Continue reading