A penetration tester is initiating a passive reconnaissance exercise. The goal is to gather as much information as possible about the target corporation without alerting any defensive systems. Which of the following actions would be MOST effective for identifying the technologies used by the corporation, potentially leading to discovery of related vulnerabilities?
Scrutinizing website SSL certificates and their revocation status.
Reviewing job postings for detailed technology stack information.
Inspecting website links via manual exploration to detect network endpoints.
Issuing a tailored packet crafting exercise to enumerate devices.
Searching for technology stack details on job listings can reveal valuable information about the technologies a corporation uses without interacting with the target systems or networks, thus remaining truly passive. When companies post job advertisements, they often list the skills and technologies they use, inadvertently exposing potential attack vectors to penetration testers. This information may lead to uncovering known weaknesses or exploits associated with the specified technologies. The other options are more intrusive, not strictly considered passive, or less likely to provide technology-specific details that can be targeted in an attack.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is passive reconnaissance in penetration testing?
Open an interactive chat with Bash
Why are job postings useful for identifying a corporation's technology stack?
Open an interactive chat with Bash
What are some examples of related vulnerabilities that can be discovered through technology stack identification?