As a penetration tester, you are tasked with gathering intelligence about a target company's technology stack without alerting them to your activities. Which of the following methods would provide insight into the technology stack without directly engaging with the target's systems or networks?
Performing DNS lookups to identify all the subdomains of the company
Reviewing the target company's job listings for technology skill requirements
Conducting a scan of the target's IP address space to detect running services
Establishing a connection to the target's network to monitor outgoing traffic
Reviewing job listings can provide insight into the technology stack a company uses based on the skills and experience they are seeking in candidates. This method is passive because it does not require any interaction with the target's systems. DNS lookups involve queries to DNS servers, which may still be considered passive, but it does not yield technology stack information directly. Attempting to connect to the target's network or scanning their IP addresses are active reconnaissance methods that could potentially alert the target to the presence of a reconnaissance activity.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is reviewing job listings considered a passive reconnaissance method?
Open an interactive chat with Bash
What kind of technology stack information can be inferred from job listings?
Open an interactive chat with Bash
What are the risks associated with active reconnaissance methods?