External Reconnaissance
We (HTB) have addressed the why
and what
of external reconnaissance; let's dive into the where
and how
.
Hunting For Files
Username Harvesting
We can use a tool such as linkedin2username to scrape data from a company's LinkedIn page and create various mashups of usernames (flast, first.last, f.last, etc.) that can be added to our list of potential password spraying targets.
Credential Hunting
Dehashed is an excellent tool for hunting for cleartext credentials and password hashes in breach data. We can search either on the site or using a script that performs queries via the API.
Last updated