Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools?

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign.

Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)
A . Scraping social media sites
B. Using the WHOIS lookup tool
C. Crawling the client’s website
D. Phishing company employees
E. Utilizing DNS lookup tools
F. Conducting wardriving near the client facility

View Answer

Answer: A,C

Explanation:

Technical and billing addresses are usually posted on company websites and company social media sites for the their clients to access. The WHOIS lookup will only avail info for the company registrant, an abuse email contact, etc but it may not contain details for billing addresses.