Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools?

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign.

Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)
A . Scraping social media sites
B . Using the WHOIS lookup tool
C . Crawling the client’s website
D . Phishing company employees
E . Utilizing DNS lookup tools
F . Conducting wardriving near the client facility

View Answer

Answer: A,B

Explanation:

Scraping social media sites can help in gathering email addresses and other information about employees, especially from professional networking sites. This could potentially be done without triggering any of the client ’ s cybersecurity tools as it doesn’t directly interact with the client’s network.

Using the WHOIS lookup tool can provide information about the domain registrant including contact information such as email addresses. It is a non-intrusive method and won’t trigger any cybersecurity tools as it’s performed externally.

C) Crawling the client’s website might trigger cybersecurity tools, especially if the crawling behavior looks suspicious or is causing a significant increase in traffic.

D) Phishing company employees is not a reconnaissance activity. It’s a form of attack.

E) Utilizing DNS lookup tools could be part of reconnaissance but it generally doesn’t provide email addresses.

F) Conducting wardriving near the client facility is a method used to discover wireless networks. It doesn’t typically yield email addresses.