Steps and Methods

Step 1: Reconnaissance - Finding the Targets

Step 2: Probing - Finding the vulnerabilities

Step 3: Exploiting the vulnerabilities

---

Using OSINT tools, you can find info like:

domain registration, IP address, staff to target for credentials that would have admin privileges, and what vendors your target uses for software and hardware

Recon

IANA - Internet Assigned Numbers Authority

IP addresses are divided into 5 regions

AfriNIC - Africa Region

APNIC - Asia/Pacific

ARIN - North America

LACNIC - Latin america and Carribean

RIPE - Europe, Middle east, Central Asia

---

Each Region has a WHOIS service

Tools for finding info (OSINT)

ICANN - Internet Corporation for Assigned Names and Numbers

who is Enter Domain name

ip info Information about an IP address

bgp.tools Search by ASN (AS13335), Prefix (8.8.8.0/24), DNS (bgp.tools), or MAC Address (3c:ec:ef:6f:8d:75)