Step 1: RECONNAISSANCE – typically an open source intelligence style of an activity, which involves gathering email addresses, publicly identifiable information belonging to target company’s staff members, their position in the company, area of expertise, online presence, interests, participation in conferences and training events, and so on.
The reconnaissance step focuses on establishing not only who has access to a system, but also attempts to map out the target’s infrastructure, type of security tools used, software, devices and an overall security posture of the target. Reconnaissance can be passive (OSINT and research) or active (gaining unauthorised access to any of the target’s digital resources).