The first step in a pen test is to gather as much information you can on your target company. This consists
of how much you can find out about their company concerning their overall network, personnel, technology.
This may be infrastructure or desktops, including hardware and software, e-mail addresses, etc. Record all
your information in Chapter 3, Information Gathering Risk section, indicating what you were able to find, how
you found it, and what you may recommend to the (company) as a way to limit the amount of information that
can be found about them. Also, include any names and associated e-mail addresses you find from
management that could be used later in a social engineering attack. The only rule for information gathering is
that you are NOT allowed to touch the company’s network. At all. Use single third-party resources. This means
you are NOT to use NMAP or any other type of scanner to scan the existing network.

Sample Solution