Recognises when vulnerabilities discovered elsewhere can be leveraged as part of a phishing campaign

–

Understands common phishing techniques and how these can lead to compromise

Can retrieve information from SNMP services and understands the MIB structure pertaining to the identification of security vulnerabilities

Can enumerate services, their software types and versions, using banner grabbing techniques

Can obtain information about a target network from information leaked in email headers, HTML meta tags and other locations, such as an internal network IP addresses

Can obtain information about a target network from information leaked in email headers, HTML meta tags and other locations, such as an internal network IP addresses

–

Can use search engines, news groups, mailing lists and other services to obtain information about a target network, such as the name and contact details of the network administrator

Can analyse information from a target web site, both from displayed content and from within the HTML source

Can interrogate a website to obtain information about a target network, such as the name and contact details of the network administrator

Can identify the presence of dangling DNS entries and understands the associated security vulnerabilities (e.g. susceptibility to subdomain takeover)

Can demonstrate how a DNS server can be queried to reveal other information that might reveal target systems or indicate the presence of security vulnerabilities

Can demonstrate how a DNS server can be queried to obtain the information detailed in these records

Understands the Domain Name Service (DNS) including queries and responses, zone transfers, and the structure and purpose of records, including: • SOA • NS • MX • A • AAAA • CNAME • PTR • TXT (including use in DMARC policies) • HINFO • SVR

Understands the format of a WHOIS record and can obtain such a record to derive information about an IP address and/or domain