• Understands the Domain Name Service (DNS) including queries and responses, zone transfers, and the structure and purpose of records, including:

• SOA • NS • MX •A •AAAA •CNAME •PTR

• TXT (including use in DMARC policies)

• HINFO •SVR

• Can demonstrate how a DNS server can be queried to obtain the information detailed in these records.
• Can demonstrate how a DNS server can be queried to reveal other information that might reveal target systems or indicate the presence of security vulnerabilities.
• Can identify the presence of dangling DNS entries and understands the associated security vulnerabilities (e.g. susceptibility to subdomain takeover)

• Can interrogate a website to obtain information about a target network, such as the name and contact details of the network administrator.
• Can analyse information from a target web site, both from displayed content and from within the HTML source.

• Can use search engines, news groups, mailing lists and other services to obtain information about a target network, such as the name and contact details of the network administrator.
• Can analyse e-mail headers to identify system information.

• Can enumerate services, their software types and versions, using banner grabbing techniques.

• Can retrieve information from SNMP services and understands the MIB structure pertaining to the identification of security vulnerabilities.

• Understands common phishing techniques and how these can lead to compromise.
• Recognises when vulnerabilities discovered elsewhere can be leveraged as part of a phishing campaign.