There is always the obvious public source: name servers (like nslookup), whois servers (Internic is a good place to start), dejanews postings (dredge up interests as well as email addresses, paths,...) and such. I took your question to refer to public sources, yes? I like to start at http://www.ms.mff.cuni.cz/cgi-bin/dns?SERVER=bsu.edu&DEF_SERV=Default+Server&DOMAIN=mff.cuni.cz&NAME=&IP= Nice, out of the way, hard to trace through,... V/R Jim Trey Mujakporue wrote: > > Im about to start work on a completely blind penetraton test for a client. > The only information i have been given is the company name. From this i can > get their corporate web site and from there do a DIG for more company info > and address ranges > after which i can start my reconnaissance. > Question, can anyone out there offer any tips based on this scenario? > > #include <signature.h> > ://Trey Atarhe Mujakporue > ://tmujakat_private > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ -- James W. Meritt, CISSP, CISA Booz, Allen & Hamilton phone: (410) 684-6566 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 10:39:40 PDT