You have engaged in a double-blind pentest contract and get started to conduct testing. After searching the client’s WHOIS DNS data and job vacancies posted on job boards, you decide to proceed to the next stage. Which of the following activities least likely follows what you have completed?
A. Lookup the DNS MX records
B. Masquerade as a job applicant
C. Conduct OSINT (Open-source intelligence)
D. Cloak a port scan with decoys to hide your IP address

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Conduct OSINT (Open-source intelligence).

BLIND TESTING AND DOUBLE-BLIND TESTING

Blind testing simulates a real hacker. The client provides the pen testing team with limited or no information before the test.

Double-blind testing is an advanced version of blind testing. The main difference lies in that only limited people know the existence of the pen testing project.

Either in blind testing or double-blind testing, the pen testers have to gather information about the client and the target of evaluation (TOE). Google, social media, job boards, or  DNS WHOIS database are typical information sources that don’t need to interact with the client or TOE, also known as passive testing. Active testing, on the contrary, requires interaction with the TOE.

In blind testing or double-blind testing, active testing (information gathering) is usually conducted before active testing to keep the testing unaware or in secret.

OSINT (Passive Informatoin Gathering)

Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context. In the intelligence community, the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources). It is not related to open-source software or collective intelligence.

Source: Wikipedia

Searching the client’s WHOIS DNS data and job vacancies posted on job boards is, in fact, part of OSINT, passive information gathering at the first stage in the general pen testing approach.

Since the OSINT has been finished and you decide to proceed to the next stage, OSINT least likely follows (to be conducted again) even though OSINT is typically conducted iteratively.

References

• WORKING WITH ACTIVE AND PASSIVE EXPLOITS IN METASPLOIT
• These Are The Different Types of Penetration Testing
• Footprinting
• Security Tip: Avoid Detection with nmap Port Scan Decoys
• What is Enumeration?
• Port scanner