Information gathering is one of the first steps during an engagement. The goal of information gathering is to increase understanding of the target infrastructure, business practices, and information available via open source. The information gathered during this step are used to inform later stages of the engagement.
The following is a sample checklist for researching a target.
Review the target's public facing website and social media accounts
What does the target do?
How is the organization structured?
Take note of contact information for key personnel (leadership/management, IT personnel, etc.)
Collect phone and fax numbers, email addresses, usernames, position titles, pictures, etc.
Identify email address structures used by the target.
Identify internal business practices.
Pay particular attention to "about" pages, as these often contain names, social media links, and email addresses.
Use basic tools to gain additional information about the target's network
Perform whois and DNS enumeration to identify target registrar and DNS information