A penetration tester cannot find information on the target company’s systems using common OSINT methods. The tester’s attempts to do reconnaissance against internet-facing resources have been blocked by the company’s WAF.
Which of the following is the best way to avoid the WAF and gather information about the target company’s systems?
A . HTML scraping
B . Code repository scanning
C . Directory enumeration
D . Port scanning
Answer: B
Explanation:
When traditional reconnaissance methods are blocked, scanning code repositories is an effective method to gather information.
Here’s why:
Code Repository Scanning:
Leaked Information: Code repositories (e.g., GitHub, GitLab) often contain sensitive information, including API keys, configuration files, and even credentials that developers might inadvertently commit.
Accessible: These repositories can often be accessed publicly, bypassing traditional defenses like WAFs.
Comparison with Other Methods:
HTML Scraping: Limited to the data present on web pages and can still be blocked by WAF. Directory Enumeration: Likely to be blocked by WAF as well and might not yield significant internal information.
Port Scanning: Also likely to be blocked or trigger alerts on WAF or IDS/IPS systems.
Scanning code repositories allows gathering a wide range of information that can be critical for further penetration testing effort
Latest PT0-003 Dumps Valid Version with 131 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund