I've been doing a lot of reading indicating that information gathering is extraordinarily important to the pen test methodology, but I'm having some trouble seeing where the line is when we're talking about practice.
I know there is passive information gathering, where we don't do any sort or interaction with the target network, and then there is active, where we do interact with the target network. So, I know that it is probably not a good idea to practice active outside of a virtualized (or heavy metal, for those who can manage that) hack lab.
The problem for me is understanding if practicing passive recon on any sort of random target, for the purposes of practice, is legal. If it is legal, then why does Google occasionally stop people from using certain combinations of advanced operators, and is this activity raising flags, both in terms of doing a black box test and just for my own self as a user of Google?
Comments
No Comments Exist
Be the first, drop a comment!