I've been doing a lot of reading indicating that information gathering is extraordinarily important to the pen test methodology, but I'm having some trouble seeing where the line is when we're talking about practice.
I know there is passive information gathering, where we don't do any sort or interaction with the target network, and then there is active, where we do interact with the target network. So, I know that it is probably not a good idea to practice active outside of a virtualized (or heavy metal, for those who can manage that) hack lab.
The problem for me is understanding if practicing passive recon on any sort of random target, for the purposes of practice, is legal. If it is legal, then why does Google occasionally stop people from using certain combinations of advanced operators, and is this activity raising flags, both in terms of doing a black box test and just for my own self as a user of Google?
1 Response
If the person you gather info about is aware that you are doing it and permits you to do it, it is legal in most cases.
Share Your Thoughts