Exam SY0-601 topic 1 question 250 discussion

https://www.kali.org/tools/theharvester/

theharvester The package contains a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers). kashim

The most efficient approach to perform the analysis and gather publicly available company information without engaging in active reconnaissance is: A. Provide a domain parameter to theHarvester tool. TheHarvester is a reconnaissance tool used for gathering information about email addresses, domain names, and subdomains associated with a target organization. By providing the domain parameter to theHarvester, the tool can query various public sources, such as search engines, social media platforms, and public databases, to collect information about the company that is publicly available. This approach allows the IT security manager to gather relevant information about the company's online presence and potential exposure to malicious actors without directly probing or scanning the company's network or systems, thereby minimizing the risk of alerting or attracting unwanted attention from adversaries.

As an example, theHarvester is a passive reconnaissance commandline tool used by testers in the early stages of a penetration test. It uses OSINT methods to gather data such as email addresses, employee names, host IP addresses, and URLs. It uses popular (and not so popular) search engines for queries and then correlates the results in a comprehensive report

Direct copy from the CompTIA Sec+ material: theHarvester is a tool for gathering open-source intelligence (OSINT) for a particular domain or company name (github.com/laramies/theHarvester). It works by scanning multiple public data sources to gather emails, names, subdomains, IPs, URLs and other relevant data.

Key here is "public information." The Harvester wins.

B is the best answer here. This option gathers information without actively probing the target network which is less invasive compared to the other options provided. Using theharvestes sounds like the obvious answer but it is wrong because it can trigger security alerts.

B. Check public DNS entries using dnsenum. The most efficient approach to analyze company information that is publicly available without engaging in active reconnaissance, which could potentially raise red flags or disrupt services, is to use a tool like "dnsenum" to check public DNS entries. Dnsenum is a passive reconnaissance tool that gathers information from DNS records and publicly available data sources without actively probing or scanning the target network. It helps collect information about hostnames, subdomains, IP addresses, and more based on the DNS data that is publicly accessible. This approach is less likely to trigger security alerts or be considered invasive, making it a suitable choice for gathering publicly available data in a non-disruptive manner.

If you use ChatGBT wisely it gives the true answer. Here ChatGBT omits "the MOST efficient approach to perform the analysis" and I ask the question stating the efficieny, it changed B to A.

Use ChatGPT at your peril.

TheHarvester is a reconnaissance tool used to gather publicly available information about a target domain. By providing the domain parameter to theHarvester, the tool will search for and collect information from various public sources such as search engines, social networks, and other online resources. This can include email addresses, subdomains, employee names, and other information that could be publicly accessible. Using theHarvester to gather such information is an efficient approach as it allows the IT security manager to quickly obtain relevant data about the company's publicly available information without engaging in any intrusive or active reconnaissance methods. It provides a passive way to discover potential security risks and information exposure without directly interacting with the target's systems or networks.

While option A, using theHarvester tool with a domain parameter, can also be a valid approach to gather publicly available information, it may not be as efficient as option B in the given scenario. per chat gpt

A. Provide a domain parameter to theHarvester tool is the most efficient approach to perform the analysis. TheHarvester is a powerful tool specifically designed to search and identify public data related to a domain or organization. This tool can quickly gather information such as emails, subdomains, and hostnames that are publicly available.

A and B are used for passive information gathering, but theHarvester tool is used for searching emails. The correct answer is B. Others are for active information gathering

I would like to vote for A, but my thinking is… Is this the most practical solution? Harvester tool = Python… I guess Im trying to compare A and B.. Eventhough both answers make sense in a way.. Im trying to figure what could be the best solution from the practicality and basic perspectives from Cyber Security…

theharvester The package contains a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

The answer is A. The question is about active and non active recon. Only option A fits.