Utilizing Social Media
Websites liked Linkedin or Twitter can deliver valuable information, too, e.g. badge photos or desk photos.
Linkedin profiles also give an easy way of finding employee names, figure out current email addresses (e.g. in combination with the email address structure found with the help of hunter.io) or photos. There are tools available to scrape this kind of information automatically, e.g. using Python.
People are always the weakest link when it somes to security, e.g. because they are lazy and use simple passwords or because they post information that they should not be posting.
As a pentester, we should use a “peeping account” rather than an account in our real name so that we do not leave any clues as to who is looking into their profiles and why.
Information gathering with Google and Linkedin and thorough enumeration of vulnerabilities are the keys to successful penetration testing! We are mainly after breached credentials in this phase!