<aside> ⚠️ Find more in the dedicated section :

</aside>

Breach credentials

https://github.com/hmaverickadams/breach-parse

TCM tool for breach parsing (⚠️  45Go of database to download)

Huge breached asset database

On first day of research, always searching for as much information as possible

Identifying Employees & Emails

Phonebook.cz

Search in LinkedIn, look for employee

Take all the user name find and compare with breach

Enumerating Valid Accounts (Pre-Attack)

Find login portal and try email / password

if find incorrect email notification, note it because it indicates if an email is valid or not

Also try with reset password with the same idea

Better on small size attack

Other useful information

Job posting

Find architectures

Web password policy