What is likely included in the reconnaissance phase of a pentest?

During the reconnaissance phase of a penetration test, the primary goal is to gather as much information as possible about the target environment. This phase is crucial for identifying potential entry points and understanding the layout of the target's infrastructure.

By obtaining details about network shares and users, a tester can gain insights into the resources available in the environment and how to access them. This information is vital for planning further actions in the testing process, such as identifying vulnerable systems or accounts that could be exploited.

The reconnaissance phase typically focuses on passive information gathering, which can include various techniques and tools to collect data without directly interacting with the target systems. This helps testers formulate a strategy for later phases of the pentest, ensuring a more effective approach to exploiting vulnerabilities.

Therefore, the inclusion of network shares and user details in the reconnaissance phase is key to building a comprehensive understanding of the target's security posture and potential weaknesses.