Perform passive and active reconnaissance and analyze the results.
Examples: DNS lookups, identify technical and administrator contacts, cloud versus self-hosted, social media scraping, cryptographic flaws, company reputation and security posture, enumeration, website reconnaissance, packet crafting, defense detection, tokens, wardriving, network traffic, cloud asset discovery, detection avoidance, third-party hosted services