Conducting External Reconnaissance with OSINT When to Use - Performing the initial reconnaissance phase of a penetration test to gather intelligence before active scanning - Mapping an organization's external attack surface to identify unknown or shadow IT assets - Collecting employee information, email formats, and organizational structure for social engineering campaigns - Identifying exposed credentials, leaked data, or sensitive documents published on the internet - Scoping the breadth of an organization's digital footprint prior to a red team engagement Do not use for stalking, harassmen…