HTW Berlin Fachbereich 4 Cyber-Security & Business Social Engineering Winter Term 2025/26

Lab 4: OSINT

1. Continue working together with your partner from last session.
   
2. For the company that you chose last week, pretend that you are planning a pen test. What information about the company can you gather ONLY using open source information? Do not attempt any sort of intrusion or social engineering experiment! Gather as much information as possible as if you were an attacker. Don't contact the company. Take notes on HOW you managed to find the information WHERE.
   
3. Did you have to make any changes to your documentation plan? Explain!
   
4. What information would you use to conduct a pentest? How would you go about doing it?
5. If you observe any kind of vulnerability, do NOT exploit it, but contact the instructor so that you can go about responsible disclosure.
   
6. Prepare a PDF report documenting the process you followed and the final version of your document that you would submit to the customer. Include a personal reflection from each of you on this exercise. 
   

Submit the written report to the Moodle area by 22.00 the evening before our next session. Don't forget to include everyone's name and report formalities such as page numbers and a date! Everyone submits a copy of the report.