Here's a refined and visually structured version with better readability and organization:

---

🕵️ Reconnaissance 🔍

Goal:

📌 The attacker gathers intelligence about the target to plan future attacks.

Techniques:

🛠 Open-Source Intelligence (OSINT) | 🌐 Network Scanning | 🎭 Social Engineering

---

🎣 What is Phishing?

Phishing for information is a social engineering attack where adversaries attempt to trick targets into revealing sensitive data such as:
✅ Credentials (Usernames, Passwords)
✅ Financial Information (Bank Details, Credit Card Numbers)
✅ Internal Company Data (Organizational Structure, Policies)

Unlike traditional phishing, which often focuses on delivering malware, this method primarily aims to gather actionable intelligence for future attacks.

🛠 Sub-Techniques:

🔹 Spearphishing Service – Using third-party platforms like social media & personal email.
🔹 Spearphishing Attachment – Sending malicious files via email (PDF, DOC, XLS).
🔹 Spearphishing Link – Directing victims to credential-harvesting phishing pages.
🔹 Spearphishing Voice (Vishing) – Using phone calls to extract sensitive information.

---

🔍 Search Methods for Intelligence Gathering

🔐 🔎 Search Closed Sources (비공개 소스 검색)

Collection of technical/threat intelligence from non-public sources:
✔ Paid/non-public databases (e.g., RocketReach, CrunchBase business databases)
✔ Dark web monitoring for leaked credentials and internal documents
✔ Goal: Gain initial access or prioritize advanced attacks based on collected intelligence

---

🌎 📂 Search Open Technical Databases (공개 기술 데이터베이스 검색)

Collection of technical/threat intelligence from public sources:
✔ WHOIS database – Identifying domain registration details (organization names, location)
✔ Digital certificates – Extracting information from SSL/TLS certificates
✔ CDN (Content Delivery Network) insights – Analyzing CloudFlare CDN and related services

🔍 Internet-Connected Device Search:
✔ Shodan – Searches for exposed internet-connected devices using various filters (open ports, services, IPs)
✔ FOFA – The Chinese equivalent of Shodan for identifying exposed devices

---

🌐 🔗 Search Open Websites & Domains (공개 웹사이트/도메인 검색)

✔ Social media, search engines, business hosting sites, code repositories
✔ Kimsuky – Known to initiate reconnaissance via Google searches
✔ LAPSUS$ – Exploited credentials exposed in code repositories (e.g., GitHub leaks)

---

🏢 📑 Search Victim-Owned Websites (공격 대상 웹사이트 분석)

✔ Analyzing target websites to extract:
🔹 Department & business unit names
🔹 Physical locations
🔹 Organizational hierarchy & key personnel
🔹 Employee roles, emails, and other relevant details

---

This version enhances clarity, structure, and readability while making it more visually appealing. 🚀