Cyber security enumeration is a process used by both security professionals and attackers alike to establish a collective knowledge of the target and its assets. Using this knowledge specific attack vectors can be used to target weak points that exist based on the information gathered.
Enumeration can take many forms but a typical enumeration phase will collect the following information:
Enumeration tactics are varied and can take the form of extracting data from social media, collecting company documentation online and extracting leaked information from the headers of files. Operating system information can be disclosed unintentionally by the configuration of web services. Additionally, corporate web applications can reveal detailed information about the company and its resources.
The term “Enumeration Attack” is the first phase process followed by a malicious attacker used to gain knowledge and understanding of the target and therefore establish potential avenues of attack.
If you like this blog post, find more content in our Glossary.