Reconnaissance

This is the most crucial phase of a CKC. The adversary will try to gather as much information as possible on the target. For example, an adversary can look for an organization's website for vulnerabilities or an employee's profile/email/credentials for a spear phishing or watering-hole attack. It can also dumpster dive to look for certain credentials and access keys in the target organization's network, Open Source Intelligence (OSINT), and so on.