What, according to you, are the necessary activities that a penetration tester needs to perform while conducting a penetration test to discover valid usernames?
1. Do these activities change your approach if you are performing Black, White, or Grey Hat pen testing? How so? What would be different and why?
2. In today’s environment and culture, how important do you feel that enumerating valid usernames is? Compare and contrast these methods (used to obtain usernames) against sending phishing or whaling emails to gain access for example. In which scenarios would you need to perform either or both to accomplish your task?