Fox and falcon recon lab¶
Most organisations have a sense of what an attacker could discover about them from outside. Almost none have tested it. The gap between the assumed exposure and the real exposure is not small, and it tends to concentrate wherever internal security has been careful while external discoverability was treated as someone else’s problem.
The fox and falcon recon lab is a full-day, hands-on investigation into that gap.
The workshop¶
In the morning, the falcon’s view: participants work with publicly available sources, websites, staff directories, published documents, metadata in shared files, to build a specific and usable picture of an organisation’s exposure. The aim is not to demonstrate that information exists but to map what an attacker learns first, and what that makes possible next.
The midday session shifts to the fox’s view: active probing. Participants run light, controlled scans in a safe lab environment, discovering which actions produce immediate, visible traces and which generate no signal at all. The asymmetry between what feels significant and what actually appears in the monitoring is consistently surprising, and that surprise is the data.
The fusion session in the afternoon brings both views together into an Attack Surface Map: a single diagram showing where exposure is concentrated, which signals exist, and where the monitoring has no model for what it is seeing. Teams also produce a Recon Dossier from their own investigation, not filled in from a template.
The workshop runs for a full day in a local lab environment with no cloud dependency. No technical background is assumed; facilitators guide every step.