Last week I saw a post on r/AskNetsec with a Redditor asking for help reaching out to a Hong Kong company who had all of their company data open to the internet (non-password protected directory on their server). I volunteered helping the Redditor as I understand Chinese.
The Redditor had trouble finding contact info for the company and after looking at the company name, I went on a hunt to see what data I could enumerate on the company.
Sun Zhu once said:
夫未战而庙算胜者,得算多也;未战而庙算不胜者,得算少也。
The general who wins the battle makes many calculations in his temple before the battle is fought. The general who loses makes but few calculations beforehand.
This holds true for pentesting or really any form of NetSec. You need to spend time learning everything you can about your target to help you strategically plan your attack. While I was doing this to be helpful, the enumeration of a company is a key first step in any pentest engagement.
I was quickly able to find an email, phone number, and a name of a contact for the company so the Redditor could contact them. I also reached out to the company contact with an email in Chinese in case they could not understand the Redditor. Hopefully this has protected a company from losing lots of corporate data and personally identifiable information of its employees and clients.