Which of the following is NOT a common information gathering technique?

Correct answer: Data exfiltration

Option B, data exfiltration, is the correct answer because it is NOT an information gathering technique; it is instead a post-exploitation activity where an attacker removes or transfers data from a target environment after access has already been established. Option A, port scanning, is a fundamental reconnaissance technique used to discover open ports and running services on target systems. Option C, OSINT (Open Source Intelligence), is a core information gathering method that involves collecting publicly available data from sources such as websites, social media, and public records. Option D, social engineering, is an information gathering technique in which an attacker manipulates individuals into disclosing sensitive information, making it a common part of the reconnaissance phase.