An attacker has gathered information about a company employee by obtaining publicly available information from the Internet and social networks. Which of the following types of activity is the attacker performing?
A. Pivoting
B. Exfiltration of data
C. Social engineering
D. Passive reconnaissance