Sorry, I wasn't sure where to leave my question, so I put it as an issue. It really deals with cyber security, but I have no idea where to ask so I figured I would try you guys.

I have been recently looking into things of cyber reconnaissance lately, and everything seems to have the idea that the target of reconnaissance is known beforehand. My question would be then, can you do reconnaissance on an initially unknown target?

An example of this would be that there are two computers in closed rooms that have no knowledge of each other and they are both connected to the internet. Can one somehow discover the other? If so how?

Start from relevance targets associated with your target

Example:

Website_A is secured by cloudflare CDN, you have no idea what its IP address is

You can then search its content or fingerprints for records on services such as Censys or Shodan

See if the target servers were exposed to public and accessible

And then just simply start the penetration testing SOP