What types of connection does an attacker initiate during the Enumeration phase of an attack? What kinds of information are attackers looking for during this phase? How would you enumerate and prevent enumeration with: Email IDs Default Passwords SNMP Brute Forcing Active Directory DNS Zone Transfer What are protocol types and ports for for: DNS… Continue reading Enumeration
I had the chance to participate in a panel to help students at the local tech college get an IT job by providing the perspective of an employer – I thought I’d try to impart all of the pieces I remembered from all of the panel members (including myself).
Presented by Santiago Special Note: First live meetup in over a year! Setup Ubuntu 20.04 – https://ubuntu.com/download/desktop BurpSuite CE – https://portswigger.net/burp/communitydownload Docker – https://docs.docker.com/engine/install/ubuntu/ Damn Vulnerable Web App – https://dvwa.co.uk/ BurpSuite Designed for web app security assessments Default Tools: Proxy Repeater Decoder Comparer Sequencer Intruder Extender CE vs Professional – Professional has a couple of… Continue reading BurpSuite – DC435 June ’21
There are several useful scan types for NMAP, here are the usages.
Section Overview Once an overall picture (footprint) of a network has been established, the next step is to take that information and probe for useful information about what’s in the network. Questions What are the objectives of a network scan? What is the difference between TCP and UDP? What are the flags used by TCP?… Continue reading Scanning Networks
Section Overview When profiling a target it’s important to know what you’re up against. There are several methods to gain information – most of which is available publicly. The information posted are quite often valuable for job seekers and people looking to do business with the target, however these same sources of information can be… Continue reading Footprinting and Recon
Section Overview There needs to be a solid grounding in basic terms and ideas that used in Penetration Testing as a whole and by extension Ethical Hacking. An Ethical Hacker needs to understand systems and why they are built the way they are, as well they need to understand things such as legal and regulator… Continue reading Introduction to Ethical Hacking
I’ve never been a great student – I’ve always just gone off of what I can remember from lectures and simply reading assigned pages. That approach typically allowed me to recall facts well enough that when it came test time I’d do well enough – usually Bs and Cs but hardly ever As and it… Continue reading Study Methodology
I’ve decided to go after the Certified Ethical Hacker certification v11. Why do it? For a long time, I always wanted to be a hacker, even though I had no idea what it actually meant. Now that I’ve been involved in the security space, I understand that a hacker (at least in the definition I… Continue reading Going for my CEH v11