1. Introduction & Networking
Intro
Ethical hackers are allowed and hired to try to hack into an organization by assessing its security posture.
Network Assessments
External Pentest - hacking/assessing from outside of the organization's network
OSINT (Open-Source Intelligence) - organization's users, web login pages, emails, etc
Vulnerability scanning from the Internet
Pentest takes 32-40 hours on average and 8-16 hours for report writing
Internal Pentest - assessing from the inside of the organization's network
Active Directory attacks
Pentest takes 32-40 hours on average (longer if bigger scope ) and 8-16 hours for report writing
Web Application Pentest - assessing the web application security
Web-based attacks & OWASP guidelines
Pentest takes a minimum of 32-40 hours and 8-16 hours for report writing
Wireless Pentest - assessing the wireless network security
Guest, WPA2-PSK, WPA2 Enterprise - pentesting with external Wireless adapters
Takes 4-8 hours per SSID and 2-4 for report writing
Physical & Social Engineering Pentest - assessing an organization's physical security
On site badges cloning, social engineering, picking locks, etc - depends on the client's goal
Phishing, Vishing, Smishing campaigns
Lasts 16-40 hours and 4-8 for report writing
Mobile Pentesting, IoT Pentesting, Red Team Engagements (weeks, months), Purple Team Engagements, Car Hacking, etc
⬇️
Report
Good technical skills, report writing, communication and presentation skills
Report withing a week
Executive Summary - a non-technical report
Technical findings section - for the technicians
Recommendations for remediation - clear to both executives and tech staff
⬇️
Debrief
The client (both technical and executive staff) is taken through the report findings.
Client can ask questions and address any concerns
Release the final report
Networking
➡️ Layer 3
IP (Internet Protocol) addresses - identify/locate devices on a network, on the layer 3 OSI model.
IPv4 Address:
192.168.1.50
- decimal notation4 octets of 8 bits = 32bits = 4bytes
Total IPv4 addresses
IPv6 Address:
fe80::ab4c:8503:3248:9993%6
- hexadecimal notation8 groups of 4 hex digits = 128bits
Total IPv4 addresses
➡️ Layer 2
MAC (Media Access Control) access is a unique identifier/hardware address given to NICs (network interface controllers). Used at the layer 2 OSI model (data link).
MAC Address:
00:50:56:C0:00:01
- hexadecimal notation6 pairs of hex digits = 48 bits
First 3 pairs = NIC manufacturer
local network
➡️ Layer 4
TCP (Transmission Control Protocol)
Connection oriented, high reliability, guaranteed delivery
3 Way Handshake:
SYN
➡️SYN ACK
➡️ACK
= Connection established
UDP (User Datagram Protocol)
Connectionless, lightweight, no acknowledgement/reliability, real-time apps
Common TCP Ports
21 / 990
FTP (File Transfer Protocol) / FTPS (FTP over SSL/TLS)
22
SSH (Secure Shell)
23
Telnet
25
SMTP (Simple Mail Transfer Protocol)
53
DNS (Domain Name System)
80 / 443
HTTP / HTTPS (Hypertext Transfer Protocol over SSL)
110
POP3 (Post Office Protocol)
123
NTP (Network Time Protocol)
139 / 445
NetBIOS / SMB, Samba (Server Message Block)
143
IMAP (Internet Message Access Protocol)
389
LDAP (Lightweight Directory Access Protocol)
1433-1434
Microsoft Sql Server
3306
MySQL
3389
RDP (Terminal Server)
Common UDP Ports
53
DNS (Domain Name System)
67 / 68
DHCP (Dynamic Host Configuration Protocol)
69
TFTP (Trivial File Transfer Protocol)
161
SNMP (Simple Network Management Protocol)
389
LDAP (Lightweight Directory Access Protocol)
OSI Model
➡️ OSI (Open Systems Interconnection) model is a conceptual framework that offers a 7 layers structured method for communication system functions and network protocols.
Please ➡️ 1. Physical
data cables
Do ➡️ 2. Data Link
Switching, MAC
Not ➡️ 3. Network
IPs, Routing
Throw ➡️ 4. Transport
TCP/UDP
Sausage ➡️ 5. Session
Session management
Pizza ➡️ 6. Presentation
Media files
Away ➡️ 7. Application
HTTP, SMTP, apps
Subnetting
Subnetting consists of dividing a network into multiple subnetworks/subnets.
Subnet - own range of IP addresses
NAT (Network Address Translation) prevents from running out of IPv4 addresses
CIDR (Classless Inter-Domain Routing) notation
192.168.1.0/24
-/xx
is the network prefix length (network portion bits number)24 bits = network portion (turned on bits)
(remaining) 8 bits = host portion
Total hosts
Subnet Mask =
255.255.255.0
Network ID - First Address
192.168.1.0
Broadcast - Last Address
192.168.1.255
🔗 Subnet Calculator - vultr.com
Last updated