1. Introduction & Networking

Intro

Ethical hackers are allowed and hired to try to hack into an organization by assessing its security posture.

Network Assessments

• External Pentest - hacking/assessing from outside of the organization's network

  • OSINT (Open-Source Intelligence) - organization's users, web login pages, emails, etc

  • Vulnerability scanning from the Internet

  • Pentest takes 32-40 hours on average and 8-16 hours for report writing

• Internal Pentest - assessing from the inside of the organization's network

  • Active Directory attacks

  • Pentest takes 32-40 hours on average (longer if bigger scope ) and 8-16 hours for report writing

• Web Application Pentest - assessing the web application security

  • Web-based attacks & guidelines

  • Pentest takes a minimum of 32-40 hours and 8-16 hours for report writing

• Wireless Pentest - assessing the wireless network security

  • Guest, WPA2-PSK, WPA2 Enterprise - pentesting with external Wireless adapters

  • Takes 4-8 hours per SSID and 2-4 for report writing

• Physical & Social Engineering Pentest - assessing an organization's physical security

  • On site badges cloning, social engineering, picking locks, etc - depends on the client's goal

  • Phishing, Vishing, Smishing campaigns

  • Lasts 16-40 hours and 4-8 for report writing

• Mobile Pentesting, IoT Pentesting, Red Team Engagements (weeks, months), Purple Team Engagements, Car Hacking, etc

⬇️

Report

• Good technical skills, report writing, communication and presentation skills

• Report withing a week

  • Executive Summary - a non-technical report

  • Technical findings section - for the technicians

  • Recommendations for remediation - clear to both executives and tech staff

⬇️

Debrief

• The client (both technical and executive staff) is taken through the report findings.

• Client can ask questions and address any concerns

• Release the final report

Networking

ifconfig
ipconfig /all

➡️ Layer 3

IP (Internet Protocol) addresses - identify/locate devices on a network, on the layer 3 OSI model.

• IPv4 Address: 192.168.1.50 - decimal notation

  • 4 octets of 8 bits = 32bits = 4bytes

  • Total IPv4 addresses

    $$2^{32} = 4.294.967.296$$
• IPv6 Address: fe80::ab4c:8503:3248:9993%6 - hexadecimal notation

  • 8 groups of 4 hex digits = 128bits

  • Total IPv4 addresses

    $$2^{128} = 3.4×10^{38}$$

➡️ Layer 2

MAC (Media Access Control) access is a unique identifier/hardware address given to NICs (network interface controllers). Used at the layer 2 OSI model (data link).

• MAC Address: 00:50:56:C0:00:01 - hexadecimal notation

  • 6 pairs of hex digits = 48 bits

  • First 3 pairs = NIC manufacturer

  • local network

➡️ Layer 4

TCP (Transmission Control Protocol)

• Connection oriented, high reliability, guaranteed delivery

UDP (User Datagram Protocol)

• Connectionless, lightweight, no acknowledgement/reliability, real-time apps

Common TCP Ports

Common UDP Ports

OSI Model

➡️ OSI (Open Systems Interconnection) model is a conceptual framework that offers a 7 layers structured method for communication system functions and network protocols.

Please ➡️ 1. Physical

• data cables

Do ➡️ 2. Data Link

• Switching, MAC

Not ➡️ 3. Network

• IPs, Routing

Throw ➡️ 4. Transport

• TCP/UDP

Sausage ➡️ 5. Session

• Session management

Pizza ➡️ 6. Presentation

• Media files

Away ➡️ 7. Application

• HTTP, SMTP, apps

Subnetting

Subnetting consists of dividing a network into multiple subnetworks/subnets.

• Subnet - own range of IP addresses

• NAT (Network Address Translation) prevents from running out of IPv4 addresses

CIDR (Classless Inter-Domain Routing) notation

• 192.168.1.0/24 - /xx is the network prefix length (network portion bits number)

  • 24 bits = network portion (turned on bits)

  • (remaining) 8 bits = host portion

  • Total hosts

    $$(2^{8} = 256)-2=254$$
  • Subnet Mask = 255.255.255.0

• Network ID - First Address 192.168.1.0

• Broadcast - Last Address 192.168.1.255