Approach Exam



DBIR (Data Breach Investigations Report) 2018 assignment, 2216 breaches, 28% internal, malware by email using JS

Penetration test (PTES) technical guidelines: 

  1. Intelligence Gathering
    • Open Source Intelligence (OSINT) in the simplest of terms is locating, and analyzing publically (open) available sources of information
    • Tax records:

    • Find all the email addresses on the web for a domain

  2. Vulnerability Analysis
  3. Exploitation
  4. Post Exploitation
  5. Reporting

CVE (common vulnerabilities and exposures) Search

The US National Vulnerability Database (NVD) does include fix, scoring, and other information for identifiers on the CVE List.

Know recon tools:

Whois look up registration and name servers for a domain from regional internet registries

  • whois Enter a or IP

Maltego Gathering information about the people and organisations

  • From Kali maltego
  • CNTL-T = New Graph
  • Click on Infrastructure on the left hand then
  • Click Domain on the left to add a Domain to the graph
  • Double click to edit the domain to edit
  • To do a transform ...
  • User guide

Metagoofil Tool designed for extracting metadata from documents

  • metagoofil -d -t pdf -l 100 -n 25 -o kalipdf -f kalipdf.html

theharvester Command Line Tool to find email addresses

nslookup lookkup DNS records

  • nslookup -q=<MX|A|C>

Phishing emails 

Cyber crime laws Utah Cyber Law

Example Scans with Flags that are set for different

Port Scanning Techniques

Flags Desc Example
-sN No Flags set, header is 0  
-sF TCP FIN bit  
-sX FIN, PSH and URG (christmas)  
-sS SYN -  default, hampered by firewalls, stealthy   
-sU UDP  

What traffic looks like from Pcaps
Know what results mean from console output
Know different scans


Know hash cat:
Different hash types Example hashes
scan types
format of hashes
different attack types

Know what hashes are and what a salt is.
Know password strengths

Know if certain ports are a good or bad idea to have open.

Common Ports

  • TCP 20 and 21 (File Transfer Protocol, FTP)
  • TCP 22 (Secure Shell, SSH)
  • TCP 23 (Telnet)
  • TCP 25 (Simple Mail Transfer Protocol, SMTP)
  • TCP and UDP 53 (Domain Name System, DNS)
  • UDP 69 (Trivial File Transfer Protocol, tftp)
  • TCP 79 (finger)
  • TCP 80 (Hypertext Transfer Protocol, HTTP)
  • TCP 110 (Post Office Protocol v3, POP3)
  • TCP 119 (Network News Protocol, NNTP)
  • UDP 161 and 162 (Simple Network Management Protocol, SNMP)
  • UDP 443 (Secure Sockets Layer over HTTP, https)