Approach Exam
DBIR (Data Breach Investigations Report) 2018 assignment, 2216 breaches, 28% internal, malware by email using JS
Penetration test (PTES) technical guidelines:
- Intelligence Gathering
- Open Source Intelligence (OSINT) in the simplest of terms is locating, and analyzing publically (open) available sources of information
-
Tax records: https://ce.naco.org/
-
hunter.io Find all the email addresses on the web for a domain
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
CVE (common vulnerabilities and exposures) Search
The US National Vulnerability Database (NVD) does include fix, scoring, and other information for identifiers on the CVE List.
Know recon tools:
Whois look up registration and name servers for a domain from regional internet registries
- whois Enter a domain.com or IP https://whois.icann.org/en
Maltego Gathering information about the people and organisations
- From Kali
- CNTL-T = New Graph
- Click on Infrastructure on the left hand then
- Click Domain on the left to add a Domain to the graph
- Double click to edit the domain to edit
- To do a transform ...
- User guide
Metagoofil Tool designed for extracting metadata from documents
-
metagoofil -d kali.org -t pdf -l 100 -n 25 -o kalipdf -f kalipdf.html
theharvester Command Line Tool to find email addresses
nslookup lookkup DNS records
- nslookup -q=<MX|A|C> domain.com
Phishing emails
Cyber crime laws Utah Cyber Law
Nmap
Example Scans with Flags that are set for different
Flags | Desc | Example |
-sN | No Flags set, header is 0 | |
-sF | TCP FIN bit | |
-sX | FIN, PSH and URG (christmas) | |
-sS | SYN - default, hampered by firewalls, stealthy | |
-sU | UDP |
What traffic looks like from Pcaps
Know what results mean from console output
Know different scans
Know hash cat:
Different hash types Example hashes
scan types
format of hashes
different attack types
Know what hashes are and what a salt is.
Know password strengths
Know if certain ports are a good or bad idea to have open.
Common Ports
- TCP 20 and 21 (File Transfer Protocol, FTP)
- TCP 22 (Secure Shell, SSH)
- TCP 23 (Telnet)
- TCP 25 (Simple Mail Transfer Protocol, SMTP)
- TCP and UDP 53 (Domain Name System, DNS)
- UDP 69 (Trivial File Transfer Protocol, tftp)
- TCP 79 (finger)
- TCP 80 (Hypertext Transfer Protocol, HTTP)
- TCP 110 (Post Office Protocol v3, POP3)
- TCP 119 (Network News Protocol, NNTP)
- UDP 161 and 162 (Simple Network Management Protocol, SNMP)
- UDP 443 (Secure Sockets Layer over HTTP, https)