Ethical hackers are allowed and hired to try to hack into an organization by assessing its security posture.
- External Pentest - hacking/assessing from outside of the organization's network
- OSINT (Open-Source Intelligence) - organization's users, web login pages, emails, etc
- Vulnerability scanning from the Internet
- Pentest takes 32-40 hours on average and 8-16 hours for report writing
- Internal Pentest - assessing from the inside of the organization's network
- Active Directory attacks
- Pentest takes 32-40 hours on average (longer if bigger scope ) and 8-16 hours for report writing
- Web Application Pentest - assessing the web application security
- Web-based attacks & OWASP guidelines
- Pentest takes a minimum of 32-40 hours and 8-16 hours for report writing
- Wireless Pentest - assessing the wireless network security
- Guest, WPA2-PSK, WPA2 Enterprise - pentesting with external Wireless adapters
- Takes 4-8 hours per SSID and 2-4 for report writing
- Physical & Social Engineering Pentest - assessing an organization's physical security
- On site badges cloning, social engineering, picking locks, etc - depends on the client's goal
- Phishing, Vishing, Smishing campaigns
- Lasts 16-40 hours and 4-8 for report writing
- Mobile Pentesting, IoT Pentesting, Red Team Engagements (weeks, months), Purple Team Engagements, Car Hacking, etc
⬇️
- Good technical skills, report writing, communication and presentation skills
- Report withing a week
- Executive Summary - a non-technical report
- Technical findings section - for the technicians
- Recommendations for remediation - clear to both executives and tech staff
⬇️
- The client (both technical and executive staff) is taken through the report findings.
- Client can ask questions and address any concerns
- Release the final report
ifconfig
ipconfig /all➡️ Layer 3
IP (Internet Protocol) addresses - identify/locate devices on a network, on the layer 3 OSI model.
-
IPv4 Address:
192.168.1.50- decimal notation-
4 octets of 8 bits = 32bits = 4bytes
-
Total IPv4 addresses $$ 2^{32} = 4.294.967.296 $$
-
-
IPv6 Address:
fe80::ab4c:8503:3248:9993%6- hexadecimal notation- 8 groups of 4 hex digits = 128bits
- Total IPv4 addresses $$ 2^{128} = 3.4×10^{38} $$
➡️ Layer 2
MAC (Media Access Control) access is a unique identifier/hardware address given to NICs (network interface controllers). Used at the layer 2 OSI model (data link).
- MAC Address:
00:50:56:C0:00:01- hexadecimal notation- 6 pairs of hex digits = 48 bits
- First 3 pairs = NIC manufacturer
- local network
➡️ Layer 4
TCP (Transmission Control Protocol)
- Connection oriented, high reliability, guaranteed delivery
- 3 Way Handshake:
SYN➡️SYN ACK➡️ACK= Connection established
UDP (User Datagram Protocol)
- Connectionless, lightweight, no acknowledgement/reliability, real-time apps
| TCP Ports | Service |
|---|---|
| 21 / 990 | FTP (File Transfer Protocol) / FTPS (FTP over SSL/TLS) |
| 22 | SSH (Secure Shell) |
| 23 | Telnet |
| 25 | SMTP (Simple Mail Transfer Protocol) |
| 53 | DNS (Domain Name System) |
| 80 / 443 | HTTP / HTTPS (Hypertext Transfer Protocol over SSL) |
| 110 | POP3 (Post Office Protocol) |
| 123 | NTP (Network Time Protocol) |
| 139 / 445 | NetBIOS / SMB, Samba (Server Message Block) |
| 143 | IMAP (Internet Message Access Protocol) |
| 389 | LDAP (Lightweight Directory Access Protocol) |
| 1433-1434 | Microsoft Sql Server |
| 3306 | MySQL |
| 3389 | RDP (Terminal Server) |
| UDP Ports | Service |
|---|---|
| 53 | DNS (Domain Name System) |
| 67 / 68 | DHCP (Dynamic Host Configuration Protocol) |
| 69 | TFTP (Trivial File Transfer Protocol) |
| 161 | SNMP (Simple Network Management Protocol) |
| 389 | LDAP (Lightweight Directory Access Protocol) |
➡️ OSI (Open Systems Interconnection) model is a conceptual framework that offers a 7 layers structured method for communication system functions and network protocols.
Please ➡️ 1. Physical
- data cables
Do ➡️ 2. Data Link
- Switching, MAC
Not ➡️ 3. Network
- IPs, Routing
Throw ➡️ 4. Transport
- TCP/UDP
Sausage ➡️ 5. Session
- Session management
Pizza ➡️ 6. Presentation
- Media files
Away ➡️ 7. Application
- HTTP, SMTP, apps
Subnetting consists of dividing a network into multiple subnetworks/subnets.
- Subnet - own range of IP addresses
- NAT (Network Address Translation) prevents from running out of IPv4 addresses
CIDR (Classless Inter-Domain Routing) notation
-
192.168.1.0/24-/xxis the network prefix length (network portion bits number)-
24 bits = network portion (turned on bits)
-
(remaining) 8 bits = host portion
-
Total hosts $$ (2^{8} = 256)-2=254 $$
-
Subnet Mask =
255.255.255.0
-
-
Network ID - First Address
192.168.1.0 -
Broadcast - Last Address
192.168.1.255
🔗 Subnet Calculator - vultr.com
