Enumeration

Learning outcomes:

  • Explain how to choose targets for the enumeration process
  • Explain the purpose of Social Engineering using Phishing and Spearphishing as examples
  • List techniques for avoiding detection during the enumeration processes
  • List some of the tools used for recording data gathered from enumeration including baselines

Would you like to download my PowerPoint to follow along?

  • What is enumeration
    • This is where we use the info gathered during the Recon process
    • Enumeration is capturing and tracking info on to help us make the battle plan
    • The data that is gathered is used during the next phase of the process, exploitation
  • Choosing Targets
    • Jobs (CFO, CEO, VP...)
    • Servers
    • Devices
    • People
    • Examples of Information we might gather
      • Usernames
      • Hostnames
      • IPtables and routing rules
      • Services, settings, configurations
  • Layers of a battle plan
    • We don't want to put all our "eggs" in one basket
    • Prioritize based on liklihood of detection and work from least likely to be detected
    • Including time in your plan
    • The deeper we go into the systems the more info is gathered
    • It's important to look at what we're going after, how we're going after it, and how we cover our tracks along the way
  • People targets: Social Engineering
    • Phishing emails
      • Emails can focus on a specific person (hobbies, interests etc)
      • Emails can focus on company wide concerns, ISO cert warnings, sales quotas, or things like health care plan updates. Pick things people are likely to click on
    • Vishing
      • Mumble attack (mumble and hope they give extra info)
      • Technical Jargon to convince you're ok
    • Social media
      • People are unlikely to expect attacks on their personal social media
      • It's easy to overshare on social media
      • Attack surface mapper and Social Attacker by Jacob Wilkin (Written in Python)
  • Hardware/Software Targets
    • Servers
      • Mapping
      • Ping and open ports (nmap and zenmap
    • Operating Systems
      • Name and version of systems
      • Think beyond desktops, routers, printers, IoT, etc
      • Banners - info about system, services and open ports.
      • Version of application and OS that's being run
      • Commonly open ports (such as 80, 21, 22, 25, etc)
    • Location of hardware
    • Network structure vs desktop vulnerabilities
    • Forgotten hardware (Printers, fax, unauthorized workarounds)
  • Avoiding detection
    • Stealth mode and idle scanning
      • Nmap is LOUD has stealth options
      • Syn/ack vs fin packets
    • Spoofing and Zombies
    • Forged packets
    • Decoys and distractions
    • Volume attacks
    • Identify systems, triggers, and traps

Suggested Activities and Discussion Topics:

  • In pairs pick 2 people, jobs, devices or other items and give an evaluation of if they are a good target. Make sure to include both pros and cons.

Would you like to see some more classes? Click here