Battle for the Internet: The War is On!

by Kevin Owens
Sept. 1, 2017 0 comments SANS Institute Pen Testing & Audits penetration testing

There is a battle raging between security professionals and hackers. By placing people into the shoes of a hacker, and teaching them the skills to gain access to a system, one is better able to defend against them. The first step is “Foot Printing/Reconnaissance.” As a hacker, we dig up information on companies/individuals by mirroring their websites, using search engines, whois databases and traceroute. Next, we move on to “Scanning.” We ping their computers, look at which ports are open, identify their operating system, map their networks, and see if they have any available modem connections. Then we move on to “Enumeration,” looking at valid user accounts and network shares. To “Gain Access” we search for vulnerabilities our opponent has, crack their passwords, and sniff the data on their network. “Escalating Privilege” is the next step to go from a low-level user account to having administrator equivalency. With these privileges, we manipulate files ...

https://www.sans.org/reading-room/whitepapers/testing/battle-internet-war-on-1075