- Step 1: Reconnaissance
- Step 2: Scanning
- Step 3: Exploit Systems
- Step 4: Keeping Access
- Step 5: Covering the Tracks
After providing this overview, Day 2 focused on Reconnaissance and Scanning. Essentially, the course explored methods and techniques for "casing the joint" in order to identify potential targets, then probing those potential targets for promising attack vectors. There were a number of hands on exercises that you carried out on your own isolated laptop using Linux and Windows on your own laptop. You could either setup your laptop to dual boot, or use a provided VMWare Linux image with a 30 day demo of VMWare Workstation.
While the material did not cover a great deal of new ground for me, it is fundamental material that all infosec practitioners, and many other IT professionals, need to know. On the down side, it would have been more interesting to try out these recon and scanning tools on a private LAN instead of just on your own host. Overall, it was a good day. I wonder how many of my classmates returned their NetBIOS and Media Sense settings to their pre-enum exercise state? I know I did.
- Day: Day 2
- Topics: Trends, Ethics, Attack life cycle, Reconnaissance, Scanning
- Tools: whois, DNS, Google, SiteDigger, Sensepost, Sam Spade, THC-Scan, NetStumbler*, Wellenreiter, Hospotter, ASLEAP, Cheops-ng, traceroute, nmap*, IP Personality, tcpdump*, P0F2, Firewalk, FragRouter, FragRoute, Nessus*, SATAN, Nikto, Whisker, the Windows net command*, enum*
- Overall value: 4 out of 5
- Coolness: 3 out of 5
* Starred items were part of hands on exercises.