In enumeration the hacker now pursuing an in-depth analysis of all targeted devices such as hosts, connected devices. Hacker is mapping out your network to build a offensive attack strategy,**very important topic**
2. Enumeration
• Defined as an in-depth analysis of targeted device
• Performed by connecting systems to identify user
accounts, system accounts, services and system details
• Process of proactively querying or connecting with target
system in order to elicit information on NetBIOS/LDAP,
SNMP, UNIX/Linux operation, NTP Servers, SMTP Servers
and DNS Servers.
3. Windows
Enumeration
• Intent of windows enumeration is to recognise user
account and system account that can be for potential use.
• Ethical hacker should aim to collate basic knowledge from
an system administer perspective
• Understanding of Microsoft Client systems and Server is
essential with regards to Windows 7, 8 and 10.
• Kernal is considered an essential and trusted part of the
operating system.
• Operating systems within Microsoft implement rings of
protection when evaluating which component to trust
• The protection ring model maintains levels of access and
granularity
5. • The example model of the Windows Architecture
evidently depicts the User mode (ring 3) and kernel mode
(ring 0). Restrictions are contained within the User mode
whereas the Kernel mode permits full access of all
resources
• Ethical hacker must be aware most antivirus and analysis
tools have the functional capability of identifying hacking
tools and code which operate within the user mode.
• Ethical hacker must have awareness in the event if a code
is implemented within the realms of the windows system
and executed in the kernel mode, the code by large can
disguise itself within the user mode detection and will
remain harder to identify.
• The intent of the Hacker is always to execute code within
the highest privilege levels
• Windows implements the following types of identifies in
order to maintain trace of all user security rights and
identity:
1. Security Identifiers (SID)
2. Relative Identifiers (RID)
6. • SID can be depicted as a data structure of variable length
which aims to identify user, group and computer
accounts.
• RID is a portion element of SID which aims to recognise a
user or group in relation to the authority that user has.
7. System
Hacking
• Scope of system hacking typically entails attempting to
gain access
• Intent of system hacking is to authenticate to the remote
host with the highest level of access.
• Authentication systems can experience non technical and
technical password attacks
9. Technical
Password
Attacks
Tools used during enumeration typically entail Hyena,
Network Performance Monitor, Nbstat.
The following password attack techniques comprise of the
following:
1. Password Guessing
2. Automated password guessing
3. Password sniffing
4. Keylogging
10. 1.Password
Guessing
• Documentation should be maintained for all penetration
tests and previous activities
• Password guessing successful due to people using easy to
remember words and phrases
• Tools and online passwords and pwned password
repositories exist that can be implemented to identify
breached passwords
• Recon-ng is a full-featured reconnaissance tool that
features a pwned lookup.
12. Password
Sniffing
• Sniffing and Keystroke loggers can offer the potential possibility
to guess passwords
• The scope of password sniffing entails having physical or logical
access to the device
• Techniques such as Passing the Hash permits Hacker to
authenticate to remote server by implementing the NTLM or
LM hash of a user’s password in contrary to implementing the
relevant password in the form of plaintext
13. Privilege
Escalation and
Exploiting
Vulnerabilities
• Standard User Accounts are based on a limited privilege and
do not provide privilege escalation and full control to the
hacker
• Only in the victim system can the Hackers execute privilege
escalation tools
14. • Common techniques comprise of the following which can aid
the hacker in using the victim system to exploit a vulnerability:
1. Manipulating OS or the application
2. Manipulating the user to accepting to execute the
program
3. Enforcing the copying of the privilege escalation tool
within the targeted system and implementing
timescales to execute the exploit
4. Exploiting interactive access into systems such as
Terminal Services Web Access (TS Web Access) ,
Microsoft Remote Desktop, Bomgar etc
15. UK - Cyber Defence Academy
• Specialist provider in bespoke classroom, online and self learning
cyber security and cyber defence training.
• Visit us on : www.tech-strategygroup.com
• Empower your employees to become aware about cyber security
• Implement bespoke cyber security training programmes for your
employees in alignment to your cyber security strategy,
transformation programmes and projects.
• For more information e-mail us on: info@tech-strategygroup.com