Professional Documents
Culture Documents
Tools Required
Tools Required
1.1.2.1 Linux
1.1.2.2 Windows XP/7
1.2 Radio Frequency Tools
o 1.2.1 Frequency Counter
1.3 Software
2 Intelligence Gathering
2.1 OSINT
o 2.1.1 Corporate
o 2.1.2 Physical
2.1.2.1 Locations
2.1.2.2 Shared/Individual
2.1.2.3 Owner
2.1.2.3.1 Land/tax records
o 2.1.3 Datacenter Locations
o 2.2.3 Cree.py
2.3.1.1 Maltego
2.3.1.2 TheHarvester
2.3.1.3 NetGlub
o 2.3.2 Usernames/Handles
2.3.3.1 Newsgroups
2.3.3.2 Mailing Lists
2.3.3.3 Chat Rooms
2.3.3.4 Forums Search
o 2.3.4 Personal Domain Names
2.3.5.1 Audio
2.3.5.2 Video
o 2.3.6 Archived Information
o 2.3.7 Electronic Data
2.4.3.1 Airmon-ng
2.4.3.2 Airodump-ng
2.4.3.3 Kismet-Newcore
2.4.3.4 inSSIDer
2.5 External Footprinting
o 2.5.1 Identifying IP Ranges
4.1.1.1 AV
4.1.1.2 Human
4.1.1.3 HIPS
4.1.1.4 DEP
4.1.1.5 ASLR
4.1.1.6 VA + NX (Linux)
4.1.1.7 w^x (OpenBSD)
4.1.1.8 WAF
4.1.1.9 Stack Canaries
4.1.1.9.1 Microsoft Windows
4.1.1.9.2 Linux
4.1.1.9.3 MAC OS
4.2 Customized Exploitation
o 4.2.1 Fuzzing
o 4.2.4 Sniffing
4.2.4.1 Wireshark
4.2.4.2 Tcpdump
o 4.2.5 Brute-Force
o 4.2.13 RIP
4.3 RF Access
o 4.3.1 Unencrypted Wireless LAN
4.3.4.1 LEAP
4.3.4.1.1 Asleap
4.3.4.2 802.1X
4.3.4.2.1 Key Distribution Attack
4.3.4.2.2 RADIUS Impersonation Attack
4.3.4.3 PEAP
4.3.4.3.1 RADIUS Impersonation Attack
4.3.4.3.2 Authentication Attack
4.3.4.4 EAP-Fast
4.3.4.5 WEP/WPA/WPA2
4.3.4.6 Aircrack-ng
4.4 Attacking the User
o 4.4.1 Karmetasploit Attacks
o 4.4.3 Bluetooth
o 4.4.5 Web
4.7 Pillaging
o 4.7.1 Video Cameras
o 4.7.7 Wifi
o 4.7.9 Git
o 4.7.11 Backups
4.9.1.1 History/Logs
o 4.9.2 Cleanup
4.10 Persistence
5 Post Exploitation
5.1 Windows Post Exploitation
o 5.1.1 Blind Files
o 5.1.3 System
o 5.1.5 Configs
o 5.1.13 Other
1.1.2.1 Linux
1.1.2.2 Windows XP/7
1.2 Radio Frequency Tools
o 1.2.1 Frequency Counter
1.3 Software
2 Intelligence Gathering
2.1 OSINT
o 2.1.1 Corporate
o 2.1.2 Physical
2.1.2.1 Locations
2.1.2.2 Shared/Individual
2.1.2.3 Owner
2.1.2.3.1 Land/tax records
o 2.1.3 Datacenter Locations
o 2.2.3 Cree.py
2.3.1.1 Maltego
2.3.1.2 TheHarvester
2.3.1.3 NetGlub
o 2.3.2 Usernames/Handles
2.3.3.1 Newsgroups
2.3.3.2 Mailing Lists
2.3.3.3 Chat Rooms
2.3.3.4 Forums Search
o 2.3.4 Personal Domain Names
2.3.5.1 Audio
2.3.5.2 Video
o 2.3.6 Archived Information
2.4.3.1 Airmon-ng
2.4.3.2 Airodump-ng
2.4.3.3 Kismet-Newcore
2.4.3.4 inSSIDer
2.5 External Footprinting
o 2.5.1 Identifying IP Ranges
4.1.1.1 AV
4.1.1.2 Human
4.1.1.3 HIPS
4.1.1.4 DEP
4.1.1.5 ASLR
4.1.1.6 VA + NX (Linux)
4.1.1.7 w^x (OpenBSD)
4.1.1.8 WAF
4.1.1.9 Stack Canaries
4.1.1.9.1 Microsoft Windows
4.1.1.9.2 Linux
4.1.1.9.3 MAC OS
4.2 Customized Exploitation
o 4.2.1 Fuzzing
o 4.2.4 Sniffing
4.2.4.1 Wireshark
4.2.4.2 Tcpdump
o 4.2.5 Brute-Force
o 4.2.13 RIP
4.3 RF Access
o 4.3.1 Unencrypted Wireless LAN
4.3.4.1 LEAP
4.3.4.1.1 Asleap
4.3.4.2 802.1X
4.3.4.2.1 Key Distribution Attack
4.3.4.2.2 RADIUS Impersonation Attack
4.3.4.3 PEAP
4.3.4.3.1 RADIUS Impersonation Attack
4.3.4.3.2 Authentication Attack
4.3.4.4 EAP-Fast
4.3.4.5 WEP/WPA/WPA2
4.3.4.6 Aircrack-ng
4.4 Attacking the User
o 4.4.1 Karmetasploit Attacks
o 4.4.5 Web
4.7 Pillaging
o 4.7.1 Video Cameras
o 4.7.7 Wifi
o 4.7.9 Git
o 4.7.11 Backups
4.8 Business impact attacks
4.9 Further penetration into infrastructure
o 4.9.1 Pivoting inside
4.9.1.1 History/Logs
o 4.9.2 Cleanup
4.10 Persistence
5 Post Exploitation
5.1 Windows Post Exploitation
o 5.1.1 Blind Files
o 5.1.3 System
o 5.1.5 Configs
o 5.1.13 Other
DNS nslookup
Network reconnaissance
Ping
Fping
scannning
port scanning
nmap
Su-udp