Learning Offensive Security, Multimodal Edition

  Enumeration: NetBios If you come across this post but you're unsure about what NetBIOS actually is, take a moment to step back and go through this article (and the Professor Messor video inside) from Networkencyclopedia.com.  Okay cool, so we're on the same page now!  As we go through the resources for NetBIOS enumeration keep the following items in your mind - we're looking for them: system names usernames domains  printers available shares There are a ton of great tools out there to do NetBIOS enumeration. Just some of the few I found include:  nbtstat (Windows) winfo  (Windows) winfingerprint  (windows) nbtscan (Linux) smb-nat  (Linux) Hyena  (I have not used this yet but it came recommended) smbclient (Linux) - this page is overwhelming to my visual senses, ha, if there is a cleaner one, use it! nmap smbmap crackmapexec   Autorecon  (have not used this yet, it honestly looks awesome) msfconsole burp (web) many others,...

  Enumeration: Introduction Hey everyone! It's incredible to hear back from so many of you already. 4 blog posts in, I can already feel the love.  I did go back this week and add a disclaimer to all posts. First, I wanted to ensure that folks are being careful with using the skills within the resources. Second, I just wanted to explain that this entire series is really about learning topics thoroughly, however you need to learn. As someone who is a multimodal learner, I'm actually using the resources in these posts to understand these topics as fully as I can. Let's get into enumeration. Taking directly from the company RedTeam Security , "Enumeration is the method that a penetration tester uses to identify information about in-scope assets. A pen tester will use an automated process to identify all active IP addresses within the scope and some limited information about those devices, such as type and operating system version. This information is then used for further...