Project Athena
  • Welcome
  • Module 00 - Mindset
    • Introduction
    • Lectures
      • Introduction to the Offensive Security Mindset
      • Curiosity, Creativity, Persistence
      • Maintaining a Healthy Mindset
  • Module 01 - Ethics and Legal
    • Introduction
    • Lectures
      • Hacker Ethics
      • Legal Framework
      • Legal Framework in Germany
  • Module 02 - Reconnaissance
    • Introduction
    • Lectures
      • Introduction to Reconnaissance
      • Information Gathering
      • Open Source Intelligence (OSINT)
      • Social Engineering
      • Search Engines for Reconnaissance
  • Module 03 - Penetration Testing
    • Introduction
  • Module 04 - Web Security
    • Introduction
    • Lectures
      • Introduction to Web
      • Security Features of the Browser
      • Client Side Vulnerabilities
      • Server Side Vulnerabilities
  • Module 05 - Hacking with Python
    • Introduction
  • Module 06 - Assembly
    • Introduction
  • Module 07 - Reverse Engineering
    • Introduction
  • Module 08 - Binary Exploitation
    • Introduction
  • Module 09 - Forensics
    • Introduction
  • Module 10 - Metasploit
    • Introduction
  • Module 11 - Linux and Server Security
    • Introduction
  • Module 12 - Windows and AD Security
    • Introduction
  • Module 13 - Blue Teaming
    • Introduction
    • Lectures
      • Overview
      • Firewalls
      • Intrusion Detection and Prevention Systems
      • Incident Response
      • Security Information and Event Management (SIEM)
  • Module 14 - Cryptography
    • Introduction
    • Lectures
      • What is Cryptography?
      • Symmetric Cryptography
      • Asymmetric Cryptography
      • Cryptographic Attacks
  • Module 15 - Password Cracking
    • Introduction
  • Module 16 - Hardware Hacking
    • Introduction
  • Module 17 - Cloud Security
    • Introduction
    • Lectures
      • Overview of Cloud Security
      • Comparison of Server Types: Cloud, Dedicated, and Shared Servers
      • User and Permission Management in Cloud Platforms
      • Containerization Overview:
      • Cloud Computing Security Concepts:
      • Secure DevOps in the Cloud
      • Exploring Key Certifications and Standards in On-Premises and Cloud Security
  • Module 18 - Mobile Security
    • Introduction
  • Module 19 - Wireless Security
    • Introduction
    • Lectures
      • The Wireless Network Architecture
      • WiFi Security Fundamentals
      • WiFi Authentication and Encryption Mechanisms
      • WiFi Attack Vectors
      • Wireless Penetration Testing Tools and Techniques
      • Best Practices for Securing Wireless Networks
  • Module 20 - RATs and Rootkits
    • Introduction
    • Lectures
      • Remote Access Trojans
      • What is a Rootkit?
  • Module 21 - AI in offensive Security
    • Introduction
  • Module 22 - Social Engineering
    • Introduction
    • Lectures
      • Introduction to Social Engineering
      • Types of Social Engineerings Attacks
      • Stages of a Social Engineering Attack
      • Psychological Principles behind Social Engineering
      • Tools and Techniques for Social Engineering
      • Prevention and Defense against Social Engineering Attacks
Powered by GitBook
On this page
  • NMAP (Network Mapper)
  • Uses of NMAP
  • Basic NMAP Commands
  • Hands-on Exercise
  • Enumeration
  • Techniques in Enumeration
  • Tools for Enumeration
  • Resources
  1. Module 02 - Reconnaissance
  2. Lectures

Information Gathering

Information Gathering, also known as data gathering or reconnaissance, is the process of collecting various forms of data and information about a target system, network, or organization to understand its architecture, vulnerabilities, and security mechanisms. This process is typically the first step in planning a cyber attack or penetration test. It provides attackers or security professionals with a detailed perspective on the target environment, aiding in the identification of potential vulnerabilities and points of entry.

NMAP (Network Mapper)

NMAP is a powerful open-source tool used for network discovery and security auditing. It can find devices running on a network and discover open ports along with various attributes of the network.

Uses of NMAP

  • Host Discovery: Identify active hosts on a network.

  • Port Scanning: Determine open ports and services running on servers and network devices.

  • Version Detection: Discover what application and version are running on open ports.

  • OS Detection: Determine the operating system and hardware characteristics of network devices.

Basic NMAP Commands

  1. Ping Scan: nmap -sn [target]

  2. Port Scan: nmap [target]

  3. Service Version Detection: nmap -sV [target]

  4. Aggressive Scan: nmap -A [target]

Hands-on Exercise

  • Run basic NMAP commands in a controlled environment.

  • Analyze the results to identify active hosts, open ports, and services.

Enumeration

Enumeration is the process of extracting detailed information about a network or infrastructure, often leading to discovering ways to infiltrate the system.

Techniques in Enumeration

  • NetBIOS Enumeration: Extracting information about network shares, users, and groups.

  • SNMP Enumeration: Gathering data from network devices like routers, switches, and printers.

  • LDAP Enumeration: Extracting information from LDAP directories.

  • SMTP Enumeration: Gleaning information from mail servers.

Tools for Enumeration

  1. Enum4linux

  2. Nbtscan

  3. SNMPwalk

Resources

  • Books: “Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning” by Gordon Fyodor Lyon.

  • Enumeration Tools Documentation:

    • Nbtscan: Information available on various cybersecurity websites.

    • SNMPwalk: Included in the NET-SNMP suite (http://www.net-snmp.org/)

PreviousIntroduction to ReconnaissanceNextOpen Source Intelligence (OSINT)

Last updated 1 year ago

NMAP Official Documentation:

Enum4linux:

NMAP Documentation
Github Repository