Preparation
Build a local testlab
Enumeration overview
Systems
Introduction
What?
Why?
How?
NetBios enumeration
Tools
Remediation
SNMP enumeration
Tools
Remediation
LDAP enumeration
Tools
Remediation
NTP enumeration
Tools
Remediation
SMTP enumeration
Tools
Remediation
DNS enumeration
Tools
Remediation
macOS enumeration
Tools
Remediation
Linux enumeration
Tools
Remediation
Windows enumeration
Tools
Remediation
Scanning virtualised systems
Scanning cloud infrastructure
Spotting hidden relationships
Web applications
Introduction
What?
Why?
How?
Dynamic web application scanning
Enumerate databases
Download or obtain and decompile binaries
Automated vulnerability scanning
Advantages
Disadvantages
Scanning an API
Resources
Vulnerability identification
Introduction
What?
Why?
How?
Mapping vulnerabilities to exploits
Attack tree
Common Vulnerability Scoring System (CVSS)
Vulnerability Priority Rating (VPR)
Nessus
Real Risk Score (RRS)
Resources
Prioritisation of vulnerabilities
Common Vulnerability Scoring System (CVSS)
Advantages
Disadvantages
Vulnerability Priority Rating (VPR)
Advantages
Disadvantages
Real Risk Score (RRS)
Discovering more vulnerabilities/exploits
Attack tree
Notes
Manual security code reviews
New vulnerabilities
New exploits
Resources known vulnerabilities
Lay of the land
Ty Myrddin Home
Unseen University
Improbability Blog
About
Contact
Index