SlideShare ist ein Scribd-Unternehmen logo

Network Exploitation

UTD Computer Security Group
UTD Computer Security Group

This document provides an overview of network exploitation, including types of networks, network environments, internal vs external networks, network enumeration tools, and attack routing. It announces upcoming events and provides details about local area networks (LANs), wide area networks (WANs), metropolitan area networks (MANs), corporate and personal network environments, using Nmap and Nessus for scanning, and pivoting through internal networks from external points.

Technologie
1 von 11
Downloaden Sie, um offline zu lesen
Network Exploitation September 26 2018
Get Involved ● Discord - discord.gg/kuejt8p ● Fire Talks - October 24th, 2018 ● Live Stream - Whenever you want* ● CSG CTF - ctf.utdcsg.club
Events ● The Assembly Group - Wednesday @ 8:15 pm in ECSS 2.201 ● 0DAYALLDAY Research Event - September 29 @ 11 AM off campus ● Dallas Hackers Association - October 3 @ 7 pm off campus
Overview ● Types of Networks ● Types of Network Environments ● Internal VS External ● Enumeration ● Tools ● Attack Routing ● Demo
Types of Networks Local Area Network (LAN) - Internal network of computers inside of a building or a small land mass Wide Area Network (WAN) - External network of computers connected miles apart from each other Metropolitan Area Network (MAN) - A network of computers in a metropolitan area usually a city.
Types of Network Environments ● Corporate - A network consisting of users, servers, and a domain controller (usually) ● Personal - A home network consisting of a user, router, and sometimes a switch (usually)
Internal VS External Networks ● Local Area Networks are internal networks in an organisation or home that can communicate with each other through a router or switch ● Wide Area Networks are external networks that must go through a larger datacenter or internet service provider to communicate with other computers ● Exploiting external networks allows you to gain access to someone’s internal network if you are not attacking from within the LAN already ● This gives you more options to pivot and gather information because you have a larger attack surface
Where are we in the network? What is our goal?
Network Enumeration External Enumeration ● Open Ports ● Running Services ○ RDP, VPN, RPC, VNC, SSH ● Web portals ○ Ports 80,443 ● Anything that can allow us to get into the network Internal Enumeration ● Find Users/Hosts ● Exploitable Services ● Internal Web portals ● Anything that will give you more information and pivot around the network
Tools ● NMap - Network scanning tool that allows you to see services and ports that are running ○ Nmap -sC -sV -oA output IPADDRESS ● Nessus - Vulnerability and Services scanning tool (Very heavy not very stealthy)
Attack Routing ● Routing external attacks through internal network for more surface ● Ability to pivot through a network from a external machine Now time for the demo...

Empfohlen

Computer networks and network security
Computer networks and network securityComputer networks and network security
Computer networks and network securityUTD Computer Security Group
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to ExploitationUTD Computer Security Group
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group
 
Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCUJose L. Quiñones-Borrero
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresJose L. Quiñones-Borrero
 
Weaponization of IoT
Weaponization of IoTWeaponization of IoT
Weaponization of IoTJose L. Quiñones-Borrero
 
Creds extraction
Creds extractionCreds extraction
Creds extractionIlan Mindel
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat Security Conference
 

Empfohlen

Computer networks and network security
Computer networks and network securityComputer networks and network security
Computer networks and network securityUTD Computer Security Group
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to ExploitationUTD Computer Security Group
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group
 
Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCUJose L. Quiñones-Borrero
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresJose L. Quiñones-Borrero
 
Weaponization of IoT
Weaponization of IoTWeaponization of IoT
Weaponization of IoTJose L. Quiñones-Borrero
 
Creds extraction
Creds extractionCreds extraction
Creds extractionIlan Mindel
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat Security Conference
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall conceptsMostafa El Lathy
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7jemtallon
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic PresentationMD. SHORIFUL ISLAM
 
Wireshark
WiresharkWireshark
WiresharkSourav Roy
 
Week14 F
Week14 FWeek14 F
Week14 FguruupuF
 
Wireshark
WiresharkWireshark
Wiresharklakshya dubey
 
Encryption
EncryptionEncryption
EncryptionZeeshan Butt
 
Socat
SocatSocat
SocatNitin Kumar Yadav
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005James Morris
 
Wireshark
WiresharkWireshark
WiresharkKushagra Ganeriwal
 
Cryptography
CryptographyCryptography
CryptographyMuhammad Shoaib Saleem
 
Pyongyang Fortress
Pyongyang FortressPyongyang Fortress
Pyongyang FortressMayank Dhiman
 
Netcat
NetcatNetcat
Netcatyogendra singh chahar
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
cryptography deepan fav subject
cryptography deepan fav subjectcryptography deepan fav subject
cryptography deepan fav subjectdeepan v
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Jason Williams
 
Getting your hands dirty: How to Analyze the Behavior of Malware Traffic / SE...
Getting your hands dirty: How to Analyze the Behavior of Malware Traffic / SE...Getting your hands dirty: How to Analyze the Behavior of Malware Traffic / SE...
Getting your hands dirty: How to Analyze the Behavior of Malware Traffic / SE...Security Session
 
Snort by SecArmour
Snort by SecArmour Snort by SecArmour
Snort by SecArmourSec Armour
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark TutorialCoursenvy.com
 
Network Intrusion Detection Systems #1
Network Intrusion Detection Systems #1Network Intrusion Detection Systems #1
Network Intrusion Detection Systems #1Peter Dulačka
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your NetworkCTruncer
 
Troubleshooting Network and Network Utilities
Troubleshooting Network and Network UtilitiesTroubleshooting Network and Network Utilities
Troubleshooting Network and Network UtilitiesRubal Sagwal
 

Weitere ähnliche Inhalte

Was ist angesagt?

01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall conceptsMostafa El Lathy
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7jemtallon
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005James Morris
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
cryptography deepan fav subject
cryptography deepan fav subjectcryptography deepan fav subject
cryptography deepan fav subjectdeepan v
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Jason Williams
 
Getting your hands dirty: How to Analyze the Behavior of Malware Traffic / SE...
Getting your hands dirty: How to Analyze the Behavior of Malware Traffic / SE...Getting your hands dirty: How to Analyze the Behavior of Malware Traffic / SE...
Getting your hands dirty: How to Analyze the Behavior of Malware Traffic / SE...Security Session
 
Snort by SecArmour
Snort by SecArmour Snort by SecArmour
Snort by SecArmourSec Armour
 
Network Intrusion Detection Systems #1
Network Intrusion Detection Systems #1Network Intrusion Detection Systems #1
Network Intrusion Detection Systems #1Peter Dulačka
 

Was ist angesagt? (20)

01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall concepts
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
 
Wireshark
WiresharkWireshark
Wireshark
 
Week14 F
Week14 FWeek14 F
Week14 F
 
Wireshark
WiresharkWireshark
Wireshark
 
Encryption
EncryptionEncryption
Encryption
 
Socat
SocatSocat
Socat
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
 
Wireshark
WiresharkWireshark
Wireshark
 
Cryptography
CryptographyCryptography
Cryptography
 
Pyongyang Fortress
Pyongyang FortressPyongyang Fortress
Pyongyang Fortress
 
Netcat
NetcatNetcat
Netcat
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts
 
cryptography deepan fav subject
cryptography deepan fav subjectcryptography deepan fav subject
cryptography deepan fav subject
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)
 
Getting your hands dirty: How to Analyze the Behavior of Malware Traffic / SE...
Getting your hands dirty: How to Analyze the Behavior of Malware Traffic / SE...Getting your hands dirty: How to Analyze the Behavior of Malware Traffic / SE...
Getting your hands dirty: How to Analyze the Behavior of Malware Traffic / SE...
 
Snort by SecArmour
Snort by SecArmour Snort by SecArmour
Snort by SecArmour
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
 
Network Intrusion Detection Systems #1
Network Intrusion Detection Systems #1Network Intrusion Detection Systems #1
Network Intrusion Detection Systems #1
 

Ähnlich wie Network Exploitation

An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your NetworkCTruncer
 
Troubleshooting Network and Network Utilities
Troubleshooting Network and Network UtilitiesTroubleshooting Network and Network Utilities
Troubleshooting Network and Network UtilitiesRubal Sagwal
 
Basics of computer networks
Basics of computer networksBasics of computer networks
Basics of computer networksRubal Sagwal
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptcemporku
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdftehkotak4
 
chapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjchapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjAmitDeshai
 
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Boston Institute of Analytics
 
computer network introduction. psc notes . Assisant professor in cse.
computer network introduction. psc notes . Assisant professor in cse.computer network introduction. psc notes . Assisant professor in cse.
computer network introduction. psc notes . Assisant professor in cse.bushraphd2022
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platformsBen Tullis
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxtalkaton
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdftalkaton
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0Shah Sheikh
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptxkarthikvcyber
 
Presentation on ccna
Presentation on ccnaPresentation on ccna
Presentation on ccnaHoneyKumar34
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightAndy Gelme
 

Ähnlich wie Network Exploitation (20)

An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your Network
 
Troubleshooting Network and Network Utilities
Troubleshooting Network and Network UtilitiesTroubleshooting Network and Network Utilities
Troubleshooting Network and Network Utilities
 
Basics of computer networks
Basics of computer networksBasics of computer networks
Basics of computer networks
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.ppt
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdf
 
chapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjchapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhj
 
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
 
computer network introduction. psc notes . Assisant professor in cse.
computer network introduction. psc notes . Assisant professor in cse.computer network introduction. psc notes . Assisant professor in cse.
computer network introduction. psc notes . Assisant professor in cse.
 
Training ppt
Training pptTraining ppt
Training ppt
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platforms
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptx
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdf
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
ManageEngine OpUtils Technical Overview
ManageEngine OpUtils Technical OverviewManageEngine OpUtils Technical Overview
ManageEngine OpUtils Technical Overview
 
Presentation on ccna
Presentation on ccnaPresentation on ccna
Presentation on ccna
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! night
 

Mehr von UTD Computer Security Group

Mehr von UTD Computer Security Group (20)

Py jail talk
Py jail talkPy jail talk
Py jail talk
 
22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)22S kickoff 2.0 (kickoff + anonymity talk)
22S kickoff 2.0 (kickoff + anonymity talk)
 
Cloud talk
Cloud talkCloud talk
Cloud talk
 
Forensics audio and video
Forensics audio and videoForensics audio and video
Forensics audio and video
 
Intro to python
Intro to pythonIntro to python
Intro to python
 
Powershell crash course
Powershell crash coursePowershell crash course
Powershell crash course
 
Intro to cybersecurity
Intro to cybersecurityIntro to cybersecurity
Intro to cybersecurity
 
Intro to Bash
Intro to BashIntro to Bash
Intro to Bash
 
Web Exploitation
Web ExploitationWeb Exploitation
Web Exploitation
 
Penetration Testing: Celestial
Penetration Testing: CelestialPenetration Testing: Celestial
Penetration Testing: Celestial
 
Cryptography Crash Course
Cryptography Crash CourseCryptography Crash Course
Cryptography Crash Course
 
Fuzzing - Part 2
Fuzzing - Part 2Fuzzing - Part 2
Fuzzing - Part 2
 
Exploitation Crash Course
Exploitation Crash CourseExploitation Crash Course
Exploitation Crash Course
 
Fuzzing - Part 1
Fuzzing - Part 1Fuzzing - Part 1
Fuzzing - Part 1
 
Protostar VM - Heap3
Protostar VM - Heap3Protostar VM - Heap3
Protostar VM - Heap3
 
Heap Base Exploitation
Heap Base ExploitationHeap Base Exploitation
Heap Base Exploitation
 
Return Oriented Programming
Return Oriented ProgrammingReturn Oriented Programming
Return Oriented Programming
 
Advanced Windows Exploitation
Advanced Windows ExploitationAdvanced Windows Exploitation
Advanced Windows Exploitation
 
Advanced Domain Hacking
Advanced Domain HackingAdvanced Domain Hacking
Advanced Domain Hacking
 
Windows Domains Part 2
Windows Domains Part 2Windows Domains Part 2
Windows Domains Part 2
 

Kürzlich hochgeladen

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Kürzlich hochgeladen (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Network Exploitation

  • 2. Get Involved ● Discord - discord.gg/kuejt8p ● Fire Talks - October 24th, 2018 ● Live Stream - Whenever you want* ● CSG CTF - ctf.utdcsg.club
  • 3. Events ● The Assembly Group - Wednesday @ 8:15 pm in ECSS 2.201 ● 0DAYALLDAY Research Event - September 29 @ 11 AM off campus ● Dallas Hackers Association - October 3 @ 7 pm off campus
  • 4. Overview ● Types of Networks ● Types of Network Environments ● Internal VS External ● Enumeration ● Tools ● Attack Routing ● Demo
  • 5. Types of Networks Local Area Network (LAN) - Internal network of computers inside of a building or a small land mass Wide Area Network (WAN) - External network of computers connected miles apart from each other Metropolitan Area Network (MAN) - A network of computers in a metropolitan area usually a city.
  • 6. Types of Network Environments ● Corporate - A network consisting of users, servers, and a domain controller (usually) ● Personal - A home network consisting of a user, router, and sometimes a switch (usually)
  • 7. Internal VS External Networks ● Local Area Networks are internal networks in an organisation or home that can communicate with each other through a router or switch ● Wide Area Networks are external networks that must go through a larger datacenter or internet service provider to communicate with other computers ● Exploiting external networks allows you to gain access to someone’s internal network if you are not attacking from within the LAN already ● This gives you more options to pivot and gather information because you have a larger attack surface
  • 8. Where are we in the network? What is our goal?
  • 9. Network Enumeration External Enumeration ● Open Ports ● Running Services ○ RDP, VPN, RPC, VNC, SSH ● Web portals ○ Ports 80,443 ● Anything that can allow us to get into the network Internal Enumeration ● Find Users/Hosts ● Exploitable Services ● Internal Web portals ● Anything that will give you more information and pivot around the network
  • 10. Tools ● NMap - Network scanning tool that allows you to see services and ports that are running ○ Nmap -sC -sV -oA output IPADDRESS ● Nessus - Vulnerability and Services scanning tool (Very heavy not very stealthy)
  • 11. Attack Routing ● Routing external attacks through internal network for more surface ● Ability to pivot through a network from a external machine Now time for the demo...