Port scanning is the basic foundation of service identification within a TCP/IP network, but is generally associated with network mapping. The most popular tool covered in every single pen testing book you’ll ever read is Nmap. It’s pretty much the de facto standard port scanner. It’s not the only one out there and it’s important to understand port scanning theory so you can remain comfortable in situations where Nmap or an equivalent isn’t available, or at least is misbehaving.
Every now and again when pentesting you come across something that doesn’t quite seem right. You can’t always put your finger on it, it’s just a little… off. Whether it’s a code execution bug that’s a little too easy to exploit, or the demo user account that looks like someone forgot to remove, sometimes vulnerabilities just seem as though they were deliberately placed there, even if it’s for legitimate purposes.
ICMP Address mask messages ICMP can be used to identify a given target host’s IP address mask (also called a subnet mask), which can be useful in distinguishing subnets within an IP address range. This is achieved by sending an ICMP address mask request to our target. Hosts that implement ICMP address mask responses may then respond with an ICMP address mask reply containing the host’s 32-bit subnet mask. Most hosts won’t respond to ICMP address mask messages, but it’s useful to know when they do as this often signifies an older TCP/IP stack in use and might indicate the presence of other vulnerabilities.
At the inaugural 44CON Cybersecurity I conducted a workshop on career planning. Career planning is something people tend to do at school, college or university but rarely as adults. Many people experience career planning through a disinterested and irrelevant prism, so it’s not surprising they find it dull. When I was at school trying to work out what I wanted to do with my life, the careers advice function at school took me through a coma-inducing process, often producing unrelated gems like the suggestion that I should be a formula 1 driver or a truck driver, just because I like the idea of driving.
A lot of people ask me about how they can get into the wider information security industry from outside, be that as a student or as someone looking to change careers. The first thing I ask them is, “What infosec experience do you have?” Inevitably, the answer is almost always the same. “Absolutely none, otherwise I’d be in the industry!” Now here’s the thing. When I say that question, people interpret as, “What infosec positions have you held?
Every week or so people ask me about how to get started in penetration testing. I love this question as it gives me the chance to help people get their start. Sometimes I’m messaged on Reddit after contributing to getting started threads. A lot of the time it’s from people who are interested in Breaking In or have signed up for my 30 day email course (and if you haven’t you really should, it’s free).
Many of the network cartography tools and protocols we commonly use are defined through a set of standards called Request For Comments (RFCs). Surprisingly, not all of the tools we take for granted are covered by these. Take the humble traceroute for example. Do you actually know what really happens when Alice tries to trace the route to Bob? Read on to find out. ICMP, UDP, TCP and IP. Oh my!
A Curriculum Vitae (otherwise known as a CV) is probably the least popular document this side of a legal bill. Nobody wants to read your CV because they’ll have anywhere between 5 to 15 other CVs to read through after yours. Ask yourself when was the last time you read your CV from start to finish without skimming? Chances are even you didn’t want to read your CV. Lets take a look at why nobody wants to read your CV.
While writing my free 30 day online career hacking course I spent a lot of time learning about the interview process from different angles. I learnt about what a HR manager looks for in an Interview, what the hiring manager wants and looks for, I studied the role of the supporting interviewers and of course the interviewee. While researching all of this, I realised that there were certain things that so many people I’ve interviewed (and I myself) forgot when doing a face to face interview, so here’s my top 12 interview tips.
The Recruiter The recruiter is the first person that sees your CV or job application. This could be an internal HR manager or it could be an actual professional recruiter. The recruiter is normally (but not always) non-technical, and their goal is to weed out the obvious no hires usually by looking for keywords supplied with the job description and red flags that could be anything from your recent 6 month training holiday in Syria to a long-forgotten college MySpace profile extolling the virtues of various illegal substances.