The Week That Was... phew

The Week That Was... phew

Bismillah

I don't remember exactly whose YouTube Video it was but someone mentioned that to learn Bug Bounty, Pentesting, and Red teaming, practice is key.

The past two weeks have been constituted of a large amount of Pentesting theory and a substantial level of practicals.

Although there have been practicals in there, I think they were not deep enough to allow me the chance to "learn on the job".

So these next two weeks I'm going to take a deep dive into:

  • The TryHackMe practical labs.

  • The Owasp Juice Shop.

  • Finding a practice website to test bug reports by other hackers on.

  • Using the Web application hacker's handbook to practice on some targets(not live) and CTFs.

  • And some Jr. Pentesting pathway coursework.

Just to recap what I've learned this week:

Network Security(A brief)

black network switch with cables

Reconnaissance

Pretty much a check or survey that a penetration tester or even hacker would do to gather information on the prospective target they're to work on.

Think of how Bug Bounty Hackers look for domains a company owns, how the application works, and more.

It's divided into two:

  1. Passive Reconnaissance

This type of recon relies on information that anyone can find publicly without coming into any physical or virtual contact with the target and/or people working there.

It can include:

  • DNS lookups: checking the records of a domain from a public DNS server

  • Social media and/or job postings and ads by the target company.

  • Any updates about the company on the news or newsletters(or on any other viable sources)

Tools for Passive Recon

  • whois: queries the WHOIS servers(for WHOIS records).

  • nslookup: queries the DNS servers

  • dig: queries the DNS servers

  • DNSDumpster: an online service for pretty much all the above

  • Shodan.io: another online tool.

  1. Active Reconnaissance

With this type of recon, physical contact is necessary to gain information, meaning if you're a "good" hacker, then you need written permission from the target to access their systems.

Some examples include:

  • Gaining access to one of the company's servers: e.g HTTP, FTP, or SMTP server.

  • Social engineering: making a call to the company or interacting with their employees to gain more info on the company and/or its systems.

Disclaimer

All this information will be discussed in later blog posts and/or videos on my Youtube Channel.

Cheers.