Matthew learns Pentesting/EH

 Here I am writing a script using a few different tools. Now this is a basic script and nowhere near an extensive script. This is the first go at it I had. Here is the correct way to write it for assetfinder. See we are making a final.txt file. Here we are harvesting with amass as well and adding it to final.txt For the sake of speed and space since this was training, I ran the script to have that experience and then I commented out the amass part of the script. Then we are going to probe for alive domain and put it into a new file of alive.txt Again this is just basic script but it was fun to play around with these new tools.  Feel free to reach out on  LinkedIn  or  Twitter

 So like I said we are going over mitigations and I grabbed a couple slides and while this is not everything, I grabbed ones that helped to spark a thought process and understand how mitigation can be performed. Now we started with SMB Relay because we were told its one of the most exploited vulnerabilities. Really until this slide I was thinking "if it's such a known vulnerability why is it still being used?" And seeing this slide with the pros and cons made me realize certain things need to be used and our job as security professionals can't be just to shut down everything that can be exploited but rather make things as safe as possible so that our companies can still be as productive as possible while being as safe as possible. Now I always thought I knew strong passwords but in taking this course I found out just how easy password cracking is. So, 14 or more characters and make it complex.  Capital, Lowercase, Numbers, Special Characters, stay away from common wor...

Here we learn a little about LLMNR. So here is a description of the attack. I think the key here is that it provides the hash. These days anytime you can get a hash it's a win. Even if its long and complex, hash cracking tools are a 3 second google search.  I like graphics like this cause to be honest, even if I know how to attack it I am not always sure how to mitigate what I am doing. Its why I like learning what is behind the scenes. In the next few posts, I am going to show some mitigation techniques the course brought up and the reason for that is it really helped me start to think about how to mitigate. Again, I will not be sharing everything and if you want to learn more, please go check out  TCM Security . This has really been a great course to get my brain thinking in ways to help businesses.  And here are their recommendations for mitigation. And this is just to get your brain in the mode of mitigation. Remember we are doing this to help businesses not just to d...