Network Assessment

Auditing Network device configuration

Security Assessment:

• Which VPN services used

• What are the historical vulnerabilities

• Which team is responsible for that

• Is multi factor authentication enabled

• Is user ID/Machine ID trackable

• Is certificate based multifactor authentication enforced

• What are gaps observed

• Comments/Notes:

Map the Internal Network

Scan the Network for Live Hosts

Port-scan individual machines

Try to gain access using known vulnerabilities

Attempt to establish null sessions

Enumerate users/identify domains on the network

[Sniff the network using Wireshark

Sniff POP3/FTP/Telnet Passwords

[ ] Attempt Replay Attacks

[ ] Attempt ARP Poisoning

[ ] Attempt MAC Flooding

[ ] Conduct Man-In-The-Middle Attacks

[ ] Attempt DNS Poisoning

[ ] Try logging in to a console machine

[ ] Boot the PC Using an Alternate OS and Steal the SAM File

[ ] Bypass the OS to Obtain Information

[ ] Attempt to plant a software keylogger to steal passwords.

[ ] Attempt to plant a hardware keylogger to steal passwords.

[ ] Attempt to plant spyware on the target machine

[ ] Attempt to plant a Trojan on the target machine

[ ] Attempt to bypass antivirus software installed on the target machine

[ ] Attempt to send a virus using the target machine.

[ ] Attempt to plant rootkits on the target machine

[ ] Hide sensitive data on target machine

[ ] Hide hacking tools and other data on target machines

[ ] Use various steganography techniques to hide files on target machines.

[ ] Escalate user privileges

[ ] Capture POP3 Traffic

[ ] Capture SMTP Traffic

[ ] Capture IMAP E-mail traffic

[ ] Capture the communications between FTP client and FTP Server

[ ] Capture HTTP Traffic

[ ] Capture RDP Traffic

[ ] Capture VoIP Traffic

[ ] Spoof the MAC Address

[ ] Attempt Session Hijacking on telnet traffic.

[ ] Attempt Session Hijacking on FTP

traffic.

[ ] Attempt Session Hijacking on HTTP traffic.

[ ] Document Everything