Link-Local Multicast Name Resolution (LLMNR) is a Network Protocol that is used for Name resolution based on DNS packet format operating in Layer 2 (local link) specified in RFC 4795. It is a fall-back mechanism when DNS fails. The system which needs to resolve a hostname will send out a multicast query using LLMNR and the…
Author: kingsanit
Simple Network Management Protocol (SNMP)
SNMP is a protocol that is used to manage and monitor devices in IP based networks. It is used for Network Management and Network Monitoring. It collects information about the devices in a hierarchical structured way using Management Information Base (MIB). SNMP consists of the three following components: Managed Devices are the devices like server,…
Vulnerability Assessment
Vulnerability Assessment is the process of identifying, classifying and prioritizing the vulnerabilities in Computer System, Application, Software and Network. The vulnerabilities are discovered using vulnerability scanners and assessment tools that scan/assess the infrastructure and reports the weaknesses found. The vulnerabilities are categorized (generally as high, medium, low – qualitative measurement) into different levels based on…
NetBIOS Enumeration
NetBIOS is a legacy API that was used for communication between systems on LAN. Each system had an unique NetBIOS name assigned to it. When a machine wanted to connect to other system, it would resolve the NetBIOS name of the target system to it’s corresponding IP address and then connect. NetBIOS had vulnerabilities and…
Enumeration
Enumeration is part of Reconnaissance phase done after the scanning. During Enumeration phase, attacker creates active session with the live target host and gathers more detailed data than that was obtained during Scanning Phase. Please note that Enumeration is different from scanning. In scanning phase, the information like IP address, Ports, OS and vulnerabilities from…
Cyber Risk
Risk in Cyber is the probability of exploitation of a vulnerability by a threat actor that would lead to loss of confidentiality, integrity or availability of data or disruption of service. Risk = Threat x Vulnerability We can add impact attribute to enhance the risk calculation for better view of the risk with the impact…
Network Basic Input/Output System (NetBIOS)
NetBIOS is Network Basic Input Output System which is an API used for communication between systems over LAN (Local Area Network) like Ethernet and Token Ring. It was initially developed for IBM’s machines to communicate on LAN and later on was mostly used in Windows environment for Server Message Block (SMB) for file sharing, printing…
Vulnerability
A vulnerability is a weakness in a system, network or software/application that can be exploited to cause impact like bringing service down, data exfiltration or un-authorized access. The vulnerability can be due to the following reasons:
Metasploit
Metasploit owned by Rapid7 is an open-source exploit platform that is used for exploiting vulnerabilities and perform penetration testing on the target system. Metasploit Architecture Metasploit is a huge framework written in Ruby with number of components and modules. MSFconsole is the main CLI console through which we can access Metasploit and perform activities like…
Cyber Kill Chain
The Cyber Kill Chain framework developed by Lockheed Martin explains attacker’s progressive steps when attacking a target which can be used to identify and prevent cyber threat. The Cyber Kill Chain has seven stages as following: Reconnaissance This is the initial phase, where the attacker gather’s information about the target. Scanning, Foot printing and Enumeration is…