WEBVTT

00:07.190 --> 00:13.250
Network enumeration involves querying a group of hosts to gather specific information about our network

00:13.280 --> 00:13.910
assets.

00:13.940 --> 00:19.820
When we look at network scanning and mapping, we're really talking about the aspect of gathering as

00:19.820 --> 00:22.310
much information about our network as a whole.

00:22.310 --> 00:29.210
That usually includes scanning for specific ports, protocols, software, and vulnerabilities or flaws.

00:29.210 --> 00:32.690
When across our entire network, we're looking for active ports.

00:32.690 --> 00:35.150
We're looking for specific software vulnerabilities.

00:35.150 --> 00:41.030
We're looking for flaws that go through the entire network as a whole, not within just one aspect of

00:41.030 --> 00:47.420
a specific machine, but across the entire domain, whether that includes operating systems, routers,

00:47.420 --> 00:51.410
switches, or pretty much anything within the entire network.

00:51.500 --> 00:56.150
We're usually doing a vulnerability scan to look for specific vulnerabilities, but we're also looking

00:56.150 --> 01:04.660
for problems that may erupt from different troubleshooting lags or flaws Within the network traffic.

01:04.780 --> 01:06.820
So we want to identify the different ports.

01:06.820 --> 01:09.520
We want to identify the different protocols that we're utilizing.

01:09.520 --> 01:15.190
But it's more than just finding out if this port is open or closed or if this protocol is actually active

01:15.190 --> 01:15.700
or not.

01:15.730 --> 01:19.990
What we're really looking for is what version of that protocol are they utilizing?

01:20.020 --> 01:27.610
Are we using an outdated or flawed protocol or a port that is seamlessly, more often than not, very

01:27.610 --> 01:30.700
vulnerable to attack, such as FTP or telnet?

01:30.730 --> 01:36.880
These specific ports or protocols that are often used can indicate a major flaw within our system as

01:36.880 --> 01:37.480
a whole.

01:37.510 --> 01:43.510
Nmap is one such tool that is greatly known as an open source tool utilized for scanning.

01:43.540 --> 01:49.930
Most people use nmap specifically for identifying operating systems or ports or protocols different

01:49.930 --> 01:54.880
services that are being offered, but it can also be utilized as a vulnerability scanner.

01:54.880 --> 02:00.310
In such a way, we can identify whether or not a specific protocol has a known vulnerability on it.

02:00.310 --> 02:07.520
If a specific port is well known and providing a flaw within our system such as telnet or FTP.

02:08.060 --> 02:13.640
And it goes without saying that nmap is widely used as a command line based tool.

02:13.670 --> 02:20.420
You'll probably also heard of Zenmap, which provides us a overall network kind of topology that's easier

02:20.420 --> 02:20.840
to use.

02:20.840 --> 02:24.650
However, it's not really supported anymore and it's hard to find that zenmap.

02:24.680 --> 02:29.000
I would caution you against using Zenmap as you're going through your tools.

02:29.000 --> 02:33.920
Most cybersecurity professionals, it's expected that we understand command line interface and that

02:33.920 --> 02:37.760
we expect to understand how a Linux system actually operates.

02:37.790 --> 02:39.890
Get used to typing out those little commands.

02:39.890 --> 02:41.120
It'll be good for you in the long run.

02:41.150 --> 02:45.680
Metasploit framework is an open source framework that's widely adopted for penetration testing.

02:45.680 --> 02:49.520
When most people think of Metasploit, they think penetration testing.

02:49.520 --> 02:55.760
Most people don't realize that that tool actually has scanning, uh, scanning services involved within

02:55.760 --> 02:56.690
the tool itself.

02:56.690 --> 03:04.490
For instance, we can use Metasploit framework to find out if a specific SQL or a specific samba is

03:04.490 --> 03:05.690
vulnerable to attack.

03:05.720 --> 03:10.720
It goes a little bit more in depth when we use it for scanning tools because it's specific for penetration

03:10.720 --> 03:11.410
testing.

03:11.410 --> 03:17.290
But there's no doubt that Metasploit Framework does provide us not only some scanning tools, but also

03:17.290 --> 03:22.000
exploits into vulnerabilities that those scanning tools find that can be compromised.

03:22.000 --> 03:26.980
Recon Ng is an open source framework that specializes in reconnaissance and open source intelligence

03:26.980 --> 03:32.020
gathering, and much like Metasploit, it focuses on target discovery and infrastructure mapping.

03:32.020 --> 03:38.230
But it goes a little bit step beyond that by identifying specific subdomains, email addresses, and

03:38.230 --> 03:42.280
pretty much anything on the internet that you could think of that would be open source for gathering

03:42.280 --> 03:43.780
information and intelligence.

03:43.810 --> 03:49.990
It really goes without saying that recon Ng provides us with a vast understanding of the network and

03:49.990 --> 03:54.610
how your domain, how your website is seen by the public eye.

03:54.640 --> 03:56.650
All of this information is open source.

03:56.650 --> 04:03.520
So what is your information that you're leaving on the domain or on platforms such as Google or Bling

04:03.550 --> 04:04.180
or being?

04:04.180 --> 04:04.930
Excuse me?

04:04.960 --> 04:10.270
Operating across the board and what can our attackers see about our specific domains?