Our goal is not to get at the systems but to find all the ways to get there.
No. |
Principle |
|---|---|
| 1. | There is more than meets the eye. Consider all points of view. |
| 2. | Distinguish between what we see and what we do not see. |
| 3. | There are always ways to gain more information. Understand the target. |
The whole enumeration process is divided into three different levels:
Layers for external infrastructure
| Infrastructure-based enumeration | Host-based enumeration | OS-based enumeration |
|---|
These layers are designed as follows:
| Layer | Description | Information Categories |
|---|---|---|
1. Internet Presence |
Identification of internet presence and externally accessible infrastructure. | Domains, Subdomains, vHosts, ASN, Netblocks, IP Addresses, Cloud Instances, Security Measures |
2. Gateway |
Identify the possible security measures to protect the company's external and internal infrastructure. | Firewalls, DMZ, IPS/IDS, EDR, Proxies, NAC, Network Segmentation, VPN, Cloudflare |
3. Accessible Services |
Identify accessible interfaces and services that are hosted externally or internally. | Service Type, Functionality, Configuration, Port, Version, Interface |
4. Processes |
Identify the internal processes, sources, and destinations associated with the services. | PID, Processed Data, Tasks, Source, Destination |
5. Privileges |
Identification of the internal permissions and privileges to the accessible services. | Groups, Users, Permissions, Restrictions, Environment |
6. OS Setup |
Identification of the internal components and systems setup. | OS Type, Patch Level, Network config, OS Environment, Configuration files, sensitive private files |