Scanning & Enumeration Introduction

00:00

Hey, everyone, welcome to the scanning in new Marais, Shin and vulnerabilities. Course, My name is Ken Underhill, and I'll be your instructor.

00:06

So what are we actually gonna be doing in this course? Well, you're gonna be for forming a lot of different scans and primarily we're using and map and h ping three. We're also gonna be using those to determine the operating system and use on a target as well as determining open ports and performing vulnerability scans later, later on in this course.

00:23

So what are prerequisites? Well, this course is intended for individuals that are study for things like the sort of unethical Akora pen test plus exam from Camp Tia. Also individuals that are looking to just learn more about this particular topic, or whether that before a penetration testing, which is kind of the focus of the course,

00:39

or just as a kind of blue team or defender. Just learning more about scanning in numerous shin and

00:44

how we can find vulnerabilities.

00:46

So, prerequisites, you definitely need to have some kind of understanding of lyrics. So specifically the linens terminal and more specifically that Callie Lennox Terminal, because that's what we're gonna be using this course.

00:58

We also want you to have a basic understanding of computer networking. So that way, when we're talking about things like I p addresses or look back interfaces, you kind of wonder have an understanding of what that is also. So you have an understanding of the TCP three way handshake. And so as I start talking about that throughout the course, you're not totally confused,

01:15

and your eyes don't start glazing over. So you definitely want to have some foundational,

01:19

No working knowledge. I mean, you could get both of those items on the cyber recycling Get information about Lennox is well, it's basically a working knowledge and various courses.

01:27

You also want to have an understanding of operating systems. So we'll be looking at Windows OS, specifically server in Windows 10. And when I say looking at, I really just mean that we're gonna be using those. And then also as I mentioned R. Kelly Lennox machine,

01:42

you just want to be familiar with hardware. We're not gonna, like dive into hardware or anything like that, but it's just good to have that foundation of knowledge. She understand, like what we're actually doing as we go through the process. And as I mentioned before, if you're studying for the EEC counsel, certified ethical hacker or the county, a pen tests bless or any other type of penetration. Testing was quote unquote ethical hacking

02:01

related certification,

02:02

then this is a good course for you, Detective. Hone your skills just a little bit more.

02:07

So who am I? You know, who is this guy teaching you? Well, my name is Ken Underhill. As I mentioned, I'm the master structure of cyber. Very. I'm also in a young professor of digital forensics. Remember that, by the way, intend wink wink. I hold a masters in cyber Security and information Assurance is, well, it's an undergraduate degree in cyber security management and information systems.

02:25

Azad kind of mentioned before a certified ethical hacker as well as a computer hacking forensic investigator.

02:31

Both those exams are from the City Council, and then I'm also studying for my company. A pen tests plus right now. So if you have questions on any of the above exams, then I'm probably a good resource to answer any questions you might have.

02:44

I'm also an exam reviewer as well as an exam writer for easy counsel. So I've reviewed the latest version of the CH exam for them. So I won't tell you what modules. And I definitely can't tell you the answers. And then I've also written questions for the computer hacking forensic investigator investigator exam. So the latest version that's out, I actually wrote some questions for that.

03:05

And again, I can't tell you the answers to that one either.

03:08

So what are we covering this course? You know, I mentioned it's about scanning enumeration and vulnerabilities, but what we actually covering? We're gonna show you how Thio especially want to run some commands essentially to look at life systems

03:21

and check for open ports as well. We're gonna check and run a lot of different skinning options within map in H being three.

03:29

And what about different? Some of the different flags we can use, for example, like a seance can in an map doing the dash lower case as capital s And that'll make more sense as we go through the course

03:38

much before we're gonna cover some fingerprinting and banner grabbing again. Those were kind of numerous in related things, So not fingerprinting the aspect of just kind of footprint ing type of stuff but fingerprinting from like an OS standpoint of figuring out what operating system the target might be using

03:53

much of five wash. We worked with some different enumeration tools, things like Dig and Finger. And no, it's not the middle finger. It's actually a command, so you'll learn about what that is. Module six, we're gonna cover vulnerability. So from that context, all these air actually lab based modules. So modules two through six are all lab based,

04:11

and so we're gonna have a lot of hands on there. So with the vulnerability section,

04:15

well, go ahead and run a couple of vulnerability scans with different tools so you could take a look and see what that looks like.

04:19

Module seven. I talk about an assessment in there, and then we, of course, to our wrap up with our conclusion video. But again, I talk about an assessment in there, and I'll talk about that as we go throughout the entire course. So we have a couple assessments for you in this course,

04:32

number one will be a assessment on vulnerabilities. So that one I show I have a video that shows you where to go look for that. In this I bury lab environment.

04:42

And then I also have a document that's got a bunch of different emmick. Mm. Commander sees me on it, and that way you can download that, and you could practice those on your own. Now, I designed this course so the labs are all with the cyber lab environment. However,

04:57

I designed the course where you could actually do all the labs on your own virtual environment. So if you're not a paid member for some reason,

05:01

you know, by the way, you should consider that. But anyways, if you're not a paid member, this is a good way. A good course for you to take because you can actually do things just in your own virtual machine with Callie Lennox. And of course, keeping in mind that the I P addresses will be different because you're doing whatever on your own network and not inside of the cyber lab environment.

05:21

So how is this core structure what's actually gonna be on demand videos on with those? We've got labs now with the labs. I've got a bunch of step by step guides that walk you through all of the lab. So if you want a policy of videos and not watch me do it and just, you know, practice it on your own.

05:35

If you find I go too fast or too slow, then that's why I've created this step by step guide so that we could just go through it on your own. And you don't have to worry about following along in the video.

05:46

As I mentioned, we got assessments. So again, that's gonna be the vulnerability assessment that's available inside of this ivory paid model. And then also, as I mentioned the downloadable end map listing of commands that I want you to go run in practice and understand what you're doing with those specifically and maps gonna be very important if you decide to take anything like

06:04

the EEC counsel CH exam or the camp here.

06:08

Pantex Bless exam, especially especially for plant explosion, definitely need to understand the output of command. You need to be able to look at an output oven and map command and then understand, like what command was actually run to get to that output

06:20

and then, as I mentioned supplementary sources. So in addition to all the lab documents, the assessment stuff. There's gonna be additional helpful information that you can download with this course.

06:31

So a quick post assessment question. And I hope you were paying attention to my hint, hint, wink, wink thing s o question. Here, I have worked as an agent professor and instructed on art history. Is that true or false?

06:44

All right, so that's obviously false, right? If you were paying attention, you heard me say that I was an agent professor of digital forensics or computer forensics, if you're not familiar with what that is. And most people have learned about forensics from watching television shows, etcetera. So just think of it as you're looking through a computer and doing the same things they do on those crime shows.