Jack Recider

And so, once he was done with one pen test job, he'd move right on to the next. And this time, it was a bank.

And so, once he was done with one pen test job, he'd move right on to the next. And this time, it was a bank.

So they arrive on site and they're greeted by the on-site team. They're shown where to sit and where to plug into the network. And this was a simulated breach. So if someone got into the network who shouldn't be on it, what could they see or do while there? So the two of them get all set up in this room and, well, you already know what tool they're going to start up first.

So they arrive on site and they're greeted by the on-site team. They're shown where to sit and where to plug into the network. And this was a simulated breach. So if someone got into the network who shouldn't be on it, what could they see or do while there? So the two of them get all set up in this room and, well, you already know what tool they're going to start up first.

That's going to be Responder.

That's going to be Responder.

Okay, so they've taught me that Responder is their go-to tool for starting a network assessment. But if that's not working for whatever reason, what do you do next? Hmm.

Okay, so they've taught me that Responder is their go-to tool for starting a network assessment. But if that's not working for whatever reason, what do you do next? Hmm.

Okay, so NMAP is a basic tool to scan the network. It's simple and efficient and usually safe. And when you're testing a live network, you want to be as light-footed as you can. And NMAP is a gentle tool to scan the network with. It just does like a simple knock on the door. Is anyone home?

Okay, so NMAP is a basic tool to scan the network. It's simple and efficient and usually safe. And when you're testing a live network, you want to be as light-footed as you can. And NMAP is a gentle tool to scan the network with. It just does like a simple knock on the door. Is anyone home?

And it really just stops there, which is nice since you don't want to disrupt business or wreck any systems in your process. Since after all, this is a bank which needs to continue their service to customers. but mass scan is a bit beefier of a tool compared to Nmap. It can make a map of your network, but it's designed to scan huge amounts of systems at once.

And it really just stops there, which is nice since you don't want to disrupt business or wreck any systems in your process. Since after all, this is a bank which needs to continue their service to customers. but mass scan is a bit beefier of a tool compared to Nmap. It can make a map of your network, but it's designed to scan huge amounts of systems at once.

Like it shines really well when it's supposed to scan like millions of IPs at once, or even the whole internet. This network at most had like thousands of IPs. Mass scan is just too powerful of a tool for this scenario. But this junior pen tester was convinced that because it's a beefier tool, it's better for the job.

Like it shines really well when it's supposed to scan like millions of IPs at once, or even the whole internet. This network at most had like thousands of IPs. Mass scan is just too powerful of a tool for this scenario. But this junior pen tester was convinced that because it's a beefier tool, it's better for the job.

Okay, so this junior pen tester was absolutely flooding the network with traffic. They weren't told what exactly they impacted, but I'm going to speculate on what happened here. He had a computer that was plugged in using an Ethernet cable. So his next hop from his laptop would have probably been a network switch or router.

Okay, so this junior pen tester was absolutely flooding the network with traffic. They weren't told what exactly they impacted, but I'm going to speculate on what happened here. He had a computer that was plugged in using an Ethernet cable. So his next hop from his laptop would have probably been a network switch or router.

If he's sending massive amounts of traffic, it could easily overwhelm that next hop. Just too many packets at once going through that and opening too many sessions, it can fill up the session table. Memory or CPU on the device could just be maxed out and it just might not accept any more packets. Essentially doing a denial of service on that next hop if it was a switch or a router.

If he's sending massive amounts of traffic, it could easily overwhelm that next hop. Just too many packets at once going through that and opening too many sessions, it can fill up the session table. Memory or CPU on the device could just be maxed out and it just might not accept any more packets. Essentially doing a denial of service on that next hop if it was a switch or a router.

And what that would do is it'd cause everyone who's also connected to that device to not be able to reach anything beyond it. Like the pipes are clogged kind of thing. And if there are servers also connected to that switch, then those servers would be unreachable by anyone too. The other option is if this mass scan tool was configured to scan IPs

And what that would do is it'd cause everyone who's also connected to that device to not be able to reach anything beyond it. Like the pipes are clogged kind of thing. And if there are servers also connected to that switch, then those servers would be unreachable by anyone too. The other option is if this mass scan tool was configured to scan IPs