Today I am writing about Infrastructure Penetration Testing attack methodology simulating a real-world Red Team remote engagement on a corporate network.
Remember to always follow the rules of engagement!
And to join my Discord here:
I will continue keeping update this article and add more topics and techniques.
- Enumerate all relevant public information about the client
- Enumerate all public network infrastructure
- Analyze the data and match possible usernames, emails, and phones numbers
- Public Leaks with possible passwords
I will divide the reconnaissance phase into two parts, company information and infrastructure information ( Juice 😀 ).
Public information about the company like org charts can help us map all departments inside the company usually these departments are mapped to Active Directory groups and public emails are great as an entry point into the infrastructure. Why?
Usually, public company emails are the first communication channels with their clients and are used by different people inside the company which leads to having a weak password. Imagine the if the email firstname.lastname@example.org used on a public website to interact with company clients is integrated inside the Active Directory from the company. Ok, let’s move on…
Enumerating Company Data
Enumerating Infrastructure Data
Big corporate networks have their own Autonomous system