The process of penetration testing of a system is called pen-testing, port-scanning is a process that scans the ports of the system, and Info-gathering is the process of gathering information about the system.
Servers have ports that run services and these services need to communicate with other ports to achieve computation/storage/data transfer/communication-based tasks.
All the servers are assigned with port numbers, major ports are assigned by default, and around 1000 are user-assigned ports.
The process of scanning the port is called port scanning, port scanning provides a lot of information that includes:
- Services running on ports
- Service owners
Ports are numbered by IANA. All the well-known ports are standardized by IANA. Some major types of port scans include:
1) Ping scan -> ICMP ping scan
2) SYN scans -> TCP handshake
3) FIN Cane -> Fin flag based
4)FTP Bounce -> FTP-based scan
5) Vanilla Scan -> SYN ACK based.
To carry out the scan, first run the above-mentioned scan and see if the ports are open, once the ports are open, the request can be sent and once the connection is established then processes like payload delivery can be carried out to penetrate the system.
Port scenarios:
Port can be OPEN
Port can be CLOSED
Ports can be FILTERED
Port scanning is when the ports are scanned, network scan is when the network is scanned.
Note: Pen-testing is an umbrella term and a lot of automated and manual scans have to be run to pen-test the system.
INFO-GATHERING
Info-gathering is a process when the information of a system is gathered via conducting scans to conduct primary and secondary research of the system.
Info-gathering is leveraged to uncover information about the potential target. Info-gathering is carried out by CYBER SEC TEAM to carry out information gathering and management.
Info-gathering consists of Security Research and intel reconnaissance process, info-gathering will leverage certain processes to gather information about the system.
Info-gathering is a Systematic process, info-gathering processes needs to be followed to extract actionable data. Information gathering will require -> Planning, strategizing, execution, and actionable decision-making.
PAYLOAD
The payload consists of a Header and message, and when the payload is delivered from POINT A to POINT B it is referred to as payload delivery. The transportation of the payload is referred to as Payload Delivery.
The data transmitted over the internet is encapsulated, the abstracted data can be referred to as payload which is transmitted from one server to another to carry out networking and data-driven activities. Payload logistics are a crucial part of payload delivery.
The article above is rendered by integrating outputs of 1 HUMAN AGENT & 3 AI AGENTS, an amalgamation of HGI and AI to serve technology education globally.