β±οΈ Nmap for Pentester: Timing Scan
π₯ Telegram: https://t.me/hackinarticles
Nmap provides timing templates (-T0 to -T5) that control how fast packets are sent during scanning. Adjusting these templates helps pentesters balance speed, accuracy, and stealth while performing network reconnaissance.
β‘οΈ Timing scans covered:
π’ Paranoid Scan (-T0)
π΅οΈ Sneaky Scan (-T1)
π Polite Scan (-T2)
βοΈ Normal Scan (-T3)
π Aggressive Scan (-T4)
π₯ Insane Scan (-T5)
π― Understanding timing templates helps security professionals optimize scans and bypass certain firewall rate-limiting rules.
π Read the full guide:
https://www.hackingarticles.in/nmap-for-pentester-timing-scan/
π₯ Telegram: https://t.me/hackinarticles
Nmap provides timing templates (-T0 to -T5) that control how fast packets are sent during scanning. Adjusting these templates helps pentesters balance speed, accuracy, and stealth while performing network reconnaissance.
β‘οΈ Timing scans covered:
π’ Paranoid Scan (-T0)
π΅οΈ Sneaky Scan (-T1)
π Polite Scan (-T2)
βοΈ Normal Scan (-T3)
π Aggressive Scan (-T4)
π₯ Insane Scan (-T5)
π― Understanding timing templates helps security professionals optimize scans and bypass certain firewall rate-limiting rules.
π Read the full guide:
https://www.hackingarticles.in/nmap-for-pentester-timing-scan/
πͺ Nmap for Pentester: Port Status
π₯ Telegram: https://t.me/hackinarticles
When performing port scanning with Nmap, the results donβt only show open or closed ports. Instead, Nmap classifies ports into different states based on the responses received from the target system or firewall.
β‘οΈ Port states covered:
π’ Open
π΄ Closed
π‘ Filtered
π‘ Unfiltered
β Open | Filtered
β οΈ Closed | Filtered
π― Understanding these states helps pentesters interpret scan results correctly and identify potential attack surfaces during reconnaissance.
π Read the full guide:
https://www.hackingarticles.in/nmap-for-pentester-port-status/
π₯ Telegram: https://t.me/hackinarticles
When performing port scanning with Nmap, the results donβt only show open or closed ports. Instead, Nmap classifies ports into different states based on the responses received from the target system or firewall.
β‘οΈ Port states covered:
π’ Open
π΄ Closed
π‘ Filtered
π‘ Unfiltered
β Open | Filtered
β οΈ Closed | Filtered
π― Understanding these states helps pentesters interpret scan results correctly and identify potential attack surfaces during reconnaissance.
π Read the full guide:
https://www.hackingarticles.in/nmap-for-pentester-port-status/
π₯2
π‘ Nmap for Pentester: Host Discovery
π₯ Telegram: https://t.me/hackinarticles
Host Discovery is the first step in network reconnaissance. It helps pentesters identify which systems are alive in a network before performing deeper scans like port scanning or service enumeration.
β‘οΈ Techniques covered:
π‘ Ping Sweep (-sn)
π€ TCP SYN Ping (-PS)
π© TCP ACK Ping (-PA)
π¨ ICMP Echo Ping (-PE)
π¦ UDP Ping (-PU)
π IP Protocol Ping (-PO)
π§ ARP Ping (-PR)
π« No Ping Scan (-Pn)
π― These techniques help pentesters identify live hosts, bypass firewall restrictions, and improve target discovery during information gathering.
π Read the full guide:
https://www.hackingarticles.in/nmap-for-pentester-host-discovery/
π₯ Telegram: https://t.me/hackinarticles
Host Discovery is the first step in network reconnaissance. It helps pentesters identify which systems are alive in a network before performing deeper scans like port scanning or service enumeration.
β‘οΈ Techniques covered:
π‘ Ping Sweep (-sn)
π€ TCP SYN Ping (-PS)
π© TCP ACK Ping (-PA)
π¨ ICMP Echo Ping (-PE)
π¦ UDP Ping (-PU)
π IP Protocol Ping (-PO)
π§ ARP Ping (-PR)
π« No Ping Scan (-Pn)
π― These techniques help pentesters identify live hosts, bypass firewall restrictions, and improve target discovery during information gathering.
π Read the full guide:
https://www.hackingarticles.in/nmap-for-pentester-host-discovery/
β€4
π΅ Blue Teaming Active Directory: EvenMonitor
π₯ Telegram: https://t.me/hackinarticles
β΄οΈ Twitter: https://x.com/hackinarticles
Attackers target ADβ¦ defenders must monitor EVERYTHING β οΈ
β‘οΈ Defense Highlights
π Monitor AD events & suspicious logins
π Track user/group/permission changes
π¨ Detect privilege escalation & lateral movement
π§ Identify abnormal behavior patterns
π‘ Improve visibility across domain
π‘ Active Directory monitoring = continuous tracking of accounts, permissions & activities to detect threats early
β οΈ Without proper monitoring β attacks stay invisible until domain compromise
π Article: https://www.hackingarticles.in/blue-teaming-active-directory-evenmonitor/
π₯ Telegram: https://t.me/hackinarticles
β΄οΈ Twitter: https://x.com/hackinarticles
Attackers target ADβ¦ defenders must monitor EVERYTHING β οΈ
β‘οΈ Defense Highlights
π Monitor AD events & suspicious logins
π Track user/group/permission changes
π¨ Detect privilege escalation & lateral movement
π§ Identify abnormal behavior patterns
π‘ Improve visibility across domain
π‘ Active Directory monitoring = continuous tracking of accounts, permissions & activities to detect threats early
β οΈ Without proper monitoring β attacks stay invisible until domain compromise
π Article: https://www.hackingarticles.in/blue-teaming-active-directory-evenmonitor/
β€2
Active Directory Pentesting with BloodyAD π©Έ
π₯ Telegram: https://t.me/hackinarticles
β΄οΈ Twitter: https://x.com/hackinarticles
BloodyAD is a powerful Active Directory exploitation tool used to abuse AD permissions (DACLs) for privilege escalation, persistence, and domain compromise. It enables attackers to manipulate objects, reset passwords, and gain full control over the domain.
π Techniques Covered in This Guide
βοΈ Lab Setup
π Understanding AD ACL & DACL Abuse
π§ BloodHound Path Analysis
π Authentication (Password / Hash / Kerberos)
π₯ Add User to Privileged Groups
π Reset Password & Takeover Accounts
β‘οΈ GenericAll / GenericWrite Abuse
π WriteDACL & WriteOwner Exploitation
π‘ Resource-Based Constrained Delegation (RBCD)
π Shadow Credentials Attack
π― Privilege Escalation to Domain Admin
π Article:
https://www.hackingarticles.in/active-directory-penetration-testing-with-bloodyad/
π₯ Telegram: https://t.me/hackinarticles
β΄οΈ Twitter: https://x.com/hackinarticles
BloodyAD is a powerful Active Directory exploitation tool used to abuse AD permissions (DACLs) for privilege escalation, persistence, and domain compromise. It enables attackers to manipulate objects, reset passwords, and gain full control over the domain.
π Techniques Covered in This Guide
βοΈ Lab Setup
π Understanding AD ACL & DACL Abuse
π§ BloodHound Path Analysis
π Authentication (Password / Hash / Kerberos)
π₯ Add User to Privileged Groups
π Reset Password & Takeover Accounts
β‘οΈ GenericAll / GenericWrite Abuse
π WriteDACL & WriteOwner Exploitation
π‘ Resource-Based Constrained Delegation (RBCD)
π Shadow Credentials Attack
π― Privilege Escalation to Domain Admin
π Article:
https://www.hackingarticles.in/active-directory-penetration-testing-with-bloodyad/
β€2
Active Directory User Enumeration: Complete Guide π§
π₯ Telegram: https://t.me/hackinarticles
β΄οΈ Twitter: https://x.com/hackinarticles
User Enumeration is the foundation of every Active Directory attack. It helps attackers map users, privileges, and misconfigurations to identify attack paths.
β‘οΈ Key Features of User Enumeration
π Enumerate all domain users (PowerView, pywerview)
𧩠Extract user attributes & group memberships
βοΈ Identify privileged & admin accounts
π‘ Discover SPN users (Kerberoasting targets)
π‘ Analyze login activity & password metadata
π― Enumeration Insights
π₯ Find Domain Admin & high-value targets
π§ͺ Detect weak password practices
𧬠Identify Kerberoastable accounts
π Discover delegation & ACL misconfigs
β‘οΈ Map attack paths for privilege escalation
π Article: https://www.hackingarticles.in/active-directory-user-enumeration-a-comprehensive-guide/
π₯ Telegram: https://t.me/hackinarticles
β΄οΈ Twitter: https://x.com/hackinarticles
User Enumeration is the foundation of every Active Directory attack. It helps attackers map users, privileges, and misconfigurations to identify attack paths.
β‘οΈ Key Features of User Enumeration
π Enumerate all domain users (PowerView, pywerview)
𧩠Extract user attributes & group memberships
βοΈ Identify privileged & admin accounts
π‘ Discover SPN users (Kerberoasting targets)
π‘ Analyze login activity & password metadata
π― Enumeration Insights
π₯ Find Domain Admin & high-value targets
π§ͺ Detect weak password practices
𧬠Identify Kerberoastable accounts
π Discover delegation & ACL misconfigs
β‘οΈ Map attack paths for privilege escalation
π Article: https://www.hackingarticles.in/active-directory-user-enumeration-a-comprehensive-guide/
β€5π2