Outline and discuss specific use cases to discover and enumerate information that could be used for potential exploitation. Some examples of information that you are gathering from Haverbrook Investment Group’s systems are usernames, machine names, shares, and services from a system. Identify any software, applications, or scripts that will be needed and provide a description of how this software will be used to gather information about Haverbrook’s systems.
As you are developing the Scanning Plan, keep these questions in mind:
- How would you detect active systems?
- How would you determine the best attack vector you wish to exploit?
- How would you prioritize different targets of opportunity?
- What tools would you be using for scanning and enumeration of systems and vulnerabilities?
Be sure to identify any needed software and provide a description of how it will be used to gather information about the systems.