Areas of Expertise, aka How Can I Help You?

Contact me for full list of services, solutions, and offerings - info@teejang.com

General caveat, should-go-without-saying:

A part of every project is some sort of communication or project management skill. I excel at effective communication and project management. While this is a part of every aspect of the technical work that I perform, I will leave those items out when putting together this section.

Host Enumeration

Host enumeration involves finding out every little detail of your in-scope target. This can involve automated scanning tools, network mapping scripts, etc. Enumerating a target involves getting to know all of the details about that target. Over the years I have picked up a few tricks and learned about a lot of useful tools that assist in this enumeration phase.

Open-source Intelligence Gathering (OSINT)

This may sound a lot like host enumeration, but this involves passive searching and testing. The in-scope target is not actually being tested or associated with. OSINT can involve something as simple as using a common search engine (think Google) to search for information on a target. This technique can also involve going through breach data found on the darkweb and searching for passwords and usernames related to your target.

If it is "out there" on the Internet (public or Dark), it is considered "open-source" intelligence. Facebook, Instagram, LinkedIn, news articles, blogs, etc. This means it is out there for anyone to find, if they know how and where to look.

Perimeter (External) Network Testing

This is the "bread and butter" of a lot of security assessments. This closely simulates what a real-life attacker would be able to see should they target your, or your business', online assets. Do you have a personal website? Do you own any assets within the Cloud? Does your home router act as a firewall between the public Internet and your Apple Watch or Chromecast device?

You would have answered YES to at least one of those questions - the home WiFi router is the most common firewall in residential homes. Perimeter network testing involves breaching through that external defense, and gaining a position within a given internal network. Access to an "internal network" for most homes means having access to connected devices such as: garage door openers, security cameras, doorbell, robot vacuums, TVs, laptops, smartwatches, etc.

Internal Network Testing

"PenTesting". This is very similar to the perimeter testing except it involves simulating as-if an attacker has already breached through the perimeter and gained access to the internal network environment. The starting position is different and so when you do this type of testing, you are seeing how much damage you can do after you have gained this foothold.

While not all perimeter tests end up with access to the inside, I have done this more times that I can remember. Once inside the internal network, testing is done to gain "root" access, or access to a user with elevated privileges. If this user is obtained, I typically perform a few steps to grab either cleartext passwords, or password hashes, and then take those offline to a machine of my choosing to look at later. As mentioned above, a lot of assets reside on an "internal network" - even just at your home.

Password Cracking

Password cracking cannot be done unless a password "hash" is obtained first. There are hundreds of password hash types, and some of them are very complex and difficult to crack to cleartext. Many of the common hashes have popular tools which can efficiently "crack" hashes to cleartext, if given the correct input or prompts. "Wordlists" are fed to password crackers so that they can iterate through each possible hash value of those words, reverse engineer them, and see if it is a match. The guesses can be exponentially amplified when those crackers are also fed a "ruleset" or a list of rules which mutate password lists into different outcomes. Password cracking usually requires advanced, high-end hardware in order to be done efficiently.

Social Engineering

There are several methods and definitions of social engineering, but the one I have the most experience with involves making physical entry into places that I am not authorized to be in. This is always done with a signed contract, explicit permission from the asset owner, and always done with a "get-out-of-jail-free card". The card will not actually let me out of jail, but it should buy me some time while security personnel call the main point-of-contact for the project and confirm whether or not I am supposed to be there.

I have only been "caught" once, and the security guards were tipped off that I was coming. Social engineering involves acting like (and forcing yourself to feel like) you belong where you do not belong. Loitering in the lobby of a bank administration building, waiting at a side-entry door for an assisted living home, or dressing up with a contractor badge at a large hospital; all of these things I have done under the guise of security. The mindset is, "I belong here".

Social engineering takes advantage of the fact that most people avoid conflict and confrontation. If you act like you belong somewhere, you most likely belong there.

Phishing

You have received a phishing e-mail before. The ones I craft are customized in a "targeted" spear-phishing campaign. OSINT is performed, backgrounds are reviewed, and messages are crafted to entice their specific victims. Positioning, name-dropping, legitimate requests, etc. are all worked into a targeted spear-phishing campaign to make it look as authentic as possible. Nigerian Princes aren't asking you for money as often as they used to.

Physical Security

This goes hand-in-hand with social engineering, where sometimes I am hired for a specific job of breaking into a building with limited knowledge; and sometimes I am asked to come and simply review physical security controls and look for deficiencies. This can sometimes involve a checklist, and I have developed a mind and eye for spotting access control deficiencies and discovering ways to bypass them.

Page updated

Google Sites

Report abuse