May 7, 2021

Recon in Red Team Engagements

Home Forums Recon in Red Team Engagements

This topic contains 1 reply, has 2 voices, and was last updated by  silverslides 10 months, 1 week ago.

  • Author
  • #278388


    Hey everyone,

    How are you guys performing stealthy scanning in red team engagements or ‘quietly’ once an initial foothold has been gained on a network?

    I’ve heard a few different things like avoiding nmap and using masscan at an extremely slow rate to using nmap and only targeting a limited range of ports with a stealth scan. Thought it’d be best to ask everyone here what their methods are for performing stealthy scans and avoiding detection on internal engagements.

  • #278389


    I don’t know them by heart but some scanning is possible with powershell, netcat,telnet,curl,wget

  • #278390


    First foothold into a network? Go passive first. netneighbors and hosts file.

You must be logged in to reply to this topic.