This topic contains 1 reply, has 2 voices, and was last updated by silverslides 10 months, 1 week ago.
How are you guys performing stealthy scanning in red team engagements or ‘quietly’ once an initial foothold has been gained on a network?
I’ve heard a few different things like avoiding nmap and using masscan at an extremely slow rate to using nmap and only targeting a limited range of ports with a stealth scan. Thought it’d be best to ask everyone here what their methods are for performing stealthy scans and avoiding detection on internal engagements.
I don’t know them by heart but some scanning is possible with powershell, netcat,telnet,curl,wget
First foothold into a network? Go passive first. netneighbors and hosts file.
You must be logged in to reply to this topic.