Weeks 3 & 4: Diving Deeper into Recon, Enumeration, and Networking


The past two weeks have been a mix of challenges and progress. In Week 3, I explored Active Reconnaissance, Enumeration, and Social Engineering Attacks, while Week 4 was a bit slow due to university resumption. However, I focused on Networking Fundamentals and Web Application Exploitation to strengthen my understanding before moving forward.
Week 3: Active Reconnaissance & Enumeration
In Week 2, I stopped at Passive Reconnaissanceβgathering intel without directly interacting with the target. Week 3 took things further with Active Reconnaissance, where I began directly probing systems for vulnerabilities. This was my first deep dive into Nmap scanning techniques:
π Nmap Scanning Techniques
πΉ SYN Scan (-sS) β Checks for open TCP ports by sending SYN packets. πΉ TCP Connect Scan (-sT) β Default scan that establishes a full TCP connection. πΉ UDP Scan (-sU) β Probes UDP ports, useful for scanning DNS, SNMP, DHCP servers. πΉ TCP FIN Scan (-sF) β Attempts to bypass firewalls by sending FIN packets. πΉ Host Discovery Scan (-sn) β Identifies live hosts on a network. πΉ Timing Options (-T0 to -T5) β Adjusts scan aggressiveness (stealthy to aggressive).
Beyond scanning, I also learned Enumeration Techniques, crucial for uncovering system details:
π Enumeration Techniques
β Host Enumeration β Identifying active devices. β User & Group Enumeration β Extracting system users and groups. β Network Share Enumeration β Finding shared resources on networks. β Web Application Enumeration β Discovering site structure, directories, and subdomains. β Service Enumeration β Finding running services, open ports, and vulnerabilities. β Packet Crafting for Enumeration β Customizing network packets to probe systems stealthily.
π‘οΈ Analyzing Vulnerabilities
To make sense of scan results, I explored vulnerability databases like:
US-CERT
NIST
CVE (Common Vulnerabilities and Exposures)
CWE (Common Weakness Enumeration)
CVSS (Common Vulnerability Scoring System)
I learned how to determine if a vulnerability is worth reporting or exploiting based on severity, risk, and impact.
π Social Engineering Attacks
To complement technical reconnaissance, I explored Social Engineering tactics:
πΉ Phishing (Email, Spear Phishing, Whaling, Vishing, SMS phishing) πΉ Pretexting & Impersonation πΉ Watering Hole Attacks πΉ Physical Attacks (Tailgating, Dumpster Diving, Shoulder Surfing, Badge Cloning)
I also performed hands-on labs to test scanning, enumeration, and phishing techniques in controlled environments.
Week 4: Networking & Web Exploitation
With university resuming, my schedule got tighter, but I focused on Networking Basics to strengthen my foundation before diving deeper into Wi-Fi and network-based exploitation.
π Networking Fundamentals
β OSI Model & Data Transmission β Network Addresses & CIDR Notation β Hubs, Switches, and ARP β Routers & Setting up SOHO Networks β VPNs & Secure Tunneling β Essential Networking Commands for Troubleshooting
Additionally, I covered Remote Support & Administration:
πΉ SSH (Secure Shell) β Remote access to Linux servers. πΉ RDP & VNC β Remote desktop management for Windows & Linux. πΉ Third-Party Remote Support Tools β Best practices for secure remote connections. πΉ Phone Support Tips & Tricks β Handling technical issues over calls.
π» Web Application Exploitation & Bug Bounty Hunting
As I began exploring Web App Exploitation, I decided to strengthen my approach by studying Bug Bounty Hunting. To aid my learning, I added the book "Bug Bounty Bootcamp" to my resources. My focus includes:
πΉ Web Reconnaissance & Subdomain Enumeration πΉ Finding Security Misconfigurations πΉ Identifying Common Web Vulnerabilities (XSS, SQL Injection, CSRF, etc.) πΉ Analyzing Web Requests & Responses πΉ Automating Web Scans with Burp Suite & Nikto
Next Steps π
βοΈ Complete Networking & Security in TCMβs Practical Help Desk Course.
βοΈ Dive deeper into Wi-Fi & Network Exploitation after mastering networking.
βοΈ Progress in Web Application Security & Bug Bounty Hunting.
βοΈ Continue performing practical labs & CTF challenges.
Subscribe to my newsletter
Read articles from Ebenezer Evero directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Ebenezer Evero
Ebenezer Evero
Hi, Iβm Ebenezer Evero Ighozino, an aspiring penetration tester and cybersecurity enthusiast documenting my journey from beginner to ethical hacker. I started my cybersecurity journey with a passion for ethical hacking but struggled to find the right roadmap. Now, Iβm learning network security, vulnerability management, penetration testing, and incident responseβone step at a time. Through this blog, I share weekly insights, hands-on projects, and lessons learned, helping others navigate the cybersecurity space. Whether you're a beginner or looking for motivation, let's learn, hack, and grow together! π πΉ Current Focus: Cybersecurity Fundamentals, Ethical Hacking, and Capture The Flag (CTF) Challenges.