Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
167
our targets are accessible without the need of any VPNs or permissions in a firewall. In most
cases, a client providing a list of IP addresses for an external scan isn’t a cause for concern. But if
we are single-handedly determining the attack surface of a client’s publicly accessible
infrastructure, we need to understand that firewalls and other access restriction mechanisms,
which could make systems and services inaccessible, might be in place.
For example, an international client has several systems in multiple countries. They restrict
access from all IP addresses outside of the country where each system is located. From our
location, we are only able to access the systems located in our country while all others are
inaccessible to us.
Let’s also consider target visibility in an internal engagement. We need to think about our
positioning in the network to get meaningful results, especially when we want to scan systems
from other subnets. Keep in mind that firewalls,
Yüklə
Dostları ilə paylaş: