Sunday, July 17, 2016

Attack Flow Diagram

Hi there,
I've tried to organize common tasks within internal network penetration testing. Haven't seen something like this before..

PDF can be found here:

hacking, attack flow, penetration testing

Many aspects are excluded from this diagram, and i'm pretty sure that i forgot something.
Guys, i will be more than happy to hear suggestions on upgrading this diagram.


  1. Some other ideas:
    -DHCP snooping
    -PXE -> default local admin and some other stuff
    -MAC flooding to transform a switch into a hub
    -Yersinia (CDP attack, ...)
    -VoIP Hopper to change VLAN
    -DNS spoofing
    -ICMP redirect
    (some IPv6 attacks to become router)

    There was a time when it was possible to mitm RDP (with Cain).
    There are some PoCs of mitm of SQL protocols (SQL Server and PostgreSQL)
    PWN Printers & get the account used to copy the scan on a network share

  2. This comment has been removed by a blog administrator.

  3. Would love to see Dnucna suggestions incorporated. Additionally I have never heard of printer attacks with driver injection. Can you do a post on that?