infrastructure

Skill

Network infrastructure testing - port scanning, DNS attacks, MITM, VLAN hopping, IPv6, SMB/NetBIOS, sniffing, and DoS assessment.

Files48
  • @skills/infrastructure/SKILL.md
  • @skills/infrastructure/reference/dns-quickstart.md
  • @skills/infrastructure/reference/dos-quickstart.md
  • @skills/infrastructure/reference/firewall-detection.md
  • @skills/infrastructure/reference/hardware-embedded-quickstart.md
  • @skills/infrastructure/reference/icmp-scan.md
  • @skills/infrastructure/reference/ics-modbus-quickstart.md
  • @skills/infrastructure/reference/ics-protocols.md
  • @skills/infrastructure/reference/ip-reputation.md
  • @skills/infrastructure/reference/ipv6-quickstart.md
  • @skills/infrastructure/reference/mitm-quickstart.md
  • @skills/infrastructure/reference/os-fingerprint.md
  • @skills/infrastructure/reference/overview.md
  • @skills/infrastructure/reference/port-scanning-quickstart.md
  • @skills/infrastructure/reference/scenarios/dns/bind-tsig-key-hijack.md
  • @skills/infrastructure/reference/scenarios/dns/dns-cache-poisoning.md
  • @skills/infrastructure/reference/scenarios/dns/dns-rebinding.md
  • @skills/infrastructure/reference/scenarios/dns/subdomain-enumeration.md
  • @skills/infrastructure/reference/scenarios/dns/zone-transfer.md
  • @skills/infrastructure/reference/scenarios/hardware/jtag-uart.md
  • @skills/infrastructure/reference/scenarios/ics/ethernet-ip.md
  • @skills/infrastructure/reference/scenarios/ics/modbus.md
  • @skills/infrastructure/reference/scenarios/ics/s7comm.md
  • @skills/infrastructure/reference/scenarios/ipv6/ipv6-recon.md
  • @skills/infrastructure/reference/scenarios/ipv6/slaac-attack.md
  • @skills/infrastructure/reference/scenarios/mitm/arp-poisoning.md
  • @skills/infrastructure/reference/scenarios/mitm/lldp-cdp-spoofing.md
  • @skills/infrastructure/reference/scenarios/mitm/ssl-stripping.md
  • @skills/infrastructure/reference/scenarios/network-recon/alive-hosts-discovery.md
  • @skills/infrastructure/reference/scenarios/network-recon/cups-browsed-rce.md
  • @skills/infrastructure/reference/scenarios/network-recon/port-scanning-tcp-udp.md
  • @skills/infrastructure/reference/scenarios/network-recon/service-fingerprinting.md
  • @skills/infrastructure/reference/scenarios/smb/ntlm-relay-coercion.md
  • @skills/infrastructure/reference/scenarios/smb/null-and-guest-enumeration.md
  • @skills/infrastructure/reference/scenarios/smb/share-spidering.md
  • @skills/infrastructure/reference/scenarios/smb/smb-signing-misconfig.md
  • @skills/infrastructure/reference/scenarios/sniffing/credentials-from-pcap.md
  • @skills/infrastructure/reference/scenarios/sniffing/promiscuous-capture.md
  • @skills/infrastructure/reference/scenarios/vlan-hopping/double-tagging.md
  • @skills/infrastructure/reference/scenarios/vlan-hopping/dtp-spoofing.md
  • @skills/infrastructure/reference/service-enum.md
  • @skills/infrastructure/reference/smb-netbios-quickstart.md
  • @skills/infrastructure/reference/sniffing-quickstart.md
  • @skills/infrastructure/reference/syn-scan.md
  • @skills/infrastructure/reference/udp-scan.md
  • @skills/infrastructure/reference/upnp-iot-quickstart.md
  • @skills/infrastructure/reference/vlan-hopping-quickstart.md
  • @skills/infrastructure/reference/wifi-wpa-enterprise-quickstart.md

Infrastructure

Test network infrastructure for vulnerabilities including network services, protocols, and perimeter security.

Techniques

TypeKey Vectors
Port ScanningSYN scan, UDP scan, service detection, OS fingerprinting
DNSZone transfers, cache poisoning, subdomain takeover, DNS rebinding
MITMARP spoofing, DNS spoofing, SSL stripping, LLMNR/NBT-NS poisoning
VLAN HoppingSwitch spoofing, double tagging
IPv6RA flooding, neighbor spoofing, tunneling attacks
SMB/NetBIOSNull sessions, relay attacks, enumeration
SniffingPacket capture, credential harvesting, protocol analysis
DoSResource exhaustion, amplification, application-layer
ICS/SCADAModbus TCP, PLC exploitation, coil/register manipulation, session hijacking
UPnP / IoT / CPErootDesc/SCPD enumeration, vendor SOAP info disclosure (GetPassword), command injection via vendor actions, cross-action auth-key reuse
Hardware / EmbeddedLogic captures (Saleae .sal), CAN/UART decoding, side-channel password recovery, legacy CPU errata, i386 tools via docker

Workflow

  1. Network discovery and topology mapping
  2. Port scanning and service enumeration
  3. Protocol-specific vulnerability testing
  4. Network attack execution (authorized scope only)
  5. Evidence capture with packet captures and logs

Reference

Quickstart guides (per attack type):
  • reference/port-scanning-quickstart.md - Port scanning and service discovery
  • reference/dns-quickstart.md - DNS attacks and enumeration
  • reference/mitm-quickstart.md - Man-in-the-middle attacks
  • reference/vlan-hopping-quickstart.md - VLAN hopping techniques
  • reference/ipv6-quickstart.md - IPv6 attack vectors
  • reference/smb-netbios-quickstart.md - SMB/NetBIOS exploitation
  • reference/sniffing-quickstart.md - Network sniffing and capture
  • reference/dos-quickstart.md - DoS assessment
  • reference/ics-modbus-quickstart.md - ICS/SCADA Modbus PLC exploitation
  • reference/upnp-iot-quickstart.md - UPnP / IoT / CPE firmware web UI enumeration and exploitation
  • reference/hardware-embedded-quickstart.md - Logic captures, CAN/UART decoding, side-channel char-by-char recovery, legacy CPU bugs (6502), i386 tooling on ARM macOS
Scan techniques: reference/syn-scan.md, reference/udp-scan.md, reference/icmp-scan.md, reference/os-fingerprint.md Other: reference/firewall-detection.md, reference/service-enum.md, reference/ip-reputation.md, reference/overview.md
infrastructure — Kortix Marketplace | Kortix