Interview: An Ethical Hacker Shares Her Tips for Successful Enumeration
A conversation with Certified Ethical Hacker Samira Brawner
In ethical hacking, enumeration is the process of gathering information (usernames, group names, network sources, etc.) to discover potential attack vectors. It’s part of the first phase of ethical hacking and one of the most important steps for ethical hackers in understanding network vulnerabilities.
The EC-Council team asked Samira Brawner, a Certified Ethical Hacker (C|EH) from the United States, to talk more about this essential step of ethical hacking.
As a Certified Ethical Hacker, you use enumeration to identify points of access for threats. What experiences have you had with enumeration that may help others who want to get into ethical hacking
Enumeration is actually a part of my daily tasks. I especially use it when I’m triaging and during investigations.
I actively connect to the target system and identify threats and vulnerabilities in that system. I gather as much information as I can to work with, for example, the device name or network shares—anything that will help me with my investigation so I can prevent vulnerabilities or malware from spreading. It’s a part of my daily tasks.
Which roles on the team need to understand enumeration, and how often do they use it?
I would say that the network team and sub-security team need to understand enumeration, because we use enumeration a lot. There’s always someone scanning the environment or security as a network or outside source trying to gather information.
With a complete understanding of enumeration, you can distinguish and identify who is trying to enumerate the environment and gather information. So the roles who need to understand enumeration are the network and security teams because we perform our enumeration tasks all the time.
But you have to distinguish whether it’s us or a bad actor. We have tools to identify those activities.
Enumeration goes on all the time. I can see it on the logs and I can see it on the devices. So, for both roles, they must know enumeration.
Do you have any tips or tricks on enumeration that could benefit a beginning ethical hacker?
Try to understand concepts, methodology, and why enumeration is important, because you have several groups performing enumerations. You have black hat hackers, white hat hackers, and grey hat hackers.
You have several groups trying to perform enumeration, and they’re just trying to gather as much resourceful information as they can so they can perform an attack on a company. So try to understand the methodology, and I think you’ll be okay. Also try to get a security certification.
I prefer C|EH because they helped me out a lot, and it goes over the details of enumeration and how to prevent and recognize it. So, I think if you do that, you’ll be good.
Can you compare your knowledge of enumeration before and after you took the C|EH course?
So, like I said, C|EH was a refresher. Although I have a bachelor’s degree in information systems and cybersecurity, sometimes you forget that information over time about enumeration.
So after I got refreshed, I remembered, for example, you can extract usernames from email IDs, use brute force and Active Directory, gather information about default passwords, etc.
These are activities that I have been doing at work. I’ve been making sure that I look into devices and default passwords, and that we have none of that in our environment. Taking the course just reminded me of basic information about that and things I have learned in school that I had forgotten. I was able to refresh my knowledge after taking the C|EH course.
Is your IT team equipped to handle enumeration?
Build a Rewarding Career with the C|EH Fast-Growing Job Market
1,800+ ethical hacking job openings on LinkedIn alone1
C|EHs in the U.S. earn over $82,000 per year on average2
Wide Range of Opportunities
Prepare for 20+ cybersecurity job roles with the C|EH