I was recently involved in a 3-Day Vulnerability Assessment where I had quite literally no idea where to start. I suppose that's to be expected when you're the new guy and thrown into something, but I honestly wasn't sure what to even look for. I fell onto my past knowledge and decided to just wreck anything Windows related (my previous job was a Windows-only environment). I got a few corporate IP-ranges, and I set off... I quite literally nmap'd anything in that corporate IP-range (woops...).
The Recurring ThemeNon-windows boxes had SSH open but locked down enough that I didn't care to dig further. Developers had random HTTP ports open but most were the default Apache page.
But of course, that has nothing to do with the post title, so that can't be why I'm writing this. Look at you, astute reader. Port 445 and 548 were the recurring theme, better yet, an intense nmap scan will even point out that it detected an SMB/AFP share with its associated permissions. How nice! As you can imagine, this was the beginning of the wild ride of internal incident reports and vulnerability findings.