This part of the book will guide you through the first phase of your internal network penetration test (INPT). In chapter 2, you learn how to identify live hosts, or targets, from a given IP address range using various techniques and tools. Chapter 3 teaches you how to further enumerate those targets by identifying network services listening on open ports. You also learn how to fingerprint the exact application name and version number of these network services using a technique sometimes called banner grabbing. Finally, in chapter 4, you perform manual vulnerability discovery, probing identified network services for the three types of commonly exploited security weaknesses: authentication, configuration, and patching vulnerabilities. When you’re finished with this part of the book, you will have a complete understanding of your target environment’s attack surface. You will be ready to begin the next phase of your engagement: focused penetration.