My Methodology Start scan of all tcp ports Scan “useful” udp ports, such as 161 If web ports were found in the tcp scan, start fuzzing the ports While fuzzing, use firefox and browse to the web ports. Looking for default creds admin / admin SQLi possibility Information Disclosure If SNMP is open snmpwalk with “public” as a community string General Notes to Remember Give a cursory glance at all ports before diving deep into any particular one e.