There are little clues that can be gathered when first approaching a target as to the operating system and version. This cheat sheet is meant to showcase three methods for pulling information from initial scans. First I’ll look at SSH and webserver application versions and use them to map to OS versions. Then I’ll look at ports that are commonly present on Windows DCs and clients. Finally, I’ll look at IP packet TTL values, and how they can identify an OS, as well as virtualized systems.
