4.0 Operations and Incident Response Flashcards
a command-line utility that you can use to trace the path that an Internet Protocol (IP) packet takes to its destination.
Linux: traceroute domainname
Windows: tracert domainname
Command that lets an Internet server administrator or any computer user enter a host name (for example, “whatis.com”) and find out the corresponding IP address or domain name system (DNS) record
Linux: dig domainname
Windows: nslookup domainname
Command for Displaying all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings
Linux: ifconfig
Windows: ipconfig
program scans the network that a computer is connected to and outputs a list of ports, device names, operating systems, and several other identifiers that help the user understand the details behind their connection status
nmap
command can be used to send large volumes of TCP traffic at a target while spoofing the source IP address, making it appear random or even originating from a specific user-defined source
HPing
command is a networking tool used for troubleshooting and configuration, that can also serve as a monitoring tool for connections over the network. Both incoming and outgoing connections, routing tables, port listening, and usage statistics are common uses for this command
netstat
a back-end tool that allows for port scanning and port listening
netcat
analyzing a business network to discover IP addresses and identify relevant information associated with those IP addresses and devices.
IP Scanner
command allows you to make manual entries into the network routing tables.
route
Example
route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0
a command-line tool that lets you transmit HTTP requests and receive responses from the command line or a shell script
curl
Linux that acts as a wrapper for a variety of search engines and is used to find email accounts, subdomain names, virtual hosts, open ports / banners, and employee names related to a domain from different public sources
TheHarvester
automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities
Sn1per
automated tool developed in the Python language, which performs port scanning on the target host
Scanless
multithreaded perl script to list DNS information of a domain and to discover non-contiguous ip blocks.
Dnsenum
an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools
Nessus
is a tool that is used to launch malware in a secure and isolated environment, the idea is the sandbox fools the malware into thinking it has infected a genuine host
Cuckoo sandbox
Linux command to used to change the access mode of a file
Chmod
a linux command prints the first lines of one or more files (or piped data) to standard output
Head
a linux command which prints the last few number of lines (10 lines by default) of a certain file, then terminates.
Tail
a Linux command used in searching and matching text files contained in the regular expressions
grep
provides an interface to the syslog subroutine, which writes entries to the system log
logger
a tool for replaying network traffic from files saved with tcpdump or other tools which write pcap(3) files
TCPreplay
packet analyzer that is launched from the command line. It can be used to analyze network traffic by intercepting and displaying packets that are being created or received by the computer it’s running on. It runs on Linux
TCPDump
basic purpose of this linux command is to transfer data from one drive to another while also making sure that the data itself is not changed
dd
used for forensics, data recovery, low-level data processing, and IT security. It allows the user to view files in hexadecimal format
winHex