4.1 - 4.3 Flashcards
Reconnaissance tools
Tracert (win) traceroute(posix) icmp time to love exceeded error message to see how many hops before its Dropped from router works best is linux
Nslookup and dig - query name dns server with these commands to fond names, ip addy and cache timers
Ipconfig(win) ifconfig( linux) to know the ip config of device
Nmap identify open ports, os, service scan on services, run scripts
Ping to see if device is on network and communicating
Pathping ping and traceroute how much info sent and how many packets dropped
Hping more info than oink sich as ports on device and craft packets
Netstat -a -b -n (active connections, binaries, resolve names) showing what ip address are communicating with
Netcat
Aro -a address resolution protocol to see all the mac addresses
Route see routes outside network
Curl client url, to retrieve data, webpages, raw html, ftp and email, databases
TheHarvester to gather osint open sourced intel using kali linux
Sn1per, many recon tools in one such as dnsenum metasploit nmap theHarvester and more
Scanless our device is identified as device who ran the scan… so this device can run port scan instead
Dnsenum enumerate dns info
Nessus scanner for vulnerabilities checking
Cuckoo a sandbox for malware testing is a virtualized environment
File manipulation tools
Head -n 5 syslog see first five lines of a file instead of all files
Tail -n 5 syslog see last five lines of a file instead of all files
Cat file1.txt file2.txt > both.txt see contents of file to screen or link multiple files together
Grep PATTERN [file] searching for small piece of info in large file grep failed auth.log
Chmod mode FILE how a file is viewed, written or changed in a system
Chmod a-w first.txt all users no Writing
Chmod u+x script.sh just user can execute files
Logger add entries to a system log, logger
Plus string
Shell and script environments
Ssh encrypted channel
Powershell .psl for scripts inside for admins in windows
Python .py extension
Openssl build certs and ssl/tls communication
Packet tools
Tcpreplay after capturing packets can replay info gathered and send back out, see if ips recognizes and see if firewall is working
Tcpdump not a visualizer like wireshark but gives info on screen just need kali linux
Wireshark graphic and text packet captures with full reporting gathers infor on network
Forensic tools
Dd - data definition image or partition a drive creating adisk image dd if= /dev /sda of
Memdump gathering memory info to one location outside network
Winhex raw representation of files in hexidecimal format
Ftk imager images from other drives and saved for other utilities
Autopsy digital forensics to recover data
Exploitation framwork prebuild for customized attacks and exploitations like metasploit
Password crackers password files or hashes can use brute force with password crackers
Data sanitization completely remove data feom drive and make it unrecoverable
Security incidents
Ddos, employee issue , ransomware, peer to peer software
Inicident response team
It security managmenet
Compliance officers
technical staff
User community
Nist sp800-61
Natl institute of standards and technology
Incident handling guide
Preparation - who should be contacted, hardware software tools, store evidence, policies and procedures
detect and analysis - incident precursors, web servers using vuln assessment tool, direct threats, etc buffer overflow attempt, anti malware and virus systems
contain, to avoid it spreading quickly can use a sandbox but some malware knows
eradicate and recover, remove and maybe deleting and updating from previous backup
, post incident activity reconstitution, clean everything and make sure it doesnt happen again v
Incident response planning
Exercises to test employees
Tabletop exercises (talk through) instead of full scale
Walkthrough to test all processes and procedures and all employees needed
Simulation (life fake employs sending as hackers)
disaster recovery plan
Continuity of operations planning
Retention planning, the backups and which site?
Mitre attack framework and diamond model and cyber kill chain
Nonprofit supports several us gov agencies
From us intel using scientific principles, test and repeat to full in the diamond to understand how to prevent
Ckc, from us military, recon, weaponkze, delivery, exploit, install, command and controll, actions
Vuln scan output
Missing anti malware virus, misconfigurations, real vuln and new
But need to deal with false positives
Siem dashboards
Security alerts, log storage, correlate data from variety of sources
Gathers intel from sensors and logs, views trends
Log files
Switches routers, vpn concentrator log files
Router updates, authentication issues or network security issues
Dns log files to see whose trying and block
Dump file For memory
Log managmenet
Syslog protection logs at transfer, consolidates logs into a syslog that consolidates these logs
Bandwidth monitor snmp, netflow, sflow ipfix
