4.1 Given a Scenarior, use the appropriate tool to access Organizational Security Flashcards

1
Q

Tracert/Traceroute

A

This shows the route taken from a computer to a remote host—for example, a website. It can show any latency traveling through a particular router. It is like traffic going into a city center; the closer the traffic is to the center, the slower it is. It shows information for a maximum of 30 hops

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Nslookup/Dig

A

Nslookup is a diagnostic tool for verifying the IP address of a hostname in the DNS server database. We can also use the set type=MX command, which brings back the DNS details on all mail servers in the domain.

Dig is the equivalent of nslookup in a Linux/Unix environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Ipconfig/ifconfig

A

These commands show the IP configuration. The Windows version is ipconfig, but Unix/Linux can use ifconfig.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Nmap

A

Nmap is a free and open-source network mapper that can be used to create an inventory of all of the devices on your network and can be used for banner grabbing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Ping/Pathping

A

Ping is used to test connectivity to another host.

Pathping has the functionality of both ping packets and tracert. It also calculates statistics after the trace, showing the packet loss at each router it passes through

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Netstat

A

Netstat is a native tool that is incorporated into a Windows operating system. It used to see the established connections and the listening ports. It can also let you know what services are running a computer. If you reboot the computer, all established ports will disappear.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Netcat

A

Netcat, or nc, is a utility for showing network connections in a Linux/Unix environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IP scanners

A

IP scanners can scan all IP addresses in a given range. It will show IP addresses that are active and responding, those that are active but not responding, and those that are inactive. An attacker could use an inactive IP address to gain access to your network as they know it is not allocated to anyone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Arp

A

Address Resolution Protocol (ARP): ARP is used to translate the IP address to a MAC address; the arp -a command shows the ARP cache. An attacker could use ARPSpoof, ARPoison, and Ettercap to poison your ARP cache. These tools could be used to create ARP broadcasts by sending unsolicited ARP replies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Curl

A

This is a command-line tool used to transfer data. It can also be used in banner grabbing; this fetches remote banner information from web servers. -s is silent and -I is fetching the HTTP headers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The Harvester

A

This is a passive tool that comes with Kali Linux and we can use it to harvest the email addresses of an organization.

I want to search for the email addresses of a domain called mydomain.com, with a maximum search of 500 entries, and I want to have my source for searching as the google search engine. I would run the following syntax:

theHarvester -d mydomain.com -l 500 -b google

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Sniper

A

This is a pen test reconnaissance tool that can be used for automated tests. This tool can be used by pen testers, bug bounty researchers, and security teams. It can look for vulnerabilities in your network, open ports, it can diagnose DNS issues, has Nmap capabilities, and it can find application weaknesses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Scanless

A

This is a port scanner that can be anonymous so that the scan cannot be traced back to your IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Dnsenum

A

This tool can identify DNS records, such as MX, mail exchange servers, NS, and host A records for a domain. This way, an attacker has an idea of how large your organization is and if it is worth attacking. The internal team can also run it to see what information is available to attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Nessus

A

This is a remote scanning tool that can highlight vulnerabilities that can be exploited by hackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Cuckoo

A

This tool creates a sandbox that can be used for analyzing files for malware inspection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

File Manipulation

A

In a Linux environment you may want to look deeper into different files, including the log files that are produced.

18
Q

Head

A

The most important file in Linux is the /var/log/messages file, which shows system events such as shutdown and reboot. We can use the head command to check the top 10 messages from that log using the following syntax:

head /var/log/messages -n 10

19
Q

Tail

A

We can use the tail command to view the last 10 messages in the /var/log/messages log file using the following syntax:

tail /var/log/messages -n 10

20
Q

Cat

A

Concatenate (cat): The cat command in Linux can be used to create files, view files, and also concatenate several files into another file. To create a new file called rugbyfile, we use the following syntax:

cat > rugbyfile

You can also concatenate the contents of three files and combine them in an output file using the following syntax:

cat file1.txt file2.txt file3.txt | sort > samplefile.txt

21
Q

grep

A

This command is used to search text and log files for specific values. For example, if we wanted to search a file called telephone numbers for the number 236237, we would use the following syntax:

grep -f 236237 telephonenumbers.txt

If we want to search a whole directory for the word project, we can use the following syntax:

grep -r project

22
Q

chmod

A

The chmod command is used to change the permission level, for example:

chmod 766

Where the owner has rwx, the group has rw-, and the others have rw-.

23
Q

Logger

A

You can use logger to add a message to the local system log file or to a remote syslog server. We want the name of the local machine and a message of today we found a phishing attack to be added to the syslog server whose IP address is 1.1.1.1 at end of the /var/log/syslog file using the following syntax:

logger -n 1.1.1.1 ‘hostname’ today we found a phishing attack

24
Q

SSH

A

SSH is used for secure remote access. It replaces Telnet, which sends passwords in cleartext. Before you can start, you need to install the SSH keys on the network devices or servers. First of all, we procure a key pair, and private and public keys are generated. The public key is stored on the server, with the private key remaining on the administrator’s desktop. SSH is available in the command line and Graphical User Interface (GUI).

Using a tool such as OpenSSH, the ssh-keygen -t RSA command generates a public and private RSA key pair on the administrator’s desktop. The next step is to use the ssh-copy-id command to log in to the server and copy the public key across. This is added to the list of authorized key files on the server. While copying, the administrator may be asked to provide their credentials. If you are connecting to a host for the first time, you will get the following message:

Number of key(s) added:1
Now try logging into the machine, with ssh ‘username@<ip>' and check to make sure that only the key(s) you wanted is added.</ip>

If an administrator is logging in for the first time, he will use the ssh-root@server command.

25
Q

PowerShell

A

Another version of remote support is Microsoft’s PowerShell, which will allow remote access to another machine. On the remote target, we would run the PowerShell command, Enable-PSRemoting -Force. This command would allow for remote management, and then we would use the command Enter-PSSession -ComputerName <hostname>. PowerShell could be used for lateral movement across a network.</hostname>

26
Q

Python

A

Python is an interpreted programming language that includes extensive libraries, which simplify many programming tasks.

27
Q

OpenSSL

A

OpenSSL is a software library used to implement SSL and TLS protocols.

TLS has replaced SSL because of SSL vulnerabilities, so OpenSSL is primarily used with TLS, not SSL. It is accessible via the terminal in most Unix-like operating systems, such as Linux.

28
Q

Packet capture and replay

A

Packet capture refers to capturing network packets transmitted over a network, and packet replay refers to sending packets back out over the network.

29
Q

Tcpreplay

A

Tcpreplay is a suite of utilities used to edit packet captures and then send the edited packets over the network. It includes tcpreplay, tcpprep, tcprewrite, and more. It is often used for testing network devices.

As an example, administrators can modify packets to mimic known attacks and then send them to an intrusion detection system (IDS). Ideally, an IDS should always detect a known attack and send an alert. Using tcpreplay, security administrators can prove that an IDS can detect specific attacks.

30
Q

Tcpdump

A

The tcpdump command is a command-line protocol analyzer. It allows you to capture packets like you can with Wireshark. The difference is that Wireshark is a Windows-based tool and tcpdump is executed from the command line. Many administrators use tcpdump to capture the packets and later use Wireshark to analyze the packet capture.

31
Q

Wireshark

A

Protocol analyzers like Wireshark allow you to capture and view all data, including headers and payloads of individual packets. In contrast, NetFlow doesn’t include payload data and doesn’t even include individual packet headers.

32
Q

Digital forensics

A

Organizations implement digital forensic techniques when collecting information after an incident.

33
Q

data duplicator (dd)

A

One of the oldest disk imaging tools used for forensics is the dd command (short for data duplicator) available in Linux systems, including Kali Linux. It can also be installed on Windows systems.

34
Q

Memory dump (Memdump)

A

When a computer system crashes (commonly known as the blue screen of death), all of the content of the memory is saved in a dump file (.dmp). These dump files can be analyzed by using a tool such as Blue Screen Review. A Linux version would be memdump.

35
Q

WinHex

A

This can be used on any version of Windows operating systems to help forensics teams find evidence. It is a hexadecimal editor that can be used to find deleted or lost data and recover data from a corrupt drive

36
Q

FTK imager

A

FTK imager is part of the Forensic Toolkit (FTK) sold by AccessData. It can capture an image of a disk as a single file or multiple files and save the image in various formats. It also gives you the option of creating images of individual folders or files. After capturing the image, it allows you to view and analyze data within the image.

37
Q

Autopsy

A

This can be used to analyze hard drives, smartphones, and media cards. It has a built-in translator to translate foreign languages into English.

It allows users to add command-line utilities from The Sleuth Kit (TSK). The Sleuth Kit includes both Windows- and Linux-based utilities used in forensics, and it can be used to analyze data on Windows, Linux, and some Apple operating systems.

38
Q

Exploitation frameworks

A

An exploitation framework is a tool used to store information about security vulnerabilities. It is often used by penetration testers (and attackers) to detect and exploit software.

39
Q

Password crackers

A

Password crackers, such as the Cain portion of Cain and Able or LOphtcrack, can be used to crack the passwords and create password hashes. In the Security+ exam, when you see names in clear text followed by hashes, the hash is a hash of the password.

40
Q

Data Sanitization

A

Data sanitization methods ensure that data is removed or destroyed from any devices before disposing of the devices.