4.1 Tools to Assess Security

Question 1

3 things Nmap can identify

Answer 1

1. open ports on a device
2. OS
3. services running

Question 2

curl

Answer 2

Used to retrieve the actual text HTML returned from a website (URL)

Question 3

Define hping and 2 capabilities

Answer 3

1. A more robust version of ping that provides more detailed information
2. Can be used to scan for ports
3. Allows crafting of custom data packets

Question 4

theHarvester

Answer 4

OSINT tool that gathers information from a website, such as finding email addresses for specific domain

Question 5

sn1per

Answer 5

Combines capabilities of many tools to provide useful summaries of vulnerabilities

Question 6

scanless

Answer 6

Intelligence gathering tool that allows running port scans through a proxy to mask the identity of the source

Question 7

dnsenum

Answer 7

A scanning tool that runs against DNS servers to gather information, such as discovering sub-domains

Question 8

Nessus

Answer 8

A scanning tool that uses a list of known vulnerabilities to identify device vulnerabilities

Question 9

Cuckoo

Answer 9

Allows testing of executables in a sandbox environment to determine if there are any vulnerabilities or malware built into it

Question 10

netstat

Answer 10

Identifies executables/services that are using the network on a device

Question 11

Define netcat tool and 4 capabilities

Answer 11

Allows one to read, write, redirect, encrypt communications across a network

Question 12

logger

Answer 12

Logs information to the system logs, useful for adding debug information from a script as it runs

Question 13

chmod

Answer 13

changes permissions on a file

Question 14

Capabilities of OpenSSL (3)

Answer 14

1. Create X.509 certificates, CSRs, CRLs
2. Hashing
3. Encryption/Decryption

Question 15

Wireshark uses (3)

Answer 15

1. Capture wired/wireless packets
2. View traffic to find unknown packets or verify security controls
3. Decode traffic

Question 16

Define tcpdump

Answer 16

Linux command-line packet capture tool, similar to Wireshark

Question 17

tcpreplay uses (3)

Answer 17

1. Test IDS/IPS and firewalls to verify function
2. Test/Tune devices by flooding with packets
3. Evaluate performance of devices and throughput by flooding with traffic

Question 18

How is dd command useful in forensics?

Answer 18

Creates a bit-by-bit copy of a drive for analysis

Question 19

How is memdump useful in forensics?

Answer 19

Copies data from memory to another device in a format that is readable by many forensics tools

Question 20

Winhex forensics capabilities (4)

Answer 20

1. Windows-based hexadecimal file editor
2. Data recovery of disks, files, RAM
3. Disk cloning
4. Secure wipe

Question 21

FTKImager capabilities (3)

Answer 21

1. Windows tool that can image drives, mount them, and perform file utilities
2. Can used from Windows for non-Windows platforms
3. Can save images to other formats, such as DD, ghost, or Expert Witness

Question 22

Autopsy capabilities (2)

Answer 22

1. Provides digital information from a hard drive or image file
2. Collects images, files, web bookmarks, emails, etc

Question 23

Define Exploitation frameworks (2)

Answer 23

1. Tools that allow crafting an attack to run against systems for testing purposes
2. Has modules to run attacks for known vulnerabilities

Question 24

2 Common exploitation frameworks

Answer 24

Metaspoilt and Social-Engineer Toolkit