504.2 Flashcards
Breakout time
from initial compromise to privilege escalation on additional internal network targets.
MITRE ATTACK
Framework knowledge base for mapping adversary tactics, techniques, and procedures. Based on real world observation
Reconnaissance
building intel, looking for opportunities. usually begins with OSINT collection.
OSINT
collective representation of planned and unplanned shared online data.
Certificate Transparency
Certificate Authority requirement where they must publish logs of all issued certificates. Can be useful to an attacker for revealing hosts that may not be public yet.
SpiderFoot
open source data collection and analysis tool. collects data from hundreds of online sources, using the collected data to seed additional searches.
DNS
Attackers use dns to discover IPs associated with target domain.
nslookup
used to interact with a DNS server to get domain info.
DNS Zone Trasnfer
Allows an attacker to connect to your DNS server and grab records associated with a particular domain. They can then determine which machines in that domain are public facing.
NMAP dns-brute
leverages a list of common hostnames and a target domain name to determine if the DNS name is present on the DNS server.
exiftool
perl script that extracts metadata from many different file types. can view things like operating system, document software version, etc.
CeWL
custom wordlist generator that crawls a target website and collects all web pages and common document formats to extract metadata. Data can then be used to build a wordlist for password attacks, host enumeration, etc.
NMAP Network Sweeping
Sweep through address space to identify active hosts on the network.
Port Scanning
help identify openings on a system and allow an attacker to focus their attack on specific services
Nmap Scripting Engine (NSE)
nmap scripts to conduct additional interrogation on a target system. NSE scripts can be used for enhanced host interrogation, but also for vulnerability discovery and several attacks as well.
