6 - Ethical Hacking Flashcards
Threat modelling
Thinking how an adversary would attack a system
White box Testing
Full info shared with testers. Confirms efficacy of internal assessment
BlackBox texting
No info shared with testers about internals.
Identifies ways to access internal IT assets
Attack steps
- Reconaissance
- Scanning
- Gaining Access
- Maintaining Access
- Covering Tracks
Passive Recon
GAther info without any engagement with victim
Active Recon
- Engage with target to gather info
Maltego
Open source intel and graphical link analysis tool
Protection against reconaissance
- Training, Polices, config
- Firewall
- IDS and Net monitoring
- Disable ‘banner display’
- Limit information made public
Scanning
Find entry points and obtain a network map w/ vulnerabilities etc
Scanning example info
- If alive
- Open ports
- protocols
- services
- OS ver
…
Scanning techniques
- ping/ping sweep
- banner grabbing
- web based dir enumeration
- firewall enumeration & fingerprinting
- DNS enumeration
Ping/ping sweep
FInd out if a machine is alive (sweep = scanning several)
Sweeps can be blocked
Banner Grabbing
Provides details of OS and running apps on a server on a log in message
Firewall enumeration
Used to find what is allowed and what is denied
Firewalk
A network auditing tool that detects misconfigurations