6 - Ethical Hacking Flashcards

1
Q

Threat modelling

A

Thinking how an adversary would attack a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

White box Testing

A

Full info shared with testers. Confirms efficacy of internal assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

BlackBox texting

A

No info shared with testers about internals.

Identifies ways to access internal IT assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Attack steps

A
  • Reconaissance
  • Scanning
  • Gaining Access
  • Maintaining Access
  • Covering Tracks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Passive Recon

A

GAther info without any engagement with victim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Active Recon

A
  • Engage with target to gather info
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Maltego

A

Open source intel and graphical link analysis tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Protection against reconaissance

A
  • Training, Polices, config
  • Firewall
  • IDS and Net monitoring
  • Disable ‘banner display’
  • Limit information made public
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Scanning

A

Find entry points and obtain a network map w/ vulnerabilities etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Scanning example info

A
  • If alive
  • Open ports
  • protocols
  • services
  • OS ver
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Scanning techniques

A
  • ping/ping sweep
  • banner grabbing
  • web based dir enumeration
  • firewall enumeration & fingerprinting
  • DNS enumeration
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Ping/ping sweep

A

FInd out if a machine is alive (sweep = scanning several)

Sweeps can be blocked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Banner Grabbing

A

Provides details of OS and running apps on a server on a log in message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Firewall enumeration

A

Used to find what is allowed and what is denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Firewalk

A

A network auditing tool that detects misconfigurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

NIDS

A

Network Intrusion Detection System
Detect scans for particular firewall ports

17
Q

DNS Enumeration

A

Locating all DNS servers and records.

For admins this helps maintain control of location of physical servers within a network

Hackers can try to “poison” DNS records to go to them

18
Q

Port scanning mechanic using TCP/UDP

A

Send TCP or UDP to all ports and see responses

19
Q

Port scan uses

A
  • Hackers use to determine existance of hosts
  • Security Pros: Determine rogue servers and close uneccessary ports
20
Q

Gaining Access

A

Exploiting one or more vulnerabilities

21
Q

Main vulnerabilities

A
  • Bad config
  • Assets used incorrectly
  • Software/Hardware/Network
  • Humans
  • Physical environment
  • Organisation
22
Q

Attack Surface

A

A network might include: services and apps, auth, management sys, remote access

Web app: inputs, queries HTTP components, functions

23
Q

Access Vector

A

How the hacker uses a attack surface to access.

Local: physical access
Remote: Remote Procedure Call for example

24
Q

Privilege Escalation

A

Taking advantage of flaws to grant elevated access to system/network

25
Q

Vertical Privilege Escalation

A

Lower privilege user/app gains ability to access higher priv users or apps

26
Q

Horizontal Privilege Escalation

A

Notmal user gains abilities reserved for other normal users

27
Q

Preventing privilege escalation

A
  • Updates
  • Run apps without admin when possible
  • Run host based IDS on key servers
28
Q

Maintaining access

A

Installing a backdoor to get back in

29
Q

Rootkit

A

Installed at kernel level and conceals its existence from users and the system

30
Q

Pentest Challenges

A
  • Time, cost resources
  • Scope
  • Authorisation/Legal
  • Protection/confidentiality of results
  • Methodology choice
  • Communication
  • Reporting