Chapter 2 Reconnaissance and Intelligence Gathering Flashcards
- Syslog severity message
- Immediate action is needed
Level 1 Alerts
Tool designed to gather emails, domain info hostnames, employee names, and open ports and banners using search engines
theHarvester
Netstat flag for Linux that shows RAW
-w
Netstat flag for Linux that shows Unix socket connections
-X
Syslog severity message
Normal but significant conditions
Level 5 Notifications
Technique that uses a fingerprint or signature to detect threats or other threats
Signature Analysis
In Windows Event Viewer where logs are captured when applications are installed
Setup logs
- Syslog severity message
- Warning conditions
Level 4 Warnings
Technique where analyst investigates the logs and data himself in order to detect something
Manual analysis
Ways to prevent passive reconnaissance
- Blacklisting systems or Networks
- Using CATCHAs to prevent Bots
- Providing privacy services that use third-party registration info instead of the actual person or organization registering the domain
- Rate-limiting lookups
- Not publishing Zone files
Relies on logs and other existing data not probes to fully identify targets
Passive footprinting
Windows, Mac, and Linux tool used to view all network connections on a localhost
Netstat
- Netstat flag for Windows that shows the process IDs of each connection
- This can be cross-reference with Windows Task Manager
-o
Netstat flag for Windows that provides interface statistics
-e
- System severity message
- Error conditions
Level 3 Errors