EthicalHacking

Question 1

What are the components of IoT?

Answer 1

Devices
Infrastructure
Processes
People
Data

Question 2

What is OODA loop?

Answer 2

Observe
Orient
Decide
Act

REPEAT

Question 3

What are some protocols to move data in IoT?

Answer 3

MQTT
HTTP
ZIGBEE
6LoWPAN
XMPP
DDS
CoAP

Question 4

What is MQTT?

Answer 4

Message Queuing Telemetry Transport

Question 5

What is XMPP?

Answer 5

Extensible Messaging and Presence Protocol

Question 6

What is DDS?

Answer 6

Data Distribution Service

Question 7

What is CoAP

Answer 7

Constrained Application Protocol

Question 8

What is 6LoWPAN

Answer 8

Ipv6 over low power wireless personal area network

Question 9

What is 802.15.4 IEEE standard?

Answer 9

Used by ZigBee as protocol standard.

Question 10

What is NFC?

Answer 10

Near Field Communication
Protocol used in IoT

Question 11

What is Enemybot?

Answer 11

malicious botnet that targets Internet of Things (IoT) devices.

Question 12

How does Enemybot work?

Answer 12

1. Exploits vulnerabilities in IoT devices to gain access and install the botnet malware
2. The infected device establishes a connection with a command-and-control (C&C) server
3. The C&C server sends commands to the infected devices, instructing them to perform malicious actions

Question 13

How to protect against Enemybot?

Answer 13

Keep software and firmware updated
Change default password
Strong passwords
Enable network security features
Disable unnecessary services

Question 14

What is OWASP

Answer 14

Open Worldwide Application Security Project
Researches application vulnerabilities

Question 15

What is Telematics

Answer 15

combination of telecommunications and computer information systems to collect, transmit, and analyze data

Question 16

What are OWASP top ten

Answer 16

Broken Access Control
Cryptographic failures - weak cyphers
Injection
Insecure Design
Security Misconfiguration
Outdated components
Identification and Authentication Failures
Software and Data Integrity Failures
Security Logging and Monitoring Failures
Server-Side Request Forgery

Question 17

What are best practices with IoT security

Answer 17

Mitigate threats at device level
apply latest patches
strong authorization and authentication
disable unneeded network services
physical protections

Question 18

Types of IoT attacks

Answer 18

Physical Tampering
Firmware updates run malicious code
Fault injection to introduce errors
Backdoor access
Wireless signal jamming
Supply chain - during manufacture or shipping of devices

Question 19

What are Zero Trust Policies

Answer 19

assumes that all devices, whether inside or outside the network, are potentially hostile

Question 20

What is ICS

Answer 20

Industrial Control Systems

Question 21

What are the Ethical hacking stages

Answer 21

Reconnaissance
Scanning
Gaining access
Maintaining Access
Covering Tracks

Question 22

Describe Reconnaissance stage ethical hacking

Answer 22

get device make, model and search documentation, firmware updates online

Question 23

Describe Scanning stage ethical hacking

Answer 23

Scan for open ports, services
Vulnerabilities

Question 24

Describe gaining access stage ethical hacking

Answer 24

launch exploits on vulnerabilities

Question 25

Describe maintain access stage ethical hacking

Answer 25

escalate privledges upload a backdoor

Question 26

Describe cover tracks stage ethical hacking

Answer 26

delete logs or other evidence reset passwords close ports

Question 27

What are some info gathering tools

Answer 27

Multi-ping nMAP

Question 28

What is FCC ID search ffcid.io

Answer 28

allows search and ID of device using the FCC ID code and will give you info on the device

Question 29

What are some security issues around IoT devices

Answer 29

no physical security hard-coded back door access outdated firmware poorly designed code

Question 30

What are 5 scanning apps for IoT devices

Answer 30

nMAP OpenVAS Nessus Foren6 Fing

Question 31

What is IoT Inspector?

Answer 31

scanner tool specifically for IoT devices

Question 32

What is a side channel attack?

Answer 32

targets physical vul, power consumption or emissions.

Question 33

What is Chip whisperer?

Answer 33

tool runs bluetooth attack called BlueBorn attack. used with HACKRF-One to intercept or disrupt BT signal.

Question 34

What is an SDR device?

Answer 34

Software Defined Radio Device

Question 35

What is RE-play attack

Answer 35

replaying a captured signal to a target device to gain access

Question 36

What is jamming attack

Answer 36

disrupts wireless communication via EMI in same band

Question 37

What is RollJam attack

Answer 37

used in car key-fob attack. Rolljam device captures rolling code while also jamming. attacker uses code to unlock car b/c the code was never used.

Question 38

What is NAND Glitching

Answer 38

Hardware attack technique that manipulates NAND flash cards Applies voltage to disrupt normal operation. Device becomes unstable

Question 39

What are the vulnerable components of OT systems?

Answer 39

outdated or flawed software week access controls lack of patching insecure network configurations

Question 40

Define MITRE

Answer 40

US based non-profit providing research, publications or tools to Inform on Tactics Techniques and Procedures in hacking.

Question 41

What are Fieldbus protocols?

Answer 41

facilitate communication and data exchange between devices in industrial setting

Question 42

List Fieldbus protocols

Answer 42

Modbus

Question 43

What are sub-protocols of Modbus

Answer 43

Modbus RTU (remote terminal unit) Modbus ASCII (xmit ASCII characters) Modbus TCP (ethernet communication)

Question 44

What is Profibus?

Answer 44

Process Field Bus Communication protocol for real-time control and monitoring of industrial systems

Question 45

What is HART?

Answer 45

Highway Addressable Remote Transducer Hybrid protocol used for communication with field sensors.

Question 46

What is HMI?

Answer 46

Human-Machine Interface

Question 47

What is PLC?

Answer 47

Programable Logic Controls

Question 48

What is IIoT?

Answer 48

Industrial Internet of Things - Merges control functionality of ICS with data collecting of IoT devices

Question 49

What is another name for IIoT?

Answer 49

Industry 4.0

Question 50

What does Pen Testing OT systems require?

Answer 50

Specialized Knowledge of PLCs, SCATA and protocols. Sometimes vendor collaboration -some systems are air-gaped.

Question 51

What is SCADA?

Answer 51

Supervisory Control and Data Acquisition

Question 52

What is Network Miner?

Answer 52

Open-Source network forensics tool to capture network traffic and extract images, files, passwords and email and put into PCAP files.

Question 53

What is IoT Seeker?

Answer 53

Tool used to find devices using default access credentials

Question 54

What is Fuzz Testing?

Answer 54

Sending to a device random or unusual input to ID vulnerabilities.

Question 55

What are two online sites to help with IoT security?

Answer 55

Tenable.com Skyboxsecurity.com

Question 56

What is Skybox Vulnerability Control Product?

Answer 56

Tools that offers: Scanning Risk Assessment Remediation Guidance

Question 57

What are two most commonly used protocols and SCADA systems?

Answer 57

Modbus DNP3 (Distributed Network Protocol)

Question 58

What IoT manufacturers best practices with regard to IoT security?

Answer 58

Design for security Embedded Firewalls Provide Encryption Tamper Proof capabilities.

Question 59

What is the Purdue model?

Answer 59

Structure for organizing ICS ecosystem

Question 60

What are levels 4 and 5 of Purdue model

Answer 60

Top layers including Corporate network -routers, email services, intranet, file servers

Question 61

What is perimeter Network in Purdue model?

Answer 61

Layer between 4-5 levels layer 3. AKA - Screened subnet Acts as intermediary between trusted internal network and untrusted corporate network (layer 4-5) Contains application servers, AV servers, Management servers. Firewalls on each side.

Question 62

What is contained in level 3 of Purdue Model?

Answer 62

Site Manufacturing Operations and Control- Contains -Domain controller -Quality control -Tracking orders.

Question 63

What is contained level 2 of Purdue model?

Answer 63

SCADA Systems Engineering Desktops

Question 64

What is contained level 1 of Purdue model?

Answer 64

Process Control - Batch processes and PLC's deployed here

Question 65

What is contained level 0 of Purdue model?

Answer 65

Field Devices

Question 66

What are the 3 pillars of Zero Trust concept?

Answer 66

Workplace - Secure access to devices connecting to networks. Workloads - applications that needs to communicate Workforce - users who access resources.