Lesson 3: Performing Security Assessments

Question 1

Netstat

Answer 1

Report port status on local machine/ shows the state of TCP/UDP ports on the local machine.

Question 2

nslookup and dig

Answer 2

Query name servers, Zone transfers

Question 3

Service Discovery

Answer 3

Scan custom TCP/UDP port ranges

Question 4

Nmap

Answer 4

Service and version detection, fingerprinting each port, protocol, application/version, OS type, device type, host discovery

Question 5

TheHarvester

Answer 5

collate open source intelligence (OSINT)

Question 6

Dnsenus

Answer 6

collate DNS hosting information, name records, and IP schema

Question 7

Scanless

Answer 7

Collate results from third-party port scanning sites

Question 8

Curl

Answer 8

Craft and submit protocol requests

Question 9

Nessus

Answer 9

Perform automated vulnerability scanner that checks for software vulnerabilities and missing patches.

Question 10

Sniffer

Answer 10

tool for capturing network frames

Question 11

Tcpdump

Answer 11

read/write from pcap, filters. Packet capture utility for linux

Question 12

Fingerprinting

Answer 12

detailed analysis of services on a particular host

Question 13

Protocol Analysis

Answer 13

Using statistical tools to analyze a sequence of packets, or packet trace.

Question 14

Packet Analysis

Answer 14

Deep-down frame by frame scrutiny of captured frames

Question 15

Packet injection

Answer 15

crafting spoofed packets, Dsniff, Ettercap, Scapy

Question 16

Hping

Answer 16

Host/port detection and firewall testing, traceroute, DoS

Opensource spoofing tool that provides penetration tester with the ability to craft network packets to exploit firewall and IDS

Question 17

Tcpreplay

Answer 17

stream a packet capture through an interface, sandbox analysis and intrusion detection testing. It takes previously captured traffic that has been saved to a .pcap file and replays it through a network interface

Question 18

Wireshark

Answer 18

packet capture and analysis utility.

Question 19

RAT (Remote access trojan)

Answer 19

malware that gives the adversary the means of remotely accessing the network.

Question 20

Metasploit

Answer 20

Modules to exploit known code vulnerabilities, obfuscate code to evade detection

Question 21

Sn1Per

Answer 21

Penetration test reporting and evidence gathering

Question 22

Netcat

Answer 22

Tool for network tasks such as; port scanning and fingerprinting, CMD listener on the arbitrary port, File transfer over the arbitrary port.

Simple but effective tool for testing connectivity.

Question 23

Black Box

Answer 23

unknown environment, the consultant is given no privileged information about the network and its security systems.

Question 24

White Box

Answer 24

Known environment, the consultant is given complete access to information about the network.

Question 25

Gray Box

Answer 25

Partially known environment – the consultant is given some information. Useful for simulating the behavior of an unprivileged insider threat.

Question 26

Red Team

Answer 26

Performs offensive roles

Question 27

Blue Team

Answer 27

Performs the defensive role

Question 28

White Team

Answer 28

Sets the rules of engagement and monitors the exercise

Question 29

Purple Team

Answer 29

Exercise set up to encourage collaboration, Red and blue teams share information and debrief on a regular basis.