Lesson 3: Performing Security Assessments Flashcards
Netstat
Report port status on local machine/ shows the state of TCP/UDP ports on the local machine.
nslookup and dig
Query name servers, Zone transfers
Service Discovery
Scan custom TCP/UDP port ranges
Nmap
Service and version detection, fingerprinting each port, protocol, application/version, OS type, device type, host discovery
TheHarvester
collate open source intelligence (OSINT)
Dnsenus
collate DNS hosting information, name records, and IP schema
Scanless
Collate results from third-party port scanning sites
Curl
Craft and submit protocol requests
Nessus
Perform automated vulnerability scanner that checks for software vulnerabilities and missing patches.
Sniffer
tool for capturing network frames
Tcpdump
read/write from pcap, filters. Packet capture utility for linux
Fingerprinting
detailed analysis of services on a particular host
Protocol Analysis
Using statistical tools to analyze a sequence of packets, or packet trace.
Packet Analysis
Deep-down frame by frame scrutiny of captured frames
Packet injection
crafting spoofed packets, Dsniff, Ettercap, Scapy
Hping
Host/port detection and firewall testing, traceroute, DoS
Opensource spoofing tool that provides penetration tester with the ability to craft network packets to exploit firewall and IDS
Tcpreplay
stream a packet capture through an interface, sandbox analysis and intrusion detection testing. It takes previously captured traffic that has been saved to a .pcap file and replays it through a network interface
Wireshark
packet capture and analysis utility.
RAT (Remote access trojan)
malware that gives the adversary the means of remotely accessing the network.
Metasploit
Modules to exploit known code vulnerabilities, obfuscate code to evade detection
Sn1Per
Penetration test reporting and evidence gathering
Netcat
Tool for network tasks such as; port scanning and fingerprinting, CMD listener on the arbitrary port, File transfer over the arbitrary port.
Simple but effective tool for testing connectivity.
Black Box
unknown environment, the consultant is given no privileged information about the network and its security systems.
White Box
Known environment, the consultant is given complete access to information about the network.
Gray Box
Partially known environment – the consultant is given some information. Useful for simulating the behavior of an unprivileged insider threat.
Red Team
Performs offensive roles
Blue Team
Performs the defensive role
White Team
Sets the rules of engagement and monitors the exercise
Purple Team
Exercise set up to encourage collaboration, Red and blue teams share information and debrief on a regular basis.