Misc Operations and Incident Response

Question 1

Metasploit

Answer 1

Exploitation Framework

Question 2

Cuckoo

Answer 2

Malware-testing sandbox

Question 3

theHarvester

Answer 3

open source intelligence gathering tool

Question 4

Nessus

Answer 4

Vulnerability scanner

Question 5

netstat -a

Answer 5

Can show all active connections in windows, using the -a flag

Question 6

hping

Answer 6

A packet generator and analyzer. A packet analyzer and packet building tool often used to craft specific packets as part of penetration tests and attacks.

Question 7

Nessus

Answer 7

A popular vulnerability scanning tool - can also scan ports and identify open ports

Question 8

curl

Answer 8

The curl command-line tool supports downloads and uploads from a wide variety of services

Question 9

nmap

Answer 9

port scanner

Question 10

route

Answer 10

a command-line tool to view and add network traffic routes

Question 11

netstat

Answer 11

a command-line tool that shows network connections, interface statistics, and other useful information about a system’s network usage. does not incorporate automatic service identification

Question 12

memdump

Answer 12

a command-line memory dump utility that can dump physical memory - Linux

Question 13

exiftool

Answer 13

metadata-retrieval tool

Question 14

sn1per

Answer 14

A pen test framework. Can conduct a port scan and recognize open ports

Question 15

FTK Imager

Answer 15

a free tool that can image both systems and memory

Question 16

dd

Answer 16

Used to image drives. useful for capturing disks, not really for memory dumps.

Question 17

Autopsy

Answer 17

A forensic tool for drive analysis and forensic investigations. A forensic analysis tool and does not provide its own imaging tools

Question 18

Strings

Answer 18

command-line tool that retrieves strings from binary data

Question 19

Scanless

Answer 19

a tool described as a port scraper, which retrieves port information without running a port scan by using websites and services to run the scan for you

Question 20

WinHex

Answer 20

Disk Editor

Question 21

Logger

Answer 21

a Linux utility that will add information to the Linux syslog. It can accept file input, write to the system journal entry, send to remote syslog servers, and perform a variety of other functions

Question 22

tcpreplay

Answer 22

The tcpreplay tool is specifically designed to allow PCAP capture files to be replayed to a network, allowing exactly this type of testing

Question 23

tcpdump

Answer 23

Used to capture packets

Question 24

The Volatility framework

Answer 24

a purpose-built tool for the acquisition of random access memory (RAM) from a live system

Question 25

Netcat

Answer 25

a tool used to transfer data or to make connections to systems across a network

Question 26

journalctl

Answer 26

used to query the systemd journal. On systemd-enabled Linux distributions, the journal contains kernel and boot messages as well as syslog messages and messages from services