Module 18 - Iot and OT Hacking ( EC Mode ) Flashcards

Question

In which of the following IoT attacks does an attacker extract information about encryption keys by observing the emission of signals? A. Exploit kits B. Side-channel attack C. Sybil attack D. DNS rebinding attack

Answer 1

Answer: B. Side-channel attack.

Answer 2

Answer: B. Rolling code.

Answer 3

Answer: C. Enemybot.

Answer 4

Answer: B. Persistence

Answer 5

Answer: C. Sybil attack. A. Rolling code attack: This is a type of attack that targets systems that use rolling codes for security purposes. Rolling codes are commonly used in devices such as garage door openers and car key fobs to prevent unauthorized access. In a rolling code attack, an attacker intercepts a valid rolling code and then replays it later to gain access to the system. B. Replay attack: This is a type of attack in which an attacker intercepts valid data transmissions and then replays them later to gain unauthorized access. This type of attack is commonly used against authentication systems that rely on messages exchanged between a client and a server. By intercepting and replaying these messages, the attacker can impersonate the client and gain access to the system. C. Sybil attack: This is a type of attack in which an attacker creates multiple identities or personas to manipulate a network or system. The goal of a Sybil attack is to overwhelm a network or system with fake identities in order to gain control or influence over it. This type of attack is commonly used in peer-to-peer networks and online communities. D. DoS attack: A Denial-of-Service (DoS) attack is a type of attack in which an attacker attempts to disrupt the normal functioning of a network, system or website by overwhelming it with traffic or requests. The goal of a DoS attack is to make the system unavailable to legitimate users. This type of attack can be carried out using a variety of methods, including flooding the target with traffic, exploiting vulnerabilities in the system, or using botnets to coordinate the attack.

Answer 6

Answer: C. Foren6

Answer 7

Answer: A. 3 -> 6 -> 1 -> 5 -> 4 -> 2

Answer 8

Answer: B. nmap -6 -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX

Answer 9

Answer: D. Information Gathering

Answer 10

Answer: B. Vulnerability Scanning

Answer 11

Answer: B. Shodan

Answer 12

Answer: A. Nmap

Answer 13

Answer: A. RFcrack

Answer 14

Answer: B. HackRF One

Answer 15

Answer: A. Firmware Mod Kit

Answer 16

Answer: C. Thingful

Answer 17

Answer: D. Information Gathering Tools

Answer 18

Answer: A. BUS Auditor

Answer 19

Answer: C. minicom -D /dev/ttyUSB0 -w -C D-link_startup.txt

Answer 20

Answer: A. nand read ${loadaddr} app-kernel 0x00400000 && bootm ${loadaddr}

Answer 21

Answer: A. python RFCrack.py -j -F 314000000

Answer 22

Answer: C. beSTORM

Answer 23

Answer: C. beSTORM

Answer 24

Answer: A. NAND Glitching

Answer 25

Answer: C. 2 -> 1 -> 4 -> 5- > 3

Answer 26

Answer: B. FCC ID Search

Answer 27

Answer: A. nand read ${loadaddr} app-kernel 0x00400000 && bootm ${loadaddr}

Answer 28

Answer: B. Gateway

Answer 29

Answer: D. Lack of physical hardening

Answer 30

Answer: D. Account lockout mechanism

Answer 31

Answer: D. Cloud platform

Answer 32

Answer: B. Retain the default settings of the router.

Answer 33

Answer: C. Monitor traffic on port 48101 Monitor traffic on port 48101, as infected devices attempt to spread the malicious file using port 48101

Answer 34

Answer: B. Multi-directional encrypted communications, strong authentication of all the components, automatic updates Explanation: Mobile: An ideal framework for the mobile interface should include proper authentication mechanism for the user, account lockout mechanism after a certain number of failed attempts, local storage security, encrypted communication channels and the security of the data transmitted over the channel. Gateway: An ideal framework for the gateway should incorporate strong encryption techniques for secure communications between endpoints. Also, the authentication mechanism for the edge components should be as strong as any other component in the framework. Where ever possible the gateway should be designed in such a way that it authenticates multi-directionally to carry out trusted communication between the edge and the cloud. Automatic updates should also be provided to the device for countering vulnerabilities. Cloud Platform: A secure framework for the cloud component should include encrypted communications, strong authentication credentials, secure web interface, encrypted storage, automatic updates and so on. Edge: Framework consideration for edge would be proper communications and storage encryption, no default credentials, strong passwords, use latest up to date components and so on.

Answer 35

Answer: C. DigiCert IoT Device Manager

Answer 36

Answer: D. Edge Explanation: Mobile: An ideal framework for the mobile interface should include proper authentication mechanism for the user, account lockout mechanism after a certain number of failed attempts, local storage security, encrypted communication channels and the security of the data transmitted over the channel. Cloud Platform: A secure framework for the cloud component should include encrypted communications, strong authentication credentials, secure web interface, encrypted storage, automatic updates and so on. Edge: Framework consideration for edge would be proper communications and storage encryption, no default credentials, strong passwords, use latest up to date components and so on. Gateway: An ideal framework for the gateway should incorporate strong encryption techniques for secure communications between endpoints. Also, the authentication mechanism for the edge components should be as strong as any other component in the framework. Where ever possible the gateway should be designed in such a way that it authenticates multi-directionally to carry out trusted communication between the edge and the cloud. Automatic updates should also be provided to the device for countering vulnerabilities.

Answer 37

Answer: C. Level 1 Explanation: Level 0 (Physical Process): In this level, the actual physical process is defined, and the product is manufactured. Level 2 (Control Systems/Area Supervisory Controls): Supervising, monitoring, and controlling the physical process is carried out at this level. Level 1 (Basic Controls/Intelligent Devices): Analyzation and alteration of the physical process can be done at this level. The operations in basic control include “start motors,” “open valves,” “move actuators,” etc. Level 3 (Operational Systems/Site Operations): In this level, the production management, individual plant monitoring, and control functions are defined.

Answer 38

Answer: C. SIS (Safety Instrumented System) Explanation: Safety Instrumented Systems (SIS): A safety instrumented systems (SIS) is an automated control system designed to safeguard the manufacturing environment in case of any hazardous incident in the industry. Distributed Control System (DCS): A DCS is used to control production systems spread within the same geographical location. Programmable Logic Controller (PLC): A PLC is a real-time digital computer used for industrial automation. PLCs are considered more than just digital computers in various industrial control systems due to their extraordinary features such as robust construction, ease of programming, sequential control, ease of hardware use, timers and counters, and reliable controlling capabilities. Supervisory Control and Data Acquisition (SCADA): SCADA is a centralized supervisory control system that is used for controlling and monitoring industrial facilities and infrastructure.

Answer 39

Answer: A. DCS (Distributed Control System) Explanation: **Basic Process Control System (BPCS):** BPCS systems are dynamic in nature and are highly adaptable to changing process conditions. They are applicable to all sorts of control loops, including the temperature, batch, pressure, flow, feedback, and feedforward control loops used in industries such as the chemical, oil and gas, and food and beverages industries. Supervisory Control and Data Acquisition **(SCADA):** SCADA systems provide centralized controlling and monitoring of multiple process inputs and outputs by integrating the data acquisition system with the data transmission system and HMI software. **Distributed Control System (DCS):** It contains a centralized supervisory control unit used to control multiple local controllers, thousands of input/output (I/O) points, and various other field devices that are part of the overall production process. **Safety Instrumented Systems (SIS):** Consists of logic solvers that are helpful in deciding the necessary action to be taken based on the gathered information. They provide actions for both failsafe and fault-tolerant situations. They act as controllers that capture signals from the sensors and execute pre-programmed actions to avoid risk by providing output to the final control elements.

Answer 40

Answer: A. ISA/IEC 62443 Explanation: **ISA/IEC 62443:** ISA/IEC 62443 provides a flexible framework for addressing and mitigating current and future security vulnerabilities in industrial automation and control systems. **ICCP (IEC 60870-6):** ICCP (Inter-Control Center Communications Protocol) (IEC 60870-6) provides a set of standards and protocols for covering ICS or SCADA communication in power system automation. **IEC 61850:** IEC 61850 is a common protocol that enables interoperability and communications between the IEDs at electrical substations. **HSCP:** Hybrid SCP (Secure Copy Protocol) is developed for transmitting larger file sizes at high speed on long-distance and wideband infrastructure.

Answer 41

Answer: C. Level 2 Explanation: **Level 4 and 5:** DCOM, DDE, FTP/SFTP, GE-SRTP, IPv4/IPv6, OPC, TCP/IP, Wi-Fi. **Level 0 and 1:** BACnet, EtherCat, CANopen, Crimson v3, DeviceNet, GE-SRTP, Zigbee, ISA/IEC 62443, ISA SP100, MELSEC-Q, MODBUS, Niagara Fox, Omron Fins, PCWorx, Profibus, Profinet, Sercos II, S7 Communications, WiMax. **Level 2: 6LoWPAN, DNP3, DNS/DNSSEC, FTE, HART-IP, IEC 60870-5-101/104, SOAP.**

Answer 42

Answer: C. PLC Explanation: **DCS:** A Distributed Control System (DCS) is used to control production systems spread within the same geographical location. **BPCS:** A Basic Process Control System (BPCS) is responsible for performing process control and monitoring for industrial infrastructure. **SIS:** A safety instrumented systems (SIS) is an automated control system designed to safeguard the manufacturing environment in case of any hazardous incident in industry. **PLC: A programmable logic controller (PLC) is a small solid-state control computer where instructions can be customized to perform a specific task. PLC is a Operational Technology (OT) component.**

Answer 43

Answer: C) Side-channel attack Explanation: **Malware Attack:** Attackers are reusing legacy malware packages that were previously used to exploit IT systems for exploiting OT systems. **Side-Channel Attack: Attacker uses timing analysis and power analysis techniques are used to obtain critical information from a target system.** **Protocol Abuse:** Owing to compatibility issues, many OT systems use outdated legacy protocols and interfaces such as Modbus and CAN bus. Attackers exploit these protocols and interfaces to perform various attacks on OT systems. **Buffer Overflow Attack:** The attacker exploits various buffer overflow vulnerabilities that exist in ICS software, such as HMI web interface, ICS web client, communications interfaces, etc., to inject malicious data and commands to modify the normal behavior and operation of the systems.

Answer 44

Answer: A. Drive-by compromise Explanation: **Shoulder Surfing:** Shoulder surfing is a technique whereby attackers secretly observe the target to gain critical information. **Checking the Filtering Systems of Target Networks:** The ACK flag probe scanning technique also helps in checking the filtering systems of target networks. The attacker sends an ACK probe packet to check the filtering mechanism (firewalls) of packets employed by the target network. **Drive-by compromise: An attacker can gain access to the OT system by exploiting the target user’s web browser by tricking them into visiting a compromised website during a normal browsing session.** **Launch Daemon:** Attackers can create and install a new launch daemon, which can be configured to execute at boot-up time using launchd or launchctl to load plist into the relevant directories.

Answer 45

Answer: B) Hooking Explanation: **Obfuscating:** Obfuscation means to make code more difficult to understand or read, generally for privacy or security purposes. **Exploiting software:** Attackers can take advantage of known software vulnerabilities by abusing any programming errors to elevate privileges. **Hooking:** It allows attackers to hook into the APIs of different processes for redirecting and calling them to elevate privileges. **Activity Profiling:** Activity profiling is performed based on the average packet rate for network flow, which consists of consecutive packets with similar packet header information. The packet header information includes the IP addresses of the destination and sender, ports, and transport protocols used. **Network Address Translation:** Network address translation (NAT) separates IP addresses into two sets and enables the LAN to use these addresses for internal and external traffic. The NAT helps hide an internal network layout and force connections to go through a choke point. **Privilege Escalation:** Privilege escalation allows an attacker to achieve higher-level access and authorizations to perform further malicious activities on an ICS system or network. Some of the techniques that can be used by an attacker to escalate privileges are as follows.

Answer 46

Answer: A. Remote services Explanation: **Remote services: Attackers attempt to make additional movements across the target ICS environment by leveraging the existing access. An attacker can abuse the remote services to make lateral movements within the network assets and components.** **Drive-by Downloads:** This refers to the unintentional downloading of software via the Internet. Here, an attacker exploits flaws in browser software to install malware by merely visiting a website. **Proxy Server DNS Poisoning:** In the proxy server DNS poisoning technique, the attacker sets up a proxy server on the attacker’s system. The attacker also configures a fraudulent DNS and makes its IP address a primary DNS entry in the proxy server. **Cookie Sniffing:** It is a technique in which an attacker sniffs a cookie containing the session ID of the victim who has logged in to a target website and uses the cookie to bypass the authentication process and log in to the victim’s account.

Answer 47

Answer: c) Inhibit response function Explanation: **Evasion:** Attackers use this tactic to evade conventional defense mechanisms throughout their operations. Some of the techniques used to evade detection are removing the indicators, rootkits, and changing the operator mode. **Persistence:** Attackers employ persistence procedures to retain access within the ICS environment, even if the compromised device is restarted or the communication is interrupted. Some of the techniques that can be used by an attacker at this stage are modifying a program, module firmware, and project file infection. **Command and Control:** An attacker attempts to deactivate, control, or exploit the physical control processes within the target ICS environment using command and control. Some of the techniques used for command and control are frequently used ports, connection proxy, and standard application-layer protocol. **Inhibit Response Function: The inhibition of response function refers to the different ways an attacker attempts to thwart reactions against any security event such as hazard or failure. Some of the techniques associated with this tactic are activate firmware update mode, block command messages and block reporting messages.**

Answer 48

Answer: a) Impair process control Explanation: **Impair Process Control: Attackers use this tactic to disable, exploit, or control the physical control processes in the target environment. An attacker can re-program a device by injecting malicious firmware into it and thereby prepare it to perform other malicious tasks.** **Collection:** Collection refers to various methods that an attacker uses to gather information and gain knowledge regarding the data and domains of the ICS infrastructure. **Lateral Movement:** Attackers attempt to make additional movements across the target ICS environment by leveraging the existing access. **Privilege Escalation:** Privilege escalation allows an attacker to achieve higher-level access and authorizations to perform further malicious activities on an ICS system or network.

Answer 49

Answer: c) Impact Explanation: **Impair Process Control:** Attackers use this tactic to disable, exploit, or control the physical control processes in the target environment. **Impact: Impact refers to the techniques used by an attacker to damage, disrupt, or gain control of the data and systems of the targeted ICS environment and its surroundings.** **Inhibit Response Function:** The inhibition of response function refers to the different ways an attacker attempts to thwart reactions against any security event such as hazard or failure. **Discovery:** Discovery is the process of gaining information about an ICS environment to assess and identify target assets.

Answer 50

Answer: c) PIPEDREAM Explanation: **Kovter:** Backdoor Trojans such as Kovter are often initially used in the second (point of entry) or third (command-andcontrol [C&C]) stage of the targeted attack process. **Wingbird:** Rootkits such as Wingbird are potent backdoors that specifically attack the root or OS. Unlike backdoors, rootkits cannot be detected by observing services, system task lists, or registries. Rootkits provide full control of the victim OS to the attacker. **PIPEDREAM: PIPEDREAM is an attack framework designed with a set of tools aimed at ICS/SCADA devices. Attackers use this tool set to scan, compromise, and control the devices of an OT network. PIPEDREAM contains five components: EvilScholar, BadOmen, DustTunnel, MouseHole, and LazyCargo. The malware allows attackers to make lateral moves, escalate privileges, and disrupt critical functionalities. Additionally, attackers can leverage this malware to compromise Windows devices by exploiting ASRock motherboard driver vulnerabilities. Using DustTunnel and LazyCargo, attackers attempt to penetrate IT systems and pivot OT networks to perform malicious activities.** **Zmist:** Zmist is also known as Zombie. Mistfall was the first virus to use the technique called “code integration.” This code inserts itself into other code, regenerates the code, and rebuilds the executable.

Answer 51

Answer: b) INDUSTROYER.V2 Explanation: **INDUSTROYER.v2: INDUSTROYER.V2 was discovered in 2022 with some additional custom pieces of code to target OT-based power grids in specific regions of Ukraine. With self-contained executables and configuration files, the malware implements the communication protocol IEC-104 on the target network to manipulate the remote terminal units (RTUs) over TCP connections. INDUSTROYER.V2 allows attackers to integrate a custom configuration that can change the malware behavior according to the target device’s functionality.** **Dharma:** Dharma is a dreadful ransomware that was first identified in 2016; since then, it has been affecting various targets across the globe with new versions. **eCh0raix:** eCh0raix is a new ransomware that specifically targets Linux devices with QNAP network-attached storage (NAS). It infects and encrypts the victim’s machine using the AES encryption technique. **Divergent:** Divergent is a type of fileless malware that exploits NodeJS, which is a program that executes JavaScript outside the browser. Using Divergent fileless malware, attackers generate revenue by targeting corporate networks through click-fraud attacks.

Answer 52

Answer: a) Connection proxy Explanation: **Impersonation:** Impersonation is a common human-based social engineering technique where an attacker pretends to be a legitimate or authorized person. Attackers perform impersonation attacks personally or use a phone or another communication medium to mislead their target and trick them into revealing information. **Alternative Trusted Medium:** The alternative trusted medium technique is the most reliable method used for detecting rootkits at the OS level. **Connection Proxy: An attacker attempts to deactivate, control, or exploit the physical control processes within the target ICS environment using command and control. Attackers can control the traffic of the target network across the ICS environment using a connection proxy.** **Anti-disassembly:** Anti-disassembly is a technique that uses specially crafted code or data in a program to produce an incorrect program listing by disassembly analysis tools.

Answer 53

Answer: c) CRITIFENCE Explanation: **Censys:** Censys is a public search engine and data-processing facility backed by data collected from ongoing Internet-wide scans. Censys supports full-text searches on protocol banners and queries a wide range of derived fields. It can identify specific vulnerable devices and networks, and generate statistical reports on broad usage patterns and trends. **Thingful:** Thingful is a search engine for finding and using open IoT data from around the world. It helps organizations make better decisions with external IoT data. **CRITIFENCE: CRITIFENCE is an online database that stores default passwords of critical infrastructure, SCADA, ICS, and the IIoT. Attackers can use this online tool to discover the default credentials of a device or product simply by entering the device name or its manufacturer’s name.** **Netcraft:** Netcraft provides Internet security services, including anti-fraud and anti-phishing services, application testing, and PCI scanning.

Answer 54

Answer: d) GRASSMARLIN Explanation: **GRASSMARLIN: GRASSMARLIN is an open-source tool that passively maps and visually displays an ICS/SCADA network topology, while safely conducting device discovery, accounting, and reporting on these critical cyber-physical systems.** **SCADA Shutdown Tool:** SCADA Shutdown Tool is an ICS testing and automation tool that allows attackers to fuzz, scan, and run remote commands on ICSs, SCADA networks, and controllers. **Shodan:** The Shodan search engine helps attackers to gather information about OT devices connected to the Internet. This online tool can be used to obtain details of SCADA systems that are used in water treatment plants, nuclear power plants, HVAC systems, electrical transmission systems, home heating systems, etc. **Gqrx:** Gqrx is an SDR implemented with the help of the GNU Radio and Qt GUI tool. Attackers use hardware devices such as FunCube dongles, Airspy, HackRF, and RTL-SDR along with Gqrx SDR, to analyze the spectrum.

Answer 55

Answer: b) Binwalk Explanation: **GDB:** GDB is a debugging tool for Linux that allows attackers to comprehend the process of on-chip executions. **Fritzing:** The Fritzing tool assists attackers in designing electronic diagrams and circuits. **Binwalk: Binwalk helps attackers to scan and examine firmware binaries and images; it immediately displays different encryption types, sizes, partitions, filesystems involved, etc.** **Multimeter:** Attackers use multimeters or voltage meters to perform certain tests similar to the analyzer.

Answer 56

Answer: d) python -m fuzzowski printer1 631 -f ipp -r get_printer_attribs --restart smartplug Explanation: **Invoke-Mimikatz -command '"lsadump::dcsync /domain: /user:\":** Attackers attempt malicious replication using this command. **msfvenom -p windows/shell_reverse_tcp lhost= lport=444 -f exe > /home/attacker/Windows.exe:** Attackers run this command to generate a payload using msfvenom. **python -m fuzzowski printer1 631 -f ipp -r get_printer_attribs --restart smartplug: *The fuzzing of ICS protocols such as Modbus, BACnet, and Internet Printing Protocol (IPP) is critical for gathering information and identifying critical network activities. Fuzzowski is a network protocol fuzzer that helps attackers perform fuzz tests on ICS protocols. It assists attackers throughout the process of fuzzing a network protocol, as well as configuring communications.*** **run post/windows/gather/arp_scanner RHOSTS :** Attackers uses this command to detect live hosts in the target network.

Answer 57

Answer: a) IoTVAS Explanation: **Gqrx:** Attackers use Gqrx to observe the frequency bands of temperature/humidity sensors, light switches, car keys, M-bus transmitters, etc. Gqrx can also enable an ttacker to listen to or eavesdrop on radio FM frequencies or any radio conversations. **Azure IoT Central:** Azure IoT Central is a hosted, extensible software-as-a-service (SaaS) platform that simplifies the setup of IoT solutions. **Low Orbit Ion Cannon (LOIC):** LOIC is a network stress testing and DoS attack application. LOIC attacks can be called application-based DOS attacks because they primarily target web applications. **IoTVAS:** **IoTVAS enables device vendors and security professionals to perform an automated security assessment of the software that powers IoT devices (firmware) to identify configuration and application vulnerabilities. This tool notifies users about the vulnerabilities discovered and assists in mitigating those in a timely manner.**

Answer 58

Answer: b) nmap -Pn -sT -p 46824 Explanation: Nmap commands used by attackers to enumerate open ports and services of ICS/SCADA systems: **Identifying HMI Systems:** **nmap -Pn -sT -p 46824** **Scanning Siemens SIMATIC S7 PLCs:** nmap -Pn -sT -p 102 --script s7-info **Scanning Ethernet/IP Devices:** nmap -Pn -sU -p 44818 --script enip-info **Scanning Niagara Fox Devices:** nmap -Pn -sT -p 1911,4911 --script fox-info

Answer 59

Answer: a) Enable unused services and functionalities Explanation: Follow the countermeasures discussed below to defend against OT hacking: - Maintain an asset register to track the information and to scrutinize outdated and unsupported systems - _Disable_ unused ports and services - Use only tested and familiar third-party web servers for serving the ICS web applications - Restrict network traffic by using techniques like rate-limiting and whitelisting to prevent DoS and brute-forcing attacks - Regularly conduct a risk assessment to reduce the current risk exposure - Use purpose-built sensors to discover the vulnerabilities in the network inactively - Incorporate threat intelligence to uncover threats and protect assets by prioritizing OT patches - Regularly upgrade OT hardware and software tools - Implement secure configuration and secure coding practices for OT applications - Update systems to the latest technologies and patch systems regularly - Perform continuous monitoring and detection of the log data generated by the OT systems for detecting real-time attacks

Answer 60

Answer: b) Level 3.5 Explanation: **Level 2:** Manufacturing zone **Level 3:** Manufacturing zone **Level 3.5:** - **Industrial Demilitarized Zone (IDMZ)** **Level 4:** Enterprise zone

Answer 61

Answer: B. 1 -> 3 -> 2 -> 4 -> 5 Explanation: Steps to Implement a Zero-Trust Model in an ICS Network **Step 1:** Defining the Network **Step 2:** Mapping the Traffic **Step 3:** Architecting the Network **Step 4:** Developing a ZT Policy **Step 5:** Monitoring and Maintaining

Answer 62

Answer: c) NERC Explanation: **NERC:** **The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority that aims to assure the effective and efficient reduction of risks to the reliability and security of the electric grid.** **Common Vulnerabilities and Exposures (CVE):** CVE® is a publicly available and free-to-use list or dictionary of standardized identifiers for common software vulnerabilities and exposures. **Cloud Security Alliance (CSA):** The CSA is a nonprofit global organization that provides rising awareness and promotes best practices and security policies to help and secure the cloud environment. **Censys:** Censys monitors the infrastructure and discovers unknown assets anywhere on the Internet. It provides a full view of every server and device exposed to the Internet.

Answer 63

Answer: d) ISA/IEC-62443 Explanation: **The Federal Information Security Management Act (FISMA):** The Federal Information Security Management Act of 2002 was enacted to produce several key security standards and guidelines required by Congressional legislation. **ISA/IEC-62443: The International Society of Automation (ISA)/ International Electrotechnical Commission (IEC)- 62443 is a non-profit professional association of engineers, technicians, and management engaged in industrial automation.** **Factiva:** is a global news database and licensed content provider. It is a business information and research tool that gets information from licensed and free sources and provides capabilities such as searching, alerting, dissemination, and business information management. **MITRE CVE:** MITRE maintains a CVE database that contains details of the latest vulnerabilities. Attackers can search MITRE CVE to discover vulnerabilities that exist in the target system.