PenTest+ Study Notes 10 Flashcards
When using 802.1X authentication, there are three main entities. The entities include a Supplicant (or Wi-Fi client), the Authenticator (or WAP), and the Authentication Server (AS), which is generally a RADIUS server that provides the authentication.
(PEAP) are designed to provide secure tunneling using server-side certificates only. The supplicant does not require a certificate.
info
??? is included in Kali Linux and has many different functions. In addition to capturing packets, it can also act as a wireless intrusion detection system. Once up and running, ??? will search for wireless networks and identify what device is transmitting the traffic. In addition, if ??? captures any handshake packets, it will preserve them to attempt to crack the password later.
Kismet :
??? is a Python-based program used to test wireless networks. ??? runs on a Linux OS and is able to recover WEP/WPS/WPA keys using a variety of methods. Methods include bruteforce, dictionary, session hijacking, replay, and man in the middle attacks.
Fern :
??? is a powerful Linux based tool that features a wide range of attacks. It supports 2.4 to 5GHz and has nine attack modules. Each attack module is denoted by a single letter. Mode b: create the appearance of many wireless networks. Mode a: authentication DoS will send multiple authentication frames to WAP in range with the intent of overwhelming the AP. Mode p: probes AP for SSID and bruteforce any hidden SSIDs. Mode d: will send a deauth to disconnect and disassociate all clients from an AP. Mode w: will provoke an Intrusion Detection and Prevention Systems confusion attack.
MDK4 :
??? the device is the property of the company and may only be used for company business.
??? the device is supplied and owned by the company. The employee may use it to access personal email, social media, and web browsing; however, they must be compliant with any acceptable use policies in force.
??? much the same as COPE; however, the employee can select a device from a curated list.
Corporate owned, business only (COBO) / Corporate owned, personally enabled (COPE) / Choose your own device (CYOD)
??? sets device policies for authentication, feature use, such as camera and microphone, and connectivity. ??? can also allow device resets and remote wipes.
??? sets policies for apps that can prevent unauthorized apps from being installed, automatically push out updates, and enable clients to select from a list of corporate compliant apps to be installed.
Mobile device management (MDM) / Mobile application management (MAM)
??? represents the flow of information from the time the user requests access to the time the request hits a resource. A vulnerability can exist in any of the steps taken to access the resource, and can include the ability to modify cookies, escalate privilege, and circumvent controls.
The business logic process :
??? is a method used by attackers to send out unwanted text messages, images, or videos to a mobile phone, tablet, or laptop using a Bluetooth connection. Bluetooth requires relatively close proximity, usually within 30 feet of the target device to be effective. However, in a busy area such as an airport, this attack is possible.
??? is a more aggressive attack, as a malicious actor is able to read information from a victim’s Bluetooth device. The end goal is to glean sensitive data from the victim, like their contacts, calendars, email messages, text messages, etc. Similar to Bluejacking, Bluesnarfing is ineffective against devices that set Bluetooth in non-discoverable mode.
Bluejacking / Bluesnarfing
Ettercap is a suite of tools that can be used to launch various types of Man in The Middle (or on-path) attacks.
Static analysis can evaluate both Android and iOS. Dynamic analysis is able to assess an Android platform.
Drozer is open-source software used for testing for vulnerabilities on Android devices. Drozer is an attack framework that allows you to find security flaws in the app and devices. It works as a client-server model and lets you assume the role of an Android app so you can observe the behavior of the app as it interacts with other apps.
info
??? This attack continuously sends signals to the device, requiring the device to (continuously) respond and prevents the device from resting or sleeping, which then drains the battery. Once a malicious actor has modified the integrity of an IoT device, this can lead to either data corruption, where the contents are modified in transit or exfiltration, or where the data leaves the device in an unauthorized manner.
Denial of Sleep Attack :
