PenTest+ Study Notes 5 Flashcards
??? (2) : FOCA = (GUI) OSINT tool used to discover metadata that may be hidden within documents, typically those downloaded from the web. Can gather info such as domains associated w/the primary IP address. FOCA can scan using search engines such as Google, Bing, and DuckDuckGo to find downloadable files. However, you can also provide local files for FOCA to analyze. In addition, you can customize your search. Can work with a variety of document types, including Microsoft Office (.docx, .xlsx, etc.) along with the OpenDocument format (.odt, .ods, etc.). It can also analyze PDFs and graphical design file types like the XML-based Scalable Vector Graphics (SVG) format. FOCA can extract includes user and people names, software and OS version information, printer information, plaintext passwords, and more. Windows only tool, and requires a running AQL server to store its data in a database.
Tools for searching Metadata #2 :
??? (tool to be learned) : gathers info -> subdomain names, employee names, email addresses, PGP key entries, Open ports and service banners.
??? (tool to be learned) : uses modules to customize the search, some modules include -> Whois query to identify points of contact, PGP key Search, Social media profile associations, file crawler, DNS record enumerator. In addition, you can do an email address search in the Have I Been Pwned? database, which will indicate if the account has been associated with a recent breach. Malicious actors harvest credentials and then provide massive password dumps on the dark web that can be obtained for a fee.
theharvester / Recon-ng
??? has a full GUI to help users visualize the gathered information. ??? features an extensive library of “transforms,” which automate the querying of public sources of data. ??? then compares the data with other sets of information to provide commonalities among the sources. Some data that it can enumerate is -> Individuals names and physical addresses, network address blocks, phone numbers and email addresses, external links, DNS records and subdomains, downloadable files, social media profiles. The results of the query are then placed in node graphs, and then links are established between each node. This enables the user to analyze how two or more data points may be connected.
Maltego
??? whereby the team will communicate, whether directly or indirectly, a lie or half-truth in order to get someone to believe a falsehood. This belief can prompt the victim into committing an action they had not intended or is against their better interests.
pretexting :
??? In a ???, an attacker will either impersonate a high-level executive or hijack their email account. They then send an email to financial personnel, requesting money via a method such as a wire transfer. Because the financial personnel will believe the request is legitimate, they will approve the transfer. At that point, the attacker will have successfully obtained a payment without stealing it directly.
??? is another element of social engineering in which the attacker presents a fictitious situation as real.
business email compromise (BEC) / hoax
??? is when an attacker entices the victim into navigating to a malicious web page that has been set up to look official. The site can either mimic an existing site such as a banking website or it can simply have an air of legitimacy. The victim interacts with the site in order to provide their sensitive information to the attacker, by filling out a fake “login” form with their username and password.
Pharming :
baiting = where an attacker will leave bait, such as an infected physical media, in an area where a victim can find the device. The goal is to get the victim to pick up the drive and then insert it into a computer so that the malware can infect the system.
??? which is email that looks like a normal ad, but instead includes malicious code.
??? which is a phishing attack that targets a specific person or group of people.
malvertising / spear phishing
??? to send unwanted messages to phone recipients. ??? is annoying and is dangerous, as it can clog your voicemail system and can carry viruses and spyware in the message. To prevent vishing and ???, many VoIP companies verify and authenticate the phone number before passing the call on to the recipient. However, not everyone has this service.
spam over internet telephony (SPIT) :
Vishing and SPIT attacks are possible because software is easily available that can spoof a phone number so that it appears to be coming from a trustworthy source. In addition, the malicious actor can even disguise their voice and can send a single message to thousands of recipients at a time.
Badge cloning = is the act of copying authentication data from an RFID badge’s microchip to another badge. This can be done through handheld RFID writers, which are inexpensive and easy to use. To clone a badge, complete the following : (1) Hold the badge up to the RFID writer device and press a button to copy the data. (2) Hold a blank badge up to the device and write the copied data to create a cloned badge.
info
??? is essentially the same thing as tailgating, but in this case, the target knows someone is following behind them. The target might either know the malicious actor personally and be involved somehow, or they might be ignorant of what the attacker is doing.
SET (Social Engineering Toolkit - review and use this tool)
???, a free, open-source tool to create a spoofed call. ??? uses software to create your own private branch exchange (PBX). Although ??? is free, there is more to setting up the system. You will need to be proficient in Linux administration along with having a solid knowledge of networking and scripting.
Piggybacking / Asterisk
