PenTest+ Study Notes 7 Flashcards
many commercial web application scanners, from vendors such as Acunetix, Qualys, and Netsparker. In addition, there are also open-source scanners and web crawlers, such as those built within Kali Linux.
info
??? is a set of commands that is used to send and receive data between systems, such as a client and a server. When used, the ??? provides an additional layer of security as the client never interfaces directly with the server. For example, when someone requests content from a web page, the request is sent from the browser to a remote server’s ???. An ??? with the appropriate key and authorization token can allow a malicious actor to gain access to sensitive data.
An API :
??? is done early in the software development life cycle to examine the code for security vulnerabilities.
??? is done after the code is placed in production. Unlike SAST, ??? will unearth vulnerabilities that are evident after the code is in production.
Static Application Security Testing (SAST) / Dynamic Application Security Testing (DAST)
??? is a US standard used to ensure applications are in-line with mandated security requirements. Scanning will use a predetermined security baseline that checks for vulnerabilities, either on-site or cloud based. Once identified, the next step is to mitigate the vulnerabilities to decrease overall organizational risk.
SCAP :
Sniffing can take advantage of cleartext protocols and data traveling across the network. The analyst can learn a great deal about the network by monitoring protocols such as: TCP, ARP, SMTP, HTTP, and others. If the traffic is in cleartext, you can capture credentials, files, images, messages, and data meant for other users and machines.
Sniffers such as Wireshark have the ability to recreate entire TCP sessions. However, even if the payload is encrypted, you can still extrapolate vital information that includes: (1) Source and destination address and ports. (2) WLAN SSIDs and accompanying cleartext messages. (3) Handshakes and outside wrapper IP addresses of VPN traffic.
info
To see all traffic on a switch, the network administrator can use port monitoring or Switched Port Analysis (SPAN). If you need to monitor all traffic on a backbone, you can use a full duplex tap in line with traffic; however, you will most likely need a special adapter. To effectively monitor network traffic there are a couple of guidelines: (1) The sniffer’s interface must be in promiscuous mode to gather all traffic. (2) If the team is testing a WLAN, the sniffer must be within radio range.
info
??? which provides a framework for name resolution, registration, and conflict detection on a LAN. Using Wireshark, you can garner host information from traffic passing through the network contained in NetBIOS name service (NBNS) messages. Using the display filter nbns, you can drill down into the nbns header to discover host information.
NetBIOS :
??? The team can use tools such as Aircrack-ng, Kismet, or Wifite to search for open WAPs. In addition, it’s beneficial to have packet analysis software running during the test to gather and save the information. After analysis, the information can then be used to launch an active attack. WiGLE (is a program for ???).
War Driving :
??? which will ping a range of IP addresses to learn which machines are responding. TCP Scans, which will check for open and listening TCP ports to determine what services are in use. OS Footprinting, which will identify the operating systems in use on the network.
Ping Scans :
Default Nmap Host Discovery : TCP SYN packet to port 443, TCP ACK packet to port 80, ICMP type 8 (echo request), ICMP type 13 (timestamp request), ARP requests to obtain MAC address details.
Filtered Port State = port is blocked by a firewall. Unfiltered Port State = port is accessible, but Nmap is unable to determine if port is opened or closed.
A = Maps hostname to 32-bit IPv4 address of the host. AAAA = Maps hostname to 128-bit IPv6 address of the host. PTR = most common use is for implementing reverse DNS lookups. MX = Mail Exchange record.
** Use and know Burp Suite **
info
