Reconnaissance

Question 1

Name Web Mirroring Tools (why do it?)

Answer 1

To make local to check for vulnerabilities without alerting target. Tools include: HTTrack, Black Widow, WebRipper, Teleport Pro, GNU Wget, Backstreet Browser, NCollector Studio

Question 2

What does Website Watcher Do?

Answer 2

Checks web pages for changes and automatically notifies when there’s an update

Question 3

name email tracking tools (why use?)

Answer 3

Email tracking tools allows an attacker to collect information such as IP addresses, mail servers, and service provider involved in sending the mail. Attackers can use this information to build a hacking strategy and to perform social engineering and other attacks.
Tools: GetNotify, ContactMonkey, Yesware, Read Notify, WhoReadMe, Trace Email, Zendio

Question 4

What is a DNS resolver

Answer 4

also called a recursive resolver, is a server designed to receive DNS queries from web browsers and other applications. The resolver receives a hostname - for example, www.example.com - and is responsible for tracking down the IP address for that hostname. If it is cached it will just give the answer otherwise It queries the DNS hierarchy starting at root domain nameserver. it is supplied with the ip address of the authoritative top level domain NS (.com, .edu .net .org) it needs and then goes there, queries it for the authoritative dns server (anyname.com google.com etc) then from there anyname.com dns is queried where www.anyname.com is located and there is the answer.

Question 5

DNS records: SRV

Answer 5

Service: defines the hostname and port # of servers providing specific services

Question 6

dns record: SOA

Answer 6

Start of Authority: Identifies the primary name server for the zone. The SOA contains the hostname of the server responsible for all dns records within the namespace as well as the the basic properties of the domain.

Question 7

dns record: ptr

Answer 7

Pointer: maps an IP to a hostname. Provide for reverse DNS. Not needed but usually associated with email servers

Question 8

dns record: NS

Answer 8

Name Server: Define the name servers within your namespace. These servers respond to your clients’ requests for resolution

Question 9

dns record: MX

Answer 9

Mail Exchange: Identifies email servers in your domain

Question 10

dns record: CNAME

Answer 10

Canonical Name: provides for domain name aliases within zone. can be used to list multiple sevices (e.g. web and ftp) on the same IP. Provide alias

Question 11

dns record: A

Answer 11

Address: Maps and IP to a hostname and is used most often for dns look ups.

Question 12

dns record: 7 SOA components

Answer 12

Source host: Hostname of primary DNS server for the zone
Contact Email: Person responsible for zone file
Serial Number: Increments each time ZF is changed. Used by secondary server to know when to update. If SN is higher then update
Refresh Time: Amount of time a secondary server will wait to before asking for updates default is 3600 sec. 1 hour
Retry time: Amount of time secondary server will wait to retry. Default is 600 seconds
Expire time: Max time a second server will spend on zone transfer. Default is 86,400 sec (1 day)
TTL: the minimum time to live for all records in the zone if not updated by a zone transfer the records will perish. default 3600 sec (1 hour)

Question 13

Commands for DNS transfer nslookup

Answer 13

nslookup
type “server “ (address of soa) press enter
Type “set type=any” press enter
Type ls -d nameofdomain.com

Question 14

Four focuses of footprinting

Answer 14

Know the security posture
reduce the focus area (network range, # targets etc.)
Identify Vuln
Draw network map

Question 15

Common Criteria for Information Technology Security Evaluation (4)

Answer 15

EAL: Evaluation Assurance level
TOE: Target Of Evaluation, What is being tested: Specific product
ST: Security Target, The documentation describing the TOE and security requirements
PP: Protection Profile, General product type

Question 16

Common Criteria for Information Technology Security Evaluation

Answer 16

EAL: Evaluation Assurance level 1-7
TOE: Target Of Evaluation, What is being tested
ST: Security Target, The documentation describing the TOE and security requirements
PP: Protection Profile, a set of security requirements specifically for the type of product being tested

Question 17

access control policy

Answer 17

identifies resources that need protection and the rules in place to control access to them

Question 18

Information security policy

Answer 18

identifies what company systems may be used for and not used for and the consequences for breaking the rules. Unusually have to sign this. Also known as an acceptable use policy.

Question 19

Information protection policy

Answer 19

defines information sensitivity levels and who has access to those levels also how data is stored transmitted and destroyed.

Question 20

information audit policy

Answer 20

defines the framework auditing security within an organization. When Where how how often and some times who conducts can be described here

Question 21

Standards

Answer 21

mandatory rules used to achieve consistency

Question 22

Baselines

Answer 22

provide minimum security level necessary

Question 23

Guidelines

Answer 23

flexible recommended actions can be followed when there are no standards to follow

Question 24

Procedure

Answer 24

Detailed step by step instructions for accomplishing a goal or task

Question 25

Etical Hacking phases (5 +1)

Answer 25

Recon
scanning and enumeration
Gaining access
---priv escalation
Maintaining access
Covering Tracks

Question 26

12 pci requirements

Answer 26

1 install maintain firewall
2 remove default passwords and other security features
3 protect stored data
4 encrypt transmission
5 install use update av
6 develop secure systems and apps
7 use need to know guideline to restrict data access
8 assign a unique id to each person with access to the data
9 restrict physical access to data
10 Monitor all access to data and network resources holding transmitting or protecting it
11 test security systems and procedures regularly
12 create and maintain an information security policy

Question 27

COBIT

Answer 27

Control Objects for Information and Related Technology:  IT governance framework that enables policy development, good practice and regulatory compliance by categorizing objectives into 4 domains
Planning and Org
acquisition and implementation
delivery and support
monitoring and eval

Question 28

osint

Answer 28

Open Source Intelligence

Question 29

OSR framework tools for OSINT (6)

Answer 29

6 OSINT tools. Are python:

1. usufy.py verifies if a user name profile exists in up to 306 different platforms
2. mailfy.py checks if a user name has been registered in up to 22 different email providers
3. searchfy.py looks for profiles using full names and other info in seven platforms. “queries the OSRFramework platforms
4. domainfy.py verifies the existence of a given domain (per the site in up to 1567 differnt registries)
5. phonefy.py check for the existence of phone #’s. Can be used to see if they’ve been linked to spam.
6. entify.py looks for regular expressions

Question 30

CSIRT

Answer 30

Computer Security Incident Response team: provides a reliable and trusted single point of contact for reporting computer security incidents worldwide. CSIRT provides the means for reporting incidents and for disseminating important incident-related information.

Question 31

Regional Internet registries (5)

Answer 31

ARIN American Registry for Internet Number- Canada, US, Lots of Caribbean and N. Alt islands
APNIC Asia-Pacific Network Information Center Asia and the Pacific
RIPE NCC Reseaux IP Europeens Europe Middle east parts of central asia / North africa
LACNIC Latin America and Caribbean Network Information Center– Latin America and the Caribbean
AfriNIC Africa NEtwork Information center

Question 32

visual trace tools for network map (name 5)

Answer 32

Visual Trace (NeoTrace), Trout, GEO Spider, Magic NetTrace, Ping Plotter

Question 33

Common Criteria EAL Levels (7)

Answer 33

1 Functionally Tested
2 Structurally tested low to moderate level
3 Methodically Tested and Checked Moderate level
4 Methodically Designed, Tested and Reviewed
moderate to high level
5 Semiformally Designed and Tested High level
6 Semiformally Verified Design and tested. Premium TOE High risk
7 Formally Verified Design and Tested Extremely high risk