Security Tools

Question 1

What does the traceroute command do?

Answer 1

The traceroute command allows you to map the entire path between two devices so that you can know exactly what routers are between point A and point B.

Question 2

What is TTL in relation to traceroute?

Answer 2

TTL (time to live)
This is the amount of hops a packet can go through.
Hops are hops between different routers.

Question 3

What do the nslookup and dig commands do?

Answer 3

These are useful for looking up information from dns servers.
The information is names and IP addresses.

Question 4

What are ipconfig and ifconfig?

Answer 4

Commands that can be used to find your IP address and network adapter information.
These ping your local router/gateway.

Question 5

What is pathping?

Answer 5

A windows command that combines both traceroute and ping.
First it runs a traceroute to build a map.
Next it does pings on each hop and measures round trip time and packet loss.

Question 6

What is netstat?

Answer 6

Network Statistics

Shows which devices our local machine is communicating to, and which devices are communicating to us.

Question 7

What command would you use to see the local arp table?

Answer 7

arp -a

Question 8

What command would you use to see a device’s routing table in windows and linux?

Answer 8

Linux: “netstat -r”
Windows: “route print”

Question 9

What is the curl command?

Answer 9

curl means client URL

It is used for grabbing the raw data of a webpage

Question 10

What is hping?

Answer 10

hping takes the idea of a ping and goes much further with it.
unlike a normal ping, hping allows you to heavily modify the packet you wish to send, and designate a port to send it to as well.
You can use this for wide scanning of ports too like nmap by specifying a range of ports.

Question 11

What is theHarvester used for?

Answer 11

Gathering OSINT (open source intelligence)
Also provides the ability to do a DNS brute force on a certain domain.

Question 12

What is sn1per?

Answer 12

This is a framework that combines many different recon tools into a single framework.

You can use one single query and get one set of output but run many different types of reconnaissance from many different tools at once.

Question 13

What does the command scanless do in linux?

Answer 13

This allows you to run port scans from a different host.

Basically a port scan proxy.

Question 14

What does the “dnsenum” command do? think “dns-enum”

Answer 14

This command is used for enumerating DNS information and finding host names.
Many services and hosts are listed in DNS and this command lets you do enumeration to view them.

Basically performs a brute force against the DNS to find any extra domains.

Question 15

What is the tool Cuckoo used for?

Answer 15

This is a sandbox for malware.

You can run programs inside of it and test them in a safe environment for malware.

Question 16

When looking at a file’s permissions using “ls -l” what 3 “groups” would have which permissions if it read:

-rw-r–r–

Answer 16

The owner(first section) would have read and write permissions
The group associated with that file would have read permissions.
All others on the machine would have read permissions.

The order here is owner-group-others

Question 17

If you executed this command “chmod 740 file.txt” which permissions would be applied?

Answer 17

The owner would have full permissions on the file to read write and execute.
The group for that file would have just read permissions.
Everyone else would have no permissions.

Question 18

What is the command logger used for?

Answer 18

The logger command will add information into the syslog in the operating system.
Usage:
logger “This information will be added to the syslog”
And then it really will be added to the syslog.

Question 19

What is the .ps1 file extension commonly associated with?

Answer 19

Powershell scripts.

Question 20

What is OpenSSL used for?

Answer 20

This is a toolkit and crypto library for SSL/TLS
You can use it to build certificates and manage SSL/TLS certificates on your system.
Can manage certificate signing requests(CSRs) and certificate revocation lists(CRLs)

Also has support for performing many different hashing functions and you can of course use it for encrypting and decrypting.

Question 21

What is tcpdump used for?

Answer 21

tcpdump has similar properties to wireshark but operates in the command line.
This would be a great solution if you don’t have access to a GUI.
This can capture packets and display the packets on the screen in real time just like wireshark.
You can also write these captures to a file and save them.

Question 22

What is Tcpreplay used for?

Answer 22

This allows us to take the packets captured in a packet capture and replay them back onto the network.
This allows us to take the information that we have gathered and simply send it right back out our NIC so that other devices on the network can see it as well.

This would be a great way of testing your IPS to see if it could find some malicious traffic in transit, if you captured some.
Also a great way to test firewall rules, as well as testing the performance of network devices on your network and how they handle large data.

Question 23

What is the dd command used for?

Answer 23

This is used for digital forensics.
Allows you to create a bit for bit copy of a drive.
Used by many forensic tools.

the command for doing this would look like this:

Creating an image:
dd if=/dev/sda of=/tmp/sda-image.img
^original ^copy

Restoring from an image:
dd if=/tmp/sda-image.img of=/dev/sda
^copy ^output where you want to restore

Question 24

What is the utility memdump used for?

Answer 24

Forensic Tool for dumping information in memory

This will take all of the information currently existing in system memory and send it to a location on your system.

Will typically be copied to another host across the network using netcat,stunell,openssl,etc.

Question 25

What is WinHex used for?

Answer 25

This is a 3rd party windows editor for allowing you to view and edit information in hexadecimal.

You can pull out information from a file, from memory, etc and not only view but EDIT that file or information as well.

There is also disk cloning capabilities built in.
You can also do secure wipes.

Question 26

What is FTK imager?

Answer 26

Think windows when you see this
A forensic drive imaging tool in windows.
An imaging tool that can mount drives, image drives, or perform file utilities in a windows executable.
You can even read encrypted drives as long as you have the password.
Widely supported in many forensics tools, you can read and write in other image formats, like if you are using dd, ghost, expert witness, etc.

Question 27

What is the tool “autopsy” used for.

Answer 27

This is a tool for once we have already gotten an image of a drive and we want to search through it for other pieces of information.

Allows us to view and extract many different data types:
Downloaded files
Browser history and cache
Emails
Databases
Much more

Question 28

What is the social engineer toolkit? (SET)

Answer 28

This is like metasploit but for social engineering.

Contains a ton of social engineering tools in one framework.