Tools And Commands Flashcards
What is PILAR?
A Risk Analysis and Management Tool.
PILAR is the software that implements and expands Magerit RA/RM Methodology. It is designed to support the risk management process along long periods, providing incremental analysis as the safeguards improve. Its functionalities include mainly:
Quantitative and qualitative Risk Analysis and Management
Quantitative and qualitative Business Impact Analysis &Continuity of Operations
What are Examples of Risk Management Tools?
PILAR A1 Tracker Risk Management Studio IsoMetrix Sword Active Risk iTrak Certainty Software Resolver's ERM Software Isolocity Enablon
What is Group Policy Management Console (GPMC)?
It is a part of Windows Administrative Tools and is a scriptable interface to manage Group Policies.
Whate is ManageEngine ServiceDesk Plus?
It is a comprehensive ticketing system used in incident management, problem management, change management, and IT project management applications.
Name an Open Source Security Information and Event Management System (OSSIM)
AlienVault
What are examples of Ticketing System Tools?
AlienVault osTicket SolarWinds MSP IR-Flow Request Tracker for Incident Response (RTIR) IBM Resilient Incident Response Platform Freshdesk
What is buck-security?
It’s a collection of security checks for Linux. It allows incident handlers to identify the security status of a system
What is Kiwi Syslog Server?
A centralized and simplified log message management tool across various network devices and servers. It is used to centrally manage syslog messages, generate real-time alerts based on syslog messages, and perform advanced message filtering and message buffering
What is Splunk Light?
A tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. This tool will collect data from multiple sources and performs indexing, monitoring, reporting, and alerting. Alerts from Splunk Light can automatically trigger actions to send automated emails, execute remediation scripts, or post to RSS feeds.
What are examples of Incident Analysis and Validation Tools?
buck-security Kiwi Syslog Server Splunk Light Loggly InsightOps Logz.io Logmatic.io Graylog
What is Microsoft Baseline Security Analyzer (MBSA)?
A tool designed for IT professionals and helps small-and medium-sized businesses to determine their security state in accordance with Microsoft security recommendations. It lets incident handlers scan local and remote systems for missing security updates as well as common security misconfigurations. MBSA includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows systems. To assess missing security updates, MBSA will only scan for missing security updates, update rollups and service packs available from Microsoft Update.
What are examples of tools for detecting missing security patches?
Microsoft Baseline Security Analyzer (MBSA) GFI LanGuard Symantec Client Management Suite MaaS360 Patch Analyzer Solarwinds Patch Manager Kaseya Security Patch Management Software Vulnerability Manager Ivanti Endpoint Security Patch Connect Plus Automox Prism Suite
What is MagicTree?
A report writing tool. MagicTree stores data in a tree structure. This is a natural way of representing the information that is gathered during a network test: a host has ports, which have services, applications, vulnerabilities, and so on.
What is KeepNote?
A note taking application that works on Windows, Linux, and MacOS X. With KeepNote, you can store your class notes, TODO lists, research notes, journal entries, paper outlines, and so on in a simple notebook hierarchy with rich-text formatting, images, and more. Using full-text search, you can retrieve any note for later reference.
What is FTK Imager?
A data preview and imaging tool that enables analysis of files and folders on local hard drives, CDs/DVDs, network drives, and examination of the content of forensic images or memory dumps.
What is R-Drive Image?
A potent utility that provides creation of disk image files for backup or duplication purposes. R-Drive restores the images on the original disks, on any other partitions, or even on a hard drive’s free space. It can be used to restore a system after heavy data loss caused by an operating system crash, virus attack, or hardware failure.
What are examples of Data Imaging Tools?
FTK Imager R-Drive Image EnCase Forensics Data Acquisition Toolbox RAID Recovery for Windows R-Tool R-Studio F-Response Imager
What is HashCalc?
A free tool used to compute multiple hashes, checksums, and HMACs for files, text, and hex strings
What is MD5 Calculator?
A tool used to calculate the MD5 hash value of the selected file.
What is HashMyFiles
A small utility that is used to calculate the MD5 and SHA1 hashes of one or more files in the system.
What is the ‘PsUptime’ command?
A Windows command to show the system uptime
What is the ‘Net Statistics’ command?
A Windows command used to show the system uptime
What is the ‘Uptime’ and ‘W’ command?
A Linux command used to show the system uptime
What is the ‘Netstat -ab’ command used for?
It’s a Windows command used to determine all the executable files for running processes.
What is ListDLLs?
It’s a Windows utility used to determine DLLs loaded into a process.
What is Pslist.exe?
It’s a Windows utility used to display basic information about the already running processes on a system, including the amount of time each process has been running.
What is the ‘Top’ command used for?
It’s a Linux command used to display system summary information as well as a list of processes or threads Linux kernel is currently managing.
What is the ‘w’ command?
It’s a Linux command used to display the current processes for each shell of each user.
What is the ‘ps’ command?
It’s a Linux command used to display information about the root’s currently running processes
What is the ‘pstree’ command?
It’s a Linux command used to display the processes on a system in the form of a tree
What is ‘Psloggedon’?
A Windows applet that displays both the locally logged on users and the users logged on via resources for either the local computer or a remote computer.
What is the ‘net session’ command?
A Windows command that helps to manage server connections. It is used without parameters ans it displays information about all logged in sessions of the local computer.
What is the ‘logonsessions’ command?
A Windows command that lists the currently logged-on sessions and if you specify the -p option it can provide you the information of processes running in each session.
What is the ‘who’ command?
A Linux command used to display the user that is currently logged on locally.
What is the ‘who am i/who -uH’ command?
These are both Linux commands. who am i is used to determine the currently logged on user, whereas who -uH displays the idle times for logged on users.
What is the ‘who -all/-a’ command?
A Linux command that displays all currently logged on users, local and remote
What is the ‘last’ command?
A Linux command that displays a history of logged on users, local and remote
What is the ‘lastlog’ command?
A Linux command that displays the last login times for system accounts, local and remote
What is the ‘W’ command?
A Linux command that displays summaries of system usage, currently logged on users, and logged on user activities
What is the ‘passwd’ file?
A Linux file containing user account information, including one-way encrypted passwords
What is the ‘nbtstat’ command?
A Linux command used to help troubleshoot NetBios resolution problems. When a network is functioning normally, NetBIOS over TCP/IP resolves NetBIOS names to IP Address
nbtstat -c: This option shows the contents of the NetBIOS name cache, which contains NetBIOS name-to-IP address mappings.
nbtstat -n: This displays the names that have been registered locally on the system by NetBIOS applications such as the server and redirector.
nbtstat -r: This command displays the count of all NetBIOS names resolved by broadcast and by querying a WINS server.
nbtstat -S: This option is used to list the current NetBIOS sessions and their statuses.
What is the ‘Netstat’ tool?
It’s a Windows tool that helps in collecting information about network connections operative.
netstat -a: Displays all active TCP connections as well as the TCP and UDP ports
netstat -e: Displays ethernet statistics.
netstat -n: Displays active TCP connections.
netstat -o: Displays active TCP connections and includes the PID.
netstat -p: Shows connections for the protocol specified.
netstat -r : Displays the contents of the IP routing table.
What is Cyber Triage?
An incident response software which helps incident responders and forensic investigators to determine if a host is compromised through simplified collection and analysis of endpoint data.
What is Process Explorer?
A Windows tool which shows the information about the handles and DLLs of the processes, which have been opened or loaded.
What are examples of tools used to collection volatile information?
PMDump ProcDump Process Dumper (PD) PsList Tasklist
What is Forensic Explorer?
A tool used to recover and analyze hidden and system files, deleted files, file and disk slack, and unallocated clusters. Forensic Explorer is used for preservation, analysis, and presentation of electronic evidence.
What is Forensic Toolkit (FTK)?
A tool used to deliver cutting edge analysis, decryption, and password cracking.
What is Event Log Explorer?
A software solution for monitoring, and analyzing events recorded in security, system, application, and other logs of Microsoft Windows OS.
What is OSForensics?
It helps discover relevant forensic data faster with high performance file searches and indexing as well as restores deleted files. It identifies suspicious files and activity with hash matching, drive signature comparisons and looks into emails, memory and binary data.
What is Helix3?
An cyber security solution integrated into the network, gives visibility across the entire infrastructure revealing malicious activities such as internet abuse, data sharing and harassment. Allows the user to isolate and respond to incidents or threats quickly through a central administration tool.
What is Autopsy?
A digital forensics platform and GUI to The Sleuth Kit and other forensics tools. It helps incident handlers to view file systems, retrieve deleted data, perform timeline analysis and web artifacts during an incident response.
What is EnCase Forensics?
A multi-purpose forensic platform. It can collect data from many devices and extract potential evidence. It generates an evidence report. Can assist in acquiring large amounts of evidence quickly.
What is Foremost?
A console program to recover files based on their headers, footers, and internal data structures.
What are examples of Forensic Analysis tools?
Forensic Explorer Forensic Toolkit (FTK) Event Log Explorer OSForensics Helix3 Autopsy EnCase Forensics Foremost Belkasoft Evidence Center RegScanner MultiMon Process Explorer Security Task Manager Memory Viewer Metadata Assistant HstEx XpoLog Log Management
What is TCP View?
A port monitoring tool. It shows detailed listings of all TCP & UDP endpoints on a system, including the local and remote addresses and the state of TCP connections. It provides subsets of the Netstat program that ships with WIndows.
What are examples of Port Monitoring Tools
TCP View CurrPorts dotcom-monitor PortExpert PRTG Network Monitor Nagios Port Monitor
What is Process Monitor?
A monitoring tool for Windows that shows real-time file system, registry, and process/thread activity. It combines the legacy Sysinternals utilities, Filemon and Regmon.
What are examples of Process Monitoring Tools
Process Monitor Process Explorer M/Monit ESET SysInspector System Explorer Security Task Manager HiJackThis Yet Another (remote) Process Monitor Process Network Monitor OpManager
What is jv16 Power Tools?
A PC system utility that works by cleaning out unneeded files and data, cleaning the Windows registry, automatically fixing system errors, and applying optimizations to a system. Allows users to scan and monitor the Registry.
What are examples of Registry Monitoring Tools?
jv16 Power Tools Regshot Reg Organization Registry Viewer RegScanner Registrar Registry Manager Active Registry Monitor MJ Registry Watcher Buster Sandbox Analyzer
What is Windows Service Manager (SrvMan)?
A service monitoring tool. You can use SrvMan’s CLI to Create services:
srvman.exe add [service name]
[display name] [/type:] [/start:] [/interactive:no] [/overwrite:yes]
Delete Services:
srvman.exe delete
Start/Stop/Restart services:
srvman.exe start [/nowait] [/delay:
]
srvman.exe stop [/nowait] [/delay:
]
srvman.exe restart [/delay:]
install & start a legacy driver:
srvman.exe run [service name] [/copy:yes]
[/overwrite:no] [/stopafter:]
What are examples of Windows Service Monitoring Tools?
Windows Service Manager (SrvMan) Advanced Windows Service Manager Netwrix Service Monitor AnVir Task Manager Service+ Easy Windows Service Manager Nagios XI Windows Service Monitor PC Service Optimizer SMART Utility
What is Autoruns for Windows?
A Startup Program Monitoring Tool. It can autostart the location of any startup monitor, display what programs are configured to run during system bootup or login, and show the entries in the order Windows processes them.
What are examples of Startup Program Monitoring Tools?
Autoruns WinPatrol Autorun Organizer Quick Startup StartEd Pro Chameleon Startup Manager BootRacer Wintools.net: Startup Manager EF StartUp Manager PC Startup Master CCleaner Startup Delayer
What is Loggly?
An Event Logs Monitoring tool. Loggly automatically recognizes common log formats and gives a structured summary of all your parsed logs. It provides real-time monitoring, system behavior, and unusual activity.
What are examples of Event Logs Monitoring Tools?
Loggly SolarWinds Log & Event Manager Netwrix Event Log Manager LogFusion Alert Logic Log Manager EventTracker Log Manager Process Lasso Pro Splunk
What is Mirekusoft?
An Installation Monitoring tool. Mirekusoft automatically monitors what gets placed on your system and allows to unistall it completely.
What are examples of Installation Monitoring Tools?
Mirekusoft SysAnalyzer Advanced Uninstaller PRO Revo Uninstaller Pro Comodo Programs Manager
What is SIGVERIF?
A File and Folder Monitoring Tool. SIGVERIF is a Windows tool that comes with Windows 10/8/7. It searches for unsigned drivers on a system.
Steps to Identify an unsigned driver with SIGVERIF:
o Click Start → Run, type SIGVERIF, and then click OK.
o Click the Advanced button. Click Look for other files that are not digitally signed.
o Navigate to the Windows\System32\drivers folder, and then click OK.
o After Sigverif is finished running its check, it displays a list of all unsigned drivers installed on the computer. One can find the list of all signed and unsigned drivers found by Sigverif in the Sigverif.txt file in the %Windir% folder, typically the Windows folder.
What are examples of Files and Folder Monitoring Tools?
SIGVERIF Tripwire File Integrity Manager Netwrix Verisys PA File Sight CSP File Integrity Checker NNT Change Tracker AFIC (Another File Integrity Checker) Fsum Frontend OSSEC IgorWare Hasher
What is DriverView?
A Device Driver Monitoring Tool. DriverView displays the list of all device drivers currently loaded on the system. Additional information is displayed, such as, load address, description, version, product name, company
What are Examples of Device Driver Monitoring Tools?
DriverView Driver Booster Driver Reviver Driver Easy Driver Fusion Driver Genius Unknown Device Identifier Driver Magician DriverHive InstalledDriversList My Drivers Driver Agent Plus DriverPack
What is Capsa Network Analyzer?
A Portable Network Analyzer for both LANs and WLANs. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analysis, in-depth packet decoding, and automatic expert diagnosis.
What are Examples of Network Analyzer Tools?
Capsa Network Analyzer Wireshark Nessus NetResident PRTG Network Monitor GFI LanGuard NetFort LANGuardian CapMon Nagios XI Total Network Monitor
What is DNSQuerySniffer?
A network sniffer. DNSQuerySniffer shows the DNS queries sent on your system. For every DNS query, the following information is displayed: host name, port number, query ID, request type, request time, response time, duration, response code, number of records, and the consent of the returned DNS records.
What are examples of DNS Monitoring/Resolution Tools?
DNSQuerySniffer
DNSstuff
DNS Lookup Tool
Sonar
What is API Monitor?
An API Monitoring Tool. API Monitor allows you to monitor and display Win32 API calls made by applications.
What are examples of API Calls Monitoring Tools?
API Monitor
APImetrics
Runscope
AlertSite
What is schtasks?
A scheduled task monitoring tool. schtasks used in a CLI, will display a list of all the scheduled tasks on the system.
What are examples of Scheduled Task Monitoring Tools?
schtasks Monitoring Task Scheduler Tool (MoTaSh) ADAudit Plus CronitorCLI Solarwinds Windows Scheduled Task Monitor
What is Wireshark?
A Browser Activity Monitoring Tool. Wireshark captures and intelligently browses the traffic passing through a network.
What are examples of Browser Activity Monitoring Tools?
Wireshark Colasoft OmniPeek Observer Analyzer PRTG Network Monitor Netflow Analyser
What is HashMyFiles?
A File Fingerprinting tool. HashMyFiles produces a hash value of a file using MD5, SHA1, CRC32, SHA-256, SHA-512, and SHA-384 algorithms. It also provides information about the file.
What are examples of File Fingerprinting Tools?
HashMyFiles Hashtab HashCalc md5deep MD5sums tools4noobs--Online hash calculator Cryptomathic
What is VirusTotal?
A free service that analyzes suspicious files and URLs and facilitates the detection of viruses, works, trojans, and so on. It generates a detailed report regarding the file that was marked as suspicious.
What are examples of Malware Scanning Tools?
VirusTotal Jotti Metadefender Online Scanner IObit Cloud ThreatExpert Malwr Valkyrie Dr. Web Online Scanners UploadMalware.com ThreatAnalyzer Payload Security Anubis Windows Defender Security Intelligence (WDSI) Bitdefender Quickscan
What is BinText?
A string search tool. BinText can extract text from any kind of file and it includes the ability to find plain ASCII text, Unicode text, and Resource strings.
What are examples of String Search Tools?
BinText FLOSS Strings Free EXE DLL Resource Extract Hex Workshop
What is PEiD?
An Identifying Packing/Obfuscation Tool. PEiD can identify signatures associated with over 600 different packers and compilers. It displays the type of packer, entry point, file offset, EP Section, and subsystem used for packing.
What is PE Explorer?
A tool used for finding the Portable Executables (PE) Information. PE Explorer lets you open, view, and edit a variety of different 32-bit Windows executable file types.
What are examples of Portable Executable (PE) Information Tools?
PE Explorer
Portable Executable Scanner (pescan)
Resource Hacker
PEView
What is Dependancy Walker?
A tool used to identify file dependencies. Dependency Walker lists all the dependent modules of an executable file and builds hierarchical tree diagrams.
What are examples of File Dependency Tools?
Dependency Walker
Snyk
Hakiri
Retie.js
What are examples of Identifying Packing/Obfuscation Tools?
PEiD
UPX
Exeinfo PE
ASPack
What is IDA Pro
A Malware Disassembly Tool. IDA Pro is a multiplatform disassembler and debugger that explores binary programs to create maps of their execution.
What are examples of Malware Disassembly Tools?
IDA Pro OllyDbg WinDbg objdump ProcDump KD CDB NTSD
What is Volatility Framework?
A Python-based memory analysis tool that is capable of performing various forensic operations.
Below is an example of an image analysis using Volatility.
basic information: o python vol.py imageinfo -f /root/Desktop/memdump.mem
running process: o python vol.py pslist –profile=Win2008SP1x86 –f /root/Desktop/memdump.mem
analyze the service: o python vol.py svcscan –profile=Win2008SP1x86 –f /root/Desktop/memdump.mem | more
analyze the registry: o python vol.py hivelist –profile=Win2008SP1x86 –f /root/Desktop/memdump.mem
What is SSDT View?
A Microsoft Windows OS utility designed to list the most significant aspect of the System Service Descriptor Table (SSDT) including service indexes, service addresses, service names, and the module name which corresponds to the service address.
What is RogueKiller?
An anti-malware that is able to detect and remove generic malware and advanced threats like rootkits, rogues and works. It also detects controversial programs (PUPs) as well as possible bad system modifications/corruptions (PUMs)
What is CapLoader?
A Windows tool designed to handle large amounts of captured network traffic. It performs indexing of PCAP/PcapNG files and visualizes their contents as a list of TCP and UDP flows.
What is PRTG Network Monitor?
A network monitoring tool effectively used to monitor entire network infrastructure.
What is ClamWin?
A free open-source antivirus program for Windows.
What are examples of Antivirus Tools?
ClamWin Bitdefender Antivirus Plus Kaspersky Anti-Virus McAfee Total Protection Norton AntiVirus Avast Premier Antivirus ESET Smart Security AVG Antivirus Free Avira Antivirus Pro
What is Netcraft?
A toolbar that provides updated information about the sites users visit regularly and blocks dangerous sites.
What is PhishTank?
A collaborative clearinghouse for data and information about phishing on the internet. It has an API which developers can use to integrate antiphishing data into their applications.
What is MxToolbox?
A tool used to make email headers human readable by parsing them according to RFC 822.
What are examples of Email Header Analyzing Tools?
MxToolbox gaijin.at testconnectivity.microsoft.com ipTRACKERonline.com toolbox.googleapps.com whatsmyip.com
What is Email Dossier?
It’s a scanning tool used to check the validity of an email address. It’s a part of the CentralOps.net suite of online network utilities.
What are examples of tools used to check Email Validity?
Email Dossier verifyemailaddress.io email-checker.net emailvalidator.co glocksoft.com
What is eMailTrackerPro?
A tool that analyzes email headers and reveals information such as sender’s geographical location, IP Address, and so on.
What are examples of Email Tracking Tools?
eMailTrackerPro PoliteMail Yesware ContactMonkey Zendio ReadNotify DidTheyReadIt Trace Email - whatsmyipaddress.com ipaddresslocation.org Pointofmail WhoReadMe GetNotify G-Lock Analytics
What is a tool used for Email Log Analysis?
EventLog Analyzer. It provides log management with agent and agentless methods of log collection, custom log parsing, and complete log analysis with reports and alerts.
What is Recover My Email?
A mail recovery software that can recover deleted email messages from either Outlook or Outlook Express DBX files.
What is Gophish?
An open-source phishing toolkit meant to help incident responders and businesses conduct real-world phishing simulations.
What is SPAMfighter?
A spam filter that works instantly by automatically removing the spam and phishing emails from your inbox.
What is Gpg4win?
A email security tool used to securely transport email and files with the help of encryption and digital signatures.
What are examples of Email Security Tools?
Gpg4win Advanced Threat Protection SpamTitan Symantec Email Security.cloud Barracuda Email Security Gateway Mimecast Email Security Comodo Dome Anti-spam Spambrella The Email Laundry GFI MailEssentials Cisco Email Security
What are examples of Registry Analysis Tools?
jv16 Power Tools regshot Reg Organizer Registry Viewer RegScanner
What are examples of Network Analysis Tools?
Nmap Wireshark TCPView Netstat Nbtstat Tracert Packet Capture Real-Time NetFlow Analyzer ManageEngine NetFlow Analyzer
What are examples of File System Analysis Tools?
PE Explorer Pescan PEView Resource Hacker WinDirStat DiskSavvy MD5sums md5deep Hashtab
What are examples of Malware Analysis Tools?
VirusTotal IDA Pro Ollydbg Windbg Cuckoo Sandbox Blueliv Sandbox
What are examples of Process Analysis Tools?
Process Monitor Process Explorer Tasklist Monit ESET SysInspector System Explorer
What are examples of Services Analysis Tools?
Services.msc MSConfig SrvMan Net start Task Scheduler
What are examples of Volatile Memory Analysis Tools?
Rekall Memdump MemGator Memoryze KnTTools
What are examples of Active Directory Tools?
SolarWinds Server & Application Monitor Adaxes ADManager Plus ADAudit Plus Anturis Active Directory Monitor
What are examples of Network Analysis Tools?
Nmap Netstat Wireshark Tcpdump MD5sums md5deep
What are examples of Network Analysis CLI Tools?
Traceroute ARP Ifconfig File system lsof dd df fdisk strings grep
What are examples of Malware Analysis Tools?
VirusTotal
IDA Pro
Cuckoo Sandbox
What are examples of Malware Analysis CLI Tools?
Processes
htop
top
ps
What are examples of Volatile Memory Analysis Tools?
Rekall
Memfetch
LiME
Volatilitux
What are examples of Session Management CLI Tools?
w/who
rwho
Lastlog
What are examples of Vulnerability Analysis Tools?
Qualys Nessus OpenVAS AlienVault OSSIM Nikto Burp Suite
What is Suricata?
An engine that’s capable of real-time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM), and offline pcap processing.
What is ntopng?
A web-based network monitoring application released under GPLv3. ntopng is the next generation version of the original ntop. ntopng has been written in a portable way in order to virtually run on every Unix platform, MacOSX and Windows.
What is Wireshark?
A widely used network protocol analyzer. It captures and intelligently browses the traffic passing through a network.
What are examples of Suspicious Network Events Detection and Validation Tools?
Suricata ntopng Wireshark Colasoft OmniPeek Observer Analyzer PRTG Network Monitor Netflow Analyzer
What are examples of ARP Spoofing Detection Tools?
Caspa Network Analyzer ArpON ARP AntiSpoofer ARPStraw shARP
What is PromqryUI?
A tool used to detect which network interface card is running in promiscuous mode. If a system has network interfaces in promiscuous mode, it may indicate the presence of a network sniffer running on the system.
What is Nmap?
A tool used to detect if a target on a local Ethernet has its network card in promiscuous mode.
What is Snort?
An open-source network intrusion detection system (IDS), capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis and content searching/matching, and is used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, and OS fingerprinting attempts.
What is AIDA64 Extreme?
A tool that monitors the sensors within the server in real-time and helps in analyzing the performance of the server. It helps to track the network resource utilization.
What is Kiwi Log Viewer?
A Windows based tool that enables you to monitor log files for changes. It can display changes in real-time and lets you automatically monitor for specific keywords, phrases, or patterns.
What is High Orbit Ion Cannon (HOIC)?
A network stress and DOS/DDOS attack application. It’s written in BASIC language and it is designed to attack up to 256 target URLs simultaneously. It sends HTTP POST and GET requests at a computer that uses lulz inspired GUIs.
What is Low Orbit Ion Cannon (LOIC)?
A network stress testing and DOS attack application. It can also be called a application-based DOS attacker as it mostly targets web applications. LOIC can be used on target sites to flood the server with TCP packets, UDP packets, or HTTP request with the intention of disrupting the service of a particular host.
What are Examples of DoS/DDoS Attack Tools?
High Orbit Ion Cannon (HOIC) Low Orbit Ion Cannon (LOIC) HULK Metasploit Nmap Blackhat Hacking Tools DAVOSET Tsunami R-U-Dead-Yet UDP Flooder DLR DoS Moihack Port-Flooder DDOSIM
What is KFSensor?
A Windows based honeypot IDS. It acts as a honeypot designed to attract and detect hackers and worms by simulating vulnerable system services and Trojans.
What are Examples of Tools used for dedecting DoS/DDoS Incidents?
KFSensor
SSHHiPot
Artillery
What is Anti DDoS Guardian?
A Windows based tool used to protect servers from DDoS attacks. It detects ans stops most DDoS/DoS attacks, including SYN attacks, IP flood, TCP flood, UDP flood, ICMP flood, slow HTTP DDoS attacks, Layer 7 attacks, Application attacks, and Windows RDP brute force password guessing attacks.
What is D-Guard Antil-DDoS Firewall?
A tool that provides protection from DDoS attacks for online enterprises, public and media services, essential infrastructure, and internet service providers. In can guard from attacks such as DoS/DDoS, Super DDoS, DrDoS, Fragment attack, SYN flooding, IP Flooding, UDP, mutation UDP, random UDP flooding attack, ICMP, IGMP Flood attack, ARP Spoofing attack, HTTP Proxy attack, CC Flooding attack, CC Proxy attack, CC varieties attack, and zombie cluster CC attack
What is Incapsula DDoS Protection?
A DDoS protection tool that quickly mitigates any size attack without getting in the way of legitimate traffic or increasing latency.
What are examples of DoS/DDoS Protection Tools?
Anti DDoS Guardian D-Guard Anti-DDoS Firewall Incapsula DDoS Protection DDoS GUARD Cloudflare DOSarrest's DDoS Protection Service DefensePro F5 DD0SDefend NetFlow Analyzer Wireshark NetScalar AppFirewall Andrisoft Wanguard
What is dotDefender?
A software-based Web Application Firewall (WAF) that protects your website from malicious attacks such as SQL injection, path traversal, cross-site scripting, and others that result in website defacement.
What are examples of Web Application Firewalls (WAF)?
dotDefender ServerDefender VP IBM Security AppScan Radware's AppWall QualysGuard WAF Barracuda Web Application Firewall ThreatSentry ThreatRadar SecureSphere ModSecurity SteelApp Web App Firewall Trustwave Web Application Firewall Cyberoam's Web Application Firewall Kerio Control
What is AlienVault OSSIM?
An Open-Source Security Information and Event Management (SIEM) tool. It provides a unified platform with capabilities like, Asset Discovery, Vulnerability Assessment, Intrusion Detection, Behavioral Monitoring, SIEM Event Correlation.
What are examples of SIEM Solutions?
AlienVault ArcSight ESM IBM Qradar SIEM Splunk ES FortiSIEM SolarWinds Log and Event Manager RSA NetWitness Platform McAfee Enterprise Security Manager Quest InTrust TrustWave SIEM Enterprise NetIQ Sentinel LogRhythm NextGen SIEM Platform Eventlog Analyzer
What is ClamAV?
An Open-Source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. It provides utilities such as a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates.
What is OSSEC?
An Open-Source tool to centrally collect and examine security logs from systems, network devices, and applications. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting, and active response. It can also be automated.
What is Appache Log Viewer (ALV)?
A tool which lets you monitor, view, and analyze Apache/IIS/nginx logs with more ease.
What are examples of Log Analysis Tools?
OSSEC Apache Logs Viewer (ALV) Loggly InsightOps GoAccess Logz.io Graylog Splunk Logmatic.io
What is Apility.io?
An anti-abuse API that helps incident responders or security personnel to know if the IP address, domain, or email of a user is blacklisted.
What are examples of Whitelisting/Blacklisting Tools?
Apility.io AutoShun Cisco Umbrella I-Blocklist CINS Army List FireHOL IP Lists Mejestic Million Rutgers Blacklisted IPs Statvoo Megatron BotScout
What is OpenDNS
A content filtering tool that lets you manage the internet experience on and off your network with acceptable use or compliance policies.
What are examples of Web Content Filtering Tools?
OpenDNS nCompass WebTitan Smoothwall SWG NetSentron Symantec Secure Web Gateway
What is Proxy Switcher?
A web proxy tool. It allows you to surf the internet anonymously without disclosing your IP address.
What are examples of Web Proxy Tools?
Proxy Switcher Proxy Workbench CyberGhost VPN Tor Burp Suite Hotspot Shield Proxifier Charles Fiddler Protoport Proxy Chain ProxyCap CCProxy Privaxy SocksChain
What is ApexSQL Log?
An auditing and recovery tool for SQL server database which reads transaction logs, transaction log backups, detached transaction logs and database backups, and audits, reverts or replays data and object changes that have affected the database, including the ones that have occurred before the product was installed.
What is CrowdStrike FalconTM Orchestrator?
An open-source tool used to recover from Web Application incidents. It is built on CrowdStrike’s Falcon Connect API.
What are examples of Fuzz Testing Tools?
WSFuzzer WebScarab Burp Suite AppScan Peach Fuzzer
What is Fuzz Testing?
Fuzz Testing or Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.
What is Acunetix Web Vulnerability Scanner?
A Web Application security testing tool that checks web applications for SQL injections, cross-site scripting, and so on.
What is Watcher Web Security Tool?
A plugin for the Fiddler HTTP proxy that passively audits a web application to find security bugs and compliance issues automatically.
What is Netsparker?
A web application security testing tool that finds and reports web application vulnerabilities such as SQL injection and Cross-site Scripting (XSS).
What are examples of Web Application Security Tools?
Acunetix Watcher Web Security Tool Netsparker N-Stalker Web Application Security Scanner OWASP Zap Arachni Vega Nessus Skipfish WebReaver WSSA - Web Site Security Audit Syhunt Hybrid IronWASP Wapiti WebWatchBot Secunia PSI KeepNI Exploit-Me x5s HconSTF PunkScan
What is Loggly?
A Cloud-based Log Analysis Tool. It automatically recognizes common log formats and gives a structured summary of all the parsed logs. It provides real-time log monitoring, system behavior, and unusual activity.
What are examples of Cloud-based Log Analysis Tools?
Loggly Sumo Logic Splunk Cloud Papertrail Logz.io Timber Logentries Semantext Cloud
What is Tripwire?
A MITC attack detection tool. It can be used to monitor user and network activity, changes in files, registry entries, and so on. The real-time monitoring can assist in the detection of Man-In-The-Cloud (MITC) attacks.
What is CloudPassage Halo?
A software-defined security (SDSec) platform. It was built to protect private clouds, public IaaS, and hybrid/multi-cloud infrastructure.
What are examples of Cloud Security Tools?
CloudPassage Halo Qualys Cloud Platform Azure Security Center Nessus Enterprise for AWS Symantec Cloud Workload Protection Alert Logic Deep Security SecludIT Panda Cloud Office Protection Data Security Cloud Cloud Application Control Intuit Data Protection Services
How can Wireshark be utilized when responding to Insider Threats?
It can be used to analyze and detect suspicious activity across the organizational network. An Incident handler can enable filters on network traffic and detect if an employee within the organization has initiated a Telnet connection.
Similarly, it can capture and be used to analyze network traffic using FTP protocol.
What is Nuix Adaptive Security?
A tool for detecting data exfiltration. An incident handler can setup rules to monitor the network and the number of events and activities associated with user accounts within the organization.
Database Consistency Checker (DBCC) Commands
DBCC act as Database console commands for SQL Server to check database consistency. The DBCC LOG command allows incident handlers to view and retrieve transaction log files for specific databases.
Syntax: DBCC LOG(, )
The output parameter specifies the level of information an incident handler wants to retrieve. It includes the following levels:
o 0 = minimal information of each operation such as the Current LSN, Operation, and Transaction ID
o 1 = slightly more info than 0, such as Flag Bits and Previous LSN
o 2 = detailed information, including (AllocUnitId, page id, slot id, etc.)
o 3 = full information about each operation
o 4 = full information on each operation along with the hex dump of current transaction row
What is ObserveIT?
An Insider Threat Detection Tool, used to quickly identify and eliminate insider threats. It’s an insider threat management solution that provides organizations with “eyes on the endpoint” and the ability to continuously monitor user behavior. Alerts can be sent out regarding activities that put the organization at risk.
What is DataRobot?
An automated machine learning platform for detecting insider threats. It combines predictive modelling expertise, best practices of data science, and experience to deliver accurate, actionable predictions with full transparency and rapid deployment.
What is Ekran System?
An Insider Threat Detection tool that allows incident handlers to monitor, detect and analyze user-based insider threats.
What are examples of Insider Threat Detection Tools?
ObserveIT DataRobot Ekran System SS8 Insider Threat Detection (ITD) CyberArk Netwrix Auditor InsightDR Splunk UBA CognitoTM Forcepoint UEBA Securonix UEBA Leidos' Arena ITITM Veriato Recon
What is the purpose of SIEM solutions regarding insider threats?
To provide the ability to build custom queries, generate alerts, retrieve data from multiple data sources, and enhance the potential analytical capability to prevent, detect, and respond to various insider threats.
What is the purpose of Data Loss Prevention tools with regards to insider threats?
DPL tools scan network traffic to find exfiltration of sensitive data and alert the administrators.
What are examples of Data Loss Prevention (DLP) tools?
Symantec Data Loss Prevention SecureTrust Data Loss Prevention McAfee Total Protection Check Point Data Loss Prevention Digital Guardian Endpoint DLP Clearswift's Adaptive DLP Trend MicroTM Integrated DLP Sophos SafeGuard Enterprise Encryption WatchGuard Data Loss Prevention
What are UBA/UEBA tools utilized for?
User Behavior Analytics (UBA) and User Entity Behavior Analytics tools collect user activity details and use artificial intelligence and machine learning algorithms to perform user behavior analysis to prevent and detect insider threats before the fraud is perpetrated.
What are examples of UBA/UEBA tools?
Exabeam Advanced Analytics LogRhythm UEBA Dtex Systems Interset Gurucul Risk Analytics (GRA) Securonix UEBA ZoneFox
What is the purpose of activity monitoring with regards to insider threats?
Activity monitoring tools record all the user activity on the organizational networks, systems, and other IT resources. The tools can record the user’s keystrokes, capture screenshots, monitor internet usage, monitor software usage and track various other user activities on the organizational network.
What are examples of Activity Monitoring tools?
ActivTrak SoftActivity Monitor EKRAN Employee Monitoring Software Spyrix Personal Monitor StaffCop Standard Hubstaff Employee Monitoring Software iMonitor EAM Employee Desktop Live Viewer Veriato Investigator Personal Inspector REFOG Personal Monitor Screenshot Monitor Power Spy NetVizor SentryPC
