Tools And Commands Flashcards

Question 1

Q

What is PILAR?

Answer

A

A Risk Analysis and Management Tool.

PILAR is the software that implements and expands Magerit RA/RM Methodology. It is designed to support the risk management process along long periods, providing incremental analysis as the safeguards improve. Its functionalities include mainly:
Quantitative and qualitative Risk Analysis and Management
Quantitative and qualitative Business Impact Analysis &Continuity of Operations

Question 2

Q

What are Examples of Risk Management Tools?

Answer

A

PILAR
A1 Tracker
Risk Management Studio
IsoMetrix
Sword Active Risk
iTrak
Certainty Software
Resolver's ERM Software
Isolocity
Enablon

Question 3

Q

What is Group Policy Management Console (GPMC)?

Answer

A

It is a part of Windows Administrative Tools and is a scriptable interface to manage Group Policies.

Question 4

Q

Whate is ManageEngine ServiceDesk Plus?

Answer

A

It is a comprehensive ticketing system used in incident management, problem management, change management, and IT project management applications.

Question 5

Q

Name an Open Source Security Information and Event Management System (OSSIM)

Answer

A

AlienVault

Question 6

Q

What are examples of Ticketing System Tools?

Answer

A

AlienVault
osTicket
SolarWinds MSP
IR-Flow
Request Tracker for Incident Response (RTIR)
IBM Resilient Incident Response Platform
Freshdesk

Question 7

Q

What is buck-security?

Answer

A

It’s a collection of security checks for Linux. It allows incident handlers to identify the security status of a system

Question 8

Q

What is Kiwi Syslog Server?

Answer

A

A centralized and simplified log message management tool across various network devices and servers. It is used to centrally manage syslog messages, generate real-time alerts based on syslog messages, and perform advanced message filtering and message buffering

Question 9

Q

What is Splunk Light?

Answer

A

A tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. This tool will collect data from multiple sources and performs indexing, monitoring, reporting, and alerting. Alerts from Splunk Light can automatically trigger actions to send automated emails, execute remediation scripts, or post to RSS feeds.

Question 10

Q

What are examples of Incident Analysis and Validation Tools?

Answer

A

buck-security
Kiwi Syslog Server
Splunk Light
Loggly
InsightOps
Logz.io
Logmatic.io
Graylog

Question 11

Q

What is Microsoft Baseline Security Analyzer (MBSA)?

Answer

A

A tool designed for IT professionals and helps small-and medium-sized businesses to determine their security state in accordance with Microsoft security recommendations. It lets incident handlers scan local and remote systems for missing security updates as well as common security misconfigurations. MBSA includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows systems. To assess missing security updates, MBSA will only scan for missing security updates, update rollups and service packs available from Microsoft Update.

Question 12

Q

What are examples of tools for detecting missing security patches?

Answer

A

Microsoft Baseline Security Analyzer (MBSA)
GFI LanGuard
Symantec Client Management Suite
MaaS360 Patch Analyzer
Solarwinds Patch Manager
Kaseya Security Patch Management
Software Vulnerability Manager
Ivanti Endpoint Security
Patch Connect Plus
Automox
Prism Suite

Question 13

Q

What is MagicTree?

Answer

A

A report writing tool. MagicTree stores data in a tree structure. This is a natural way of representing the information that is gathered during a network test: a host has ports, which have services, applications, vulnerabilities, and so on.

Question 14

Q

What is KeepNote?

Answer

A

A note taking application that works on Windows, Linux, and MacOS X. With KeepNote, you can store your class notes, TODO lists, research notes, journal entries, paper outlines, and so on in a simple notebook hierarchy with rich-text formatting, images, and more. Using full-text search, you can retrieve any note for later reference.

Question 15

Q

What is FTK Imager?

Answer

A

A data preview and imaging tool that enables analysis of files and folders on local hard drives, CDs/DVDs, network drives, and examination of the content of forensic images or memory dumps.

Question 16

Q

What is R-Drive Image?

Answer

A

A potent utility that provides creation of disk image files for backup or duplication purposes. R-Drive restores the images on the original disks, on any other partitions, or even on a hard drive’s free space. It can be used to restore a system after heavy data loss caused by an operating system crash, virus attack, or hardware failure.

Question 17

Q

What are examples of Data Imaging Tools?

Answer

A

FTK Imager
R-Drive Image
EnCase Forensics
Data Acquisition Toolbox
RAID Recovery for Windows
R-Tool R-Studio
F-Response Imager

Question 18

Q

What is HashCalc?

Answer

A

A free tool used to compute multiple hashes, checksums, and HMACs for files, text, and hex strings

Question 19

Q

What is MD5 Calculator?

Answer

A

A tool used to calculate the MD5 hash value of the selected file.

Question 20

Q

What is HashMyFiles

Answer

A

A small utility that is used to calculate the MD5 and SHA1 hashes of one or more files in the system.

Question 21

Q

What is the ‘PsUptime’ command?

Answer

A

A Windows command to show the system uptime

Question 22

Q

What is the ‘Net Statistics’ command?

Answer

A

A Windows command used to show the system uptime

Question 23

Q

What is the ‘Uptime’ and ‘W’ command?

Answer

A

A Linux command used to show the system uptime

Question 24

Q

What is the ‘Netstat -ab’ command used for?

Answer

A

It’s a Windows command used to determine all the executable files for running processes.

Question 25

Q

What is ListDLLs?

Answer

A

It’s a Windows utility used to determine DLLs loaded into a process.

Question 26

Q

What is Pslist.exe?

Answer

A

It’s a Windows utility used to display basic information about the already running processes on a system, including the amount of time each process has been running.

Question 27

Q

What is the ‘Top’ command used for?

Answer

A

It’s a Linux command used to display system summary information as well as a list of processes or threads Linux kernel is currently managing.

Question 28

Q

What is the ‘w’ command?

Answer

A

It’s a Linux command used to display the current processes for each shell of each user.

Question 29

Q

What is the ‘ps’ command?

Answer

A

It’s a Linux command used to display information about the root’s currently running processes

Question 30

Q

What is the ‘pstree’ command?

Answer

A

It’s a Linux command used to display the processes on a system in the form of a tree

Question 31

Q

What is ‘Psloggedon’?

Answer

A

A Windows applet that displays both the locally logged on users and the users logged on via resources for either the local computer or a remote computer.

Question 32

Q

What is the ‘net session’ command?

Answer

A

A Windows command that helps to manage server connections. It is used without parameters ans it displays information about all logged in sessions of the local computer.

Question 33

Q

What is the ‘logonsessions’ command?

Answer

A

A Windows command that lists the currently logged-on sessions and if you specify the -p option it can provide you the information of processes running in each session.

Question 34

Q

What is the ‘who’ command?

Answer

A

A Linux command used to display the user that is currently logged on locally.

Question 35

Q

What is the ‘who am i/who -uH’ command?

Answer

A

These are both Linux commands. who am i is used to determine the currently logged on user, whereas who -uH displays the idle times for logged on users.

Question 36

Q

What is the ‘who -all/-a’ command?

Answer

A

A Linux command that displays all currently logged on users, local and remote

Question 37

Q

What is the ‘last’ command?

Answer

A

A Linux command that displays a history of logged on users, local and remote

Question 38

Q

What is the ‘lastlog’ command?

Answer

A

A Linux command that displays the last login times for system accounts, local and remote

Question 39

Q

What is the ‘W’ command?

Answer

A

A Linux command that displays summaries of system usage, currently logged on users, and logged on user activities

Question 40

Q

What is the ‘passwd’ file?

Answer

A

A Linux file containing user account information, including one-way encrypted passwords

Question 41

Q

What is the ‘nbtstat’ command?

Answer

A

A Linux command used to help troubleshoot NetBios resolution problems. When a network is functioning normally, NetBIOS over TCP/IP resolves NetBIOS names to IP Address

nbtstat -c: This option shows the contents of the NetBIOS name cache, which contains NetBIOS name-to-IP address mappings.

nbtstat -n: This displays the names that have been registered locally on the system by NetBIOS applications such as the server and redirector.

nbtstat -r: This command displays the count of all NetBIOS names resolved by broadcast and by querying a WINS server.

nbtstat -S: This option is used to list the current NetBIOS sessions and their statuses.

Question 42

Q

What is the ‘Netstat’ tool?

Answer

A

It’s a Windows tool that helps in collecting information about network connections operative.

netstat -a: Displays all active TCP connections as well as the TCP and UDP ports

netstat -e: Displays ethernet statistics.

netstat -n: Displays active TCP connections.

netstat -o: Displays active TCP connections and includes the PID.

netstat -p: Shows connections for the protocol specified.

netstat -r : Displays the contents of the IP routing table.

Question 43

Q

What is Cyber Triage?

Answer

A

An incident response software which helps incident responders and forensic investigators to determine if a host is compromised through simplified collection and analysis of endpoint data.

Question 44

Q

What is Process Explorer?

Answer

A

A Windows tool which shows the information about the handles and DLLs of the processes, which have been opened or loaded.

Question 45

Q

What are examples of tools used to collection volatile information?

Answer

A

PMDump
ProcDump
Process Dumper (PD)
PsList
Tasklist

Question 46

Q

What is Forensic Explorer?

Answer

A

A tool used to recover and analyze hidden and system files, deleted files, file and disk slack, and unallocated clusters. Forensic Explorer is used for preservation, analysis, and presentation of electronic evidence.

Question 47

Q

What is Forensic Toolkit (FTK)?

Answer

A

A tool used to deliver cutting edge analysis, decryption, and password cracking.

Question 48

Q

What is Event Log Explorer?

Answer

A

A software solution for monitoring, and analyzing events recorded in security, system, application, and other logs of Microsoft Windows OS.

Question 49

Q

What is OSForensics?

Answer

A

It helps discover relevant forensic data faster with high performance file searches and indexing as well as restores deleted files. It identifies suspicious files and activity with hash matching, drive signature comparisons and looks into emails, memory and binary data.

Question 50

Q

What is Helix3?

Answer

A

An cyber security solution integrated into the network, gives visibility across the entire infrastructure revealing malicious activities such as internet abuse, data sharing and harassment. Allows the user to isolate and respond to incidents or threats quickly through a central administration tool.

Question 51

Q

What is Autopsy?

Answer

A

A digital forensics platform and GUI to The Sleuth Kit and other forensics tools. It helps incident handlers to view file systems, retrieve deleted data, perform timeline analysis and web artifacts during an incident response.

Question 52

Q

What is EnCase Forensics?

Answer

A

A multi-purpose forensic platform. It can collect data from many devices and extract potential evidence. It generates an evidence report. Can assist in acquiring large amounts of evidence quickly.

Question 53

Q

What is Foremost?

Answer

A

A console program to recover files based on their headers, footers, and internal data structures.

Question 54

Q

What are examples of Forensic Analysis tools?

Answer

A

Forensic Explorer
Forensic Toolkit (FTK)
Event Log Explorer
OSForensics
 Helix3
Autopsy
EnCase Forensics
Foremost
Belkasoft Evidence Center
RegScanner
MultiMon
Process Explorer
Security Task Manager
Memory Viewer
Metadata Assistant
HstEx
XpoLog Log Management

Question 55

Q

What is TCP View?

Answer

A

A port monitoring tool. It shows detailed listings of all TCP & UDP endpoints on a system, including the local and remote addresses and the state of TCP connections. It provides subsets of the Netstat program that ships with WIndows.

Question 56

Q

What are examples of Port Monitoring Tools

Answer

A

TCP View
CurrPorts
dotcom-monitor
PortExpert
PRTG Network Monitor
Nagios Port Monitor

Question 57

Q

What is Process Monitor?

Answer

A

A monitoring tool for Windows that shows real-time file system, registry, and process/thread activity. It combines the legacy Sysinternals utilities, Filemon and Regmon.

Question 58

Q

What are examples of Process Monitoring Tools

Answer

A

Process Monitor
Process Explorer
M/Monit
ESET SysInspector
System Explorer
Security Task Manager
HiJackThis
Yet Another (remote) Process Monitor
Process Network Monitor
OpManager

Question 59

Q

What is jv16 Power Tools?

Answer

A

A PC system utility that works by cleaning out unneeded files and data, cleaning the Windows registry, automatically fixing system errors, and applying optimizations to a system. Allows users to scan and monitor the Registry.

Question 60

Q

What are examples of Registry Monitoring Tools?

Answer

A

jv16 Power Tools
Regshot
Reg Organization
Registry Viewer
RegScanner
Registrar Registry Manager
Active Registry Monitor
MJ Registry Watcher
Buster Sandbox Analyzer

Question 61

Q

What is Windows Service Manager (SrvMan)?

Answer

A

A service monitoring tool. You can use SrvMan’s CLI to Create services:
srvman.exe add [service name]
[display name] [/type:] [/start:] [/interactive:no] [/overwrite:yes]

Delete Services:
srvman.exe delete

Start/Stop/Restart services:
    srvman.exe start  [/nowait] [/delay: 
    ] 
    srvman.exe stop  [/nowait] [/delay: 
    ] 
    srvman.exe restart  [/delay:]

install & start a legacy driver:
srvman.exe run [service name] [/copy:yes]
[/overwrite:no] [/stopafter:]

Question 62

Q

What are examples of Windows Service Monitoring Tools?

Answer

A

Windows Service Manager (SrvMan)
Advanced Windows Service Manager
Netwrix Service Monitor
AnVir Task Manager
Service+
Easy Windows Service Manager
Nagios XI
Windows Service Monitor
PC Service Optimizer
SMART Utility

Question 63

Q

What is Autoruns for Windows?

Answer

A

A Startup Program Monitoring Tool. It can autostart the location of any startup monitor, display what programs are configured to run during system bootup or login, and show the entries in the order Windows processes them.

Question 64

Q

What are examples of Startup Program Monitoring Tools?

Answer

A

Autoruns
WinPatrol
Autorun Organizer
Quick Startup
StartEd Pro
Chameleon Startup Manager
BootRacer
Wintools.net: Startup Manager
EF StartUp Manager
PC Startup Master
CCleaner
Startup Delayer

Answer 65

A

An Event Logs Monitoring tool. Loggly automatically recognizes common log formats and gives a structured summary of all your parsed logs. It provides real-time monitoring, system behavior, and unusual activity.

Answer 66

A

Loggly
SolarWinds Log &amp; Event Manager
Netwrix Event Log Manager
LogFusion
Alert Logic Log Manager
EventTracker Log Manager
Process Lasso Pro
Splunk

Answer 67

A

An Installation Monitoring tool. Mirekusoft automatically monitors what gets placed on your system and allows to unistall it completely.

Answer 68

A

Mirekusoft
SysAnalyzer
Advanced Uninstaller PRO
Revo Uninstaller Pro
Comodo Programs Manager

Answer 69

A

A File and Folder Monitoring Tool. SIGVERIF is a Windows tool that comes with Windows 10/8/7. It searches for unsigned drivers on a system.

Steps to Identify an unsigned driver with SIGVERIF:
o Click Start → Run, type SIGVERIF, and then click OK.
o Click the Advanced button. Click Look for other files that are not digitally signed.
o Navigate to the Windows\System32\drivers folder, and then click OK.
o After Sigverif is finished running its check, it displays a list of all unsigned drivers installed on the computer. One can find the list of all signed and unsigned drivers found by Sigverif in the Sigverif.txt file in the %Windir% folder, typically the Windows folder.

Answer 70

A

SIGVERIF
Tripwire File Integrity Manager
Netwrix
Verisys
PA File Sight
CSP File Integrity Checker
NNT Change Tracker
AFIC (Another File Integrity Checker)
Fsum Frontend
OSSEC
IgorWare Hasher

Answer 71

A

A Device Driver Monitoring Tool. DriverView displays the list of all device drivers currently loaded on the system. Additional information is displayed, such as, load address, description, version, product name, company

Answer 72

A

DriverView
Driver Booster
Driver Reviver
Driver Easy
Driver Fusion
Driver Genius
Unknown Device Identifier
Driver Magician
DriverHive
InstalledDriversList
My Drivers
Driver Agent Plus
DriverPack

Answer 73

A

A Portable Network Analyzer for both LANs and WLANs. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analysis, in-depth packet decoding, and automatic expert diagnosis.

Answer 74

A

Capsa Network Analyzer
Wireshark
Nessus
NetResident
PRTG Network Monitor
GFI LanGuard
NetFort LANGuardian
CapMon
Nagios XI
Total Network Monitor

Answer 75

A

A network sniffer. DNSQuerySniffer shows the DNS queries sent on your system. For every DNS query, the following information is displayed: host name, port number, query ID, request type, request time, response time, duration, response code, number of records, and the consent of the returned DNS records.

Answer 76

A

DNSQuerySniffer
DNSstuff
DNS Lookup Tool
Sonar

Answer 77

A

An API Monitoring Tool. API Monitor allows you to monitor and display Win32 API calls made by applications.

Answer 78

A

API Monitor
APImetrics
Runscope
AlertSite

Answer 79

A

A scheduled task monitoring tool. schtasks used in a CLI, will display a list of all the scheduled tasks on the system.

Answer 80

A

schtasks
Monitoring Task Scheduler Tool (MoTaSh)
ADAudit Plus
CronitorCLI
Solarwinds Windows Scheduled Task Monitor

Answer 81

A

A Browser Activity Monitoring Tool. Wireshark captures and intelligently browses the traffic passing through a network.

Answer 82

A

Wireshark
Colasoft
OmniPeek
Observer Analyzer
PRTG Network Monitor
Netflow Analyser

Answer 83

A

A File Fingerprinting tool. HashMyFiles produces a hash value of a file using MD5, SHA1, CRC32, SHA-256, SHA-512, and SHA-384 algorithms. It also provides information about the file.

Answer 84

A

HashMyFiles
Hashtab
HashCalc
md5deep
MD5sums
tools4noobs--Online hash calculator
Cryptomathic

Answer 85

A

A free service that analyzes suspicious files and URLs and facilitates the detection of viruses, works, trojans, and so on. It generates a detailed report regarding the file that was marked as suspicious.

Answer 86

A

VirusTotal
Jotti
Metadefender
Online Scanner
IObit Cloud
ThreatExpert
Malwr
Valkyrie
Dr. Web Online Scanners
UploadMalware.com
ThreatAnalyzer
Payload Security
Anubis
Windows Defender Security Intelligence (WDSI)
Bitdefender Quickscan

Answer 87

A

A string search tool. BinText can extract text from any kind of file and it includes the ability to find plain ASCII text, Unicode text, and Resource strings.

Answer 88

A

BinText
FLOSS
Strings
Free EXE DLL Resource Extract
Hex Workshop

Answer 89

A

An Identifying Packing/Obfuscation Tool. PEiD can identify signatures associated with over 600 different packers and compilers. It displays the type of packer, entry point, file offset, EP Section, and subsystem used for packing.

Answer 90

A

A tool used for finding the Portable Executables (PE) Information. PE Explorer lets you open, view, and edit a variety of different 32-bit Windows executable file types.

Answer 91

A

PE Explorer
Portable Executable Scanner (pescan)
Resource Hacker
PEView

Answer 92

A

A tool used to identify file dependencies. Dependency Walker lists all the dependent modules of an executable file and builds hierarchical tree diagrams.

Answer 93

A

Dependency Walker
Snyk
Hakiri
Retie.js

Answer 94

A

PEiD
UPX
Exeinfo PE
ASPack

Answer 95

A

A Malware Disassembly Tool. IDA Pro is a multiplatform disassembler and debugger that explores binary programs to create maps of their execution.

Answer 96

A

IDA Pro
OllyDbg
WinDbg
objdump
ProcDump
KD
CDB
NTSD

Answer 97

A

A Python-based memory analysis tool that is capable of performing various forensic operations.

Below is an example of an image analysis using Volatility.

basic information: o python vol.py imageinfo -f /root/Desktop/memdump.mem

running process: o python vol.py pslist –profile=Win2008SP1x86 –f /root/Desktop/memdump.mem

analyze the service: o python vol.py svcscan –profile=Win2008SP1x86 –f /root/Desktop/memdump.mem | more

analyze the registry: o python vol.py hivelist –profile=Win2008SP1x86 –f /root/Desktop/memdump.mem

Answer 98

A

A Microsoft Windows OS utility designed to list the most significant aspect of the System Service Descriptor Table (SSDT) including service indexes, service addresses, service names, and the module name which corresponds to the service address.

Answer 99

A

An anti-malware that is able to detect and remove generic malware and advanced threats like rootkits, rogues and works. It also detects controversial programs (PUPs) as well as possible bad system modifications/corruptions (PUMs)

Answer 100

A

A Windows tool designed to handle large amounts of captured network traffic. It performs indexing of PCAP/PcapNG files and visualizes their contents as a list of TCP and UDP flows.

Answer 101

A

A network monitoring tool effectively used to monitor entire network infrastructure.

Answer 102

A

A free open-source antivirus program for Windows.

Answer 103

A

ClamWin
Bitdefender Antivirus Plus
Kaspersky Anti-Virus
McAfee Total Protection
Norton AntiVirus
Avast Premier Antivirus
ESET Smart Security
AVG Antivirus Free
Avira Antivirus Pro

Answer 104

A

A toolbar that provides updated information about the sites users visit regularly and blocks dangerous sites.

Answer 105

A

A collaborative clearinghouse for data and information about phishing on the internet. It has an API which developers can use to integrate antiphishing data into their applications.

Answer 106

A

A tool used to make email headers human readable by parsing them according to RFC 822.

Answer 107

A

MxToolbox
gaijin.at
testconnectivity.microsoft.com
ipTRACKERonline.com
toolbox.googleapps.com
whatsmyip.com

Answer 108

A

It’s a scanning tool used to check the validity of an email address. It’s a part of the CentralOps.net suite of online network utilities.

Answer 109

A

Email Dossier
verifyemailaddress.io
email-checker.net
emailvalidator.co
glocksoft.com

Answer 110

A

A tool that analyzes email headers and reveals information such as sender’s geographical location, IP Address, and so on.

Answer 111

A

eMailTrackerPro
PoliteMail
Yesware
ContactMonkey
Zendio
ReadNotify
DidTheyReadIt
Trace Email - whatsmyipaddress.com
ipaddresslocation.org
Pointofmail
WhoReadMe
GetNotify
G-Lock Analytics

Answer 112

A

EventLog Analyzer. It provides log management with agent and agentless methods of log collection, custom log parsing, and complete log analysis with reports and alerts.

Answer 113

A

A mail recovery software that can recover deleted email messages from either Outlook or Outlook Express DBX files.

Answer 114

A

An open-source phishing toolkit meant to help incident responders and businesses conduct real-world phishing simulations.

Answer 115

A

A spam filter that works instantly by automatically removing the spam and phishing emails from your inbox.

Answer 116

A

A email security tool used to securely transport email and files with the help of encryption and digital signatures.

Answer 117

A

Gpg4win
Advanced Threat Protection
SpamTitan
Symantec Email Security.cloud
Barracuda Email Security Gateway
Mimecast Email Security
Comodo Dome Anti-spam
Spambrella
The Email Laundry
GFI MailEssentials
Cisco Email Security

Answer 118

A

jv16 Power Tools
regshot
Reg Organizer
Registry Viewer
RegScanner

Answer 119

A

Nmap
Wireshark
TCPView
Netstat
Nbtstat
Tracert
Packet Capture
Real-Time NetFlow Analyzer
ManageEngine NetFlow Analyzer

Answer 120

A

PE Explorer
Pescan
PEView
Resource Hacker
WinDirStat
DiskSavvy
MD5sums
md5deep
Hashtab

Answer 121

A

VirusTotal
IDA Pro
Ollydbg
Windbg
Cuckoo Sandbox
Blueliv Sandbox

Answer 122

A

Process Monitor
Process Explorer
Tasklist
Monit
ESET SysInspector
System Explorer

Answer 123

A

Services.msc
MSConfig
SrvMan
Net start
Task Scheduler

Answer 124

A

Rekall
Memdump
MemGator
Memoryze
KnTTools

Answer 125

A

SolarWinds Server &amp; Application Monitor
Adaxes
ADManager Plus
ADAudit Plus
Anturis Active Directory Monitor

Answer 126

A

Nmap
Netstat
Wireshark
Tcpdump
MD5sums
md5deep

Answer 127

A

Traceroute
ARP
Ifconfig
File system
lsof
dd
df
fdisk
strings
grep

Answer 128

A

VirusTotal
IDA Pro
Cuckoo Sandbox

Answer 129

A

Processes
htop
top
ps

Answer 130

A

Rekall
Memfetch
LiME
Volatilitux

Answer 131

A

w/who
rwho
Lastlog

Answer 132

A

Qualys
Nessus
OpenVAS
AlienVault OSSIM
Nikto
Burp Suite

Answer 133

A

An engine that’s capable of real-time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM), and offline pcap processing.

Answer 134

A

A web-based network monitoring application released under GPLv3. ntopng is the next generation version of the original ntop. ntopng has been written in a portable way in order to virtually run on every Unix platform, MacOSX and Windows.

Answer 135

A

A widely used network protocol analyzer. It captures and intelligently browses the traffic passing through a network.

Answer 136

A

Suricata
ntopng
Wireshark
Colasoft
OmniPeek
Observer Analyzer
PRTG Network Monitor
Netflow Analyzer

Answer 137

A

Caspa Network Analyzer
ArpON
ARP AntiSpoofer
ARPStraw
shARP

Answer 138

A

A tool used to detect which network interface card is running in promiscuous mode. If a system has network interfaces in promiscuous mode, it may indicate the presence of a network sniffer running on the system.

Answer 139

A

A tool used to detect if a target on a local Ethernet has its network card in promiscuous mode.

Answer 140

A

An open-source network intrusion detection system (IDS), capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis and content searching/matching, and is used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, and OS fingerprinting attempts.

Answer 141

A

A tool that monitors the sensors within the server in real-time and helps in analyzing the performance of the server. It helps to track the network resource utilization.

Answer 142

A

A Windows based tool that enables you to monitor log files for changes. It can display changes in real-time and lets you automatically monitor for specific keywords, phrases, or patterns.

Answer 143

A

A network stress and DOS/DDOS attack application. It’s written in BASIC language and it is designed to attack up to 256 target URLs simultaneously. It sends HTTP POST and GET requests at a computer that uses lulz inspired GUIs.

Answer 144

A

A network stress testing and DOS attack application. It can also be called a application-based DOS attacker as it mostly targets web applications. LOIC can be used on target sites to flood the server with TCP packets, UDP packets, or HTTP request with the intention of disrupting the service of a particular host.

Answer 145

A

High Orbit Ion Cannon (HOIC)
Low Orbit Ion Cannon (LOIC)
HULK
Metasploit
Nmap
Blackhat Hacking Tools
DAVOSET
Tsunami
R-U-Dead-Yet
UDP Flooder
DLR DoS
Moihack Port-Flooder
DDOSIM

Answer 146

A

A Windows based honeypot IDS. It acts as a honeypot designed to attract and detect hackers and worms by simulating vulnerable system services and Trojans.

Answer 147

A

KFSensor
SSHHiPot
Artillery

Answer 148

A

A Windows based tool used to protect servers from DDoS attacks. It detects ans stops most DDoS/DoS attacks, including SYN attacks, IP flood, TCP flood, UDP flood, ICMP flood, slow HTTP DDoS attacks, Layer 7 attacks, Application attacks, and Windows RDP brute force password guessing attacks.

Answer 149

A

A tool that provides protection from DDoS attacks for online enterprises, public and media services, essential infrastructure, and internet service providers. In can guard from attacks such as DoS/DDoS, Super DDoS, DrDoS, Fragment attack, SYN flooding, IP Flooding, UDP, mutation UDP, random UDP flooding attack, ICMP, IGMP Flood attack, ARP Spoofing attack, HTTP Proxy attack, CC Flooding attack, CC Proxy attack, CC varieties attack, and zombie cluster CC attack

Answer 150

A

A DDoS protection tool that quickly mitigates any size attack without getting in the way of legitimate traffic or increasing latency.

Answer 151

A

Anti DDoS Guardian
D-Guard Anti-DDoS Firewall
Incapsula DDoS Protection
DDoS GUARD
Cloudflare
DOSarrest's DDoS Protection Service
DefensePro
F5
DD0SDefend
NetFlow Analyzer
Wireshark
NetScalar AppFirewall
Andrisoft Wanguard

Answer 152

A

A software-based Web Application Firewall (WAF) that protects your website from malicious attacks such as SQL injection, path traversal, cross-site scripting, and others that result in website defacement.

Answer 153

A

dotDefender
ServerDefender VP
IBM Security AppScan
Radware's AppWall
QualysGuard WAF
Barracuda Web Application Firewall
ThreatSentry
ThreatRadar
SecureSphere
ModSecurity
SteelApp Web App Firewall
Trustwave Web Application Firewall
Cyberoam's Web Application Firewall
Kerio Control

Answer 154

A

An Open-Source Security Information and Event Management (SIEM) tool. It provides a unified platform with capabilities like, Asset Discovery, Vulnerability Assessment, Intrusion Detection, Behavioral Monitoring, SIEM Event Correlation.

Answer 155

A

AlienVault
ArcSight ESM
IBM Qradar SIEM
Splunk ES
FortiSIEM
SolarWinds Log and Event Manager
RSA NetWitness Platform
McAfee Enterprise Security Manager
Quest InTrust
TrustWave SIEM Enterprise
NetIQ Sentinel
LogRhythm NextGen SIEM Platform
Eventlog Analyzer

Answer 156

A

An Open-Source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. It provides utilities such as a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates.

Answer 157

A

An Open-Source tool to centrally collect and examine security logs from systems, network devices, and applications. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting, and active response. It can also be automated.

Answer 158

A

A tool which lets you monitor, view, and analyze Apache/IIS/nginx logs with more ease.

Answer 159

A

OSSEC
Apache Logs Viewer (ALV)
Loggly
InsightOps
GoAccess
Logz.io
Graylog
Splunk
Logmatic.io

Answer 160

A

An anti-abuse API that helps incident responders or security personnel to know if the IP address, domain, or email of a user is blacklisted.

Answer 161

A

Apility.io
AutoShun
Cisco Umbrella
I-Blocklist
CINS Army List
FireHOL IP Lists
Mejestic Million
Rutgers Blacklisted IPs
Statvoo
Megatron
BotScout

Answer 162

A

A content filtering tool that lets you manage the internet experience on and off your network with acceptable use or compliance policies.

Answer 163

A

OpenDNS
nCompass
WebTitan
Smoothwall SWG
NetSentron
Symantec Secure Web Gateway

Answer 164

A

A web proxy tool. It allows you to surf the internet anonymously without disclosing your IP address.

Answer 165

A

Proxy Switcher
Proxy Workbench
CyberGhost VPN
Tor
Burp Suite
Hotspot Shield
Proxifier
Charles
Fiddler
Protoport Proxy Chain
ProxyCap
CCProxy
Privaxy
SocksChain

Answer 166

A

An auditing and recovery tool for SQL server database which reads transaction logs, transaction log backups, detached transaction logs and database backups, and audits, reverts or replays data and object changes that have affected the database, including the ones that have occurred before the product was installed.

Answer 167

A

An open-source tool used to recover from Web Application incidents. It is built on CrowdStrike’s Falcon Connect API.

Answer 168

A

WSFuzzer
WebScarab
Burp Suite
AppScan
Peach Fuzzer

Answer 169

A

Fuzz Testing or Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.

Answer 170

A

A Web Application security testing tool that checks web applications for SQL injections, cross-site scripting, and so on.

Answer 171

A

A plugin for the Fiddler HTTP proxy that passively audits a web application to find security bugs and compliance issues automatically.

Answer 172

A

A web application security testing tool that finds and reports web application vulnerabilities such as SQL injection and Cross-site Scripting (XSS).

Answer 173

A

Acunetix
Watcher Web Security Tool
Netsparker
N-Stalker Web Application Security Scanner
OWASP Zap
Arachni
Vega
Nessus
Skipfish
WebReaver
WSSA - Web Site Security Audit
Syhunt Hybrid
IronWASP
Wapiti
WebWatchBot
Secunia PSI
KeepNI
Exploit-Me
x5s
HconSTF
PunkScan

Answer 174

A

A Cloud-based Log Analysis Tool. It automatically recognizes common log formats and gives a structured summary of all the parsed logs. It provides real-time log monitoring, system behavior, and unusual activity.

Answer 175

A

Loggly
Sumo Logic
Splunk Cloud
Papertrail
Logz.io
Timber
Logentries
Semantext Cloud

Answer 176

A

A MITC attack detection tool. It can be used to monitor user and network activity, changes in files, registry entries, and so on. The real-time monitoring can assist in the detection of Man-In-The-Cloud (MITC) attacks.

Answer 177

A

A software-defined security (SDSec) platform. It was built to protect private clouds, public IaaS, and hybrid/multi-cloud infrastructure.

Answer 178

A

CloudPassage Halo
Qualys Cloud Platform
Azure Security Center
Nessus Enterprise for AWS
Symantec Cloud Workload Protection
Alert Logic
Deep Security
SecludIT
Panda Cloud Office Protection
Data Security Cloud
Cloud Application Control
Intuit Data Protection Services

Answer 179

A

It can be used to analyze and detect suspicious activity across the organizational network. An Incident handler can enable filters on network traffic and detect if an employee within the organization has initiated a Telnet connection.

Similarly, it can capture and be used to analyze network traffic using FTP protocol.

Answer 180

A

A tool for detecting data exfiltration. An incident handler can setup rules to monitor the network and the number of events and activities associated with user accounts within the organization.

Answer 181

A

DBCC act as Database console commands for SQL Server to check database consistency. The DBCC LOG command allows incident handlers to view and retrieve transaction log files for specific databases.

Syntax: DBCC LOG(, )
The output parameter specifies the level of information an incident handler wants to retrieve. It includes the following levels:

o 0 = minimal information of each operation such as the Current LSN, Operation, and Transaction ID
o 1 = slightly more info than 0, such as Flag Bits and Previous LSN
o 2 = detailed information, including (AllocUnitId, page id, slot id, etc.)
o 3 = full information about each operation
o 4 = full information on each operation along with the hex dump of current transaction row

Answer 182

A

An Insider Threat Detection Tool, used to quickly identify and eliminate insider threats. It’s an insider threat management solution that provides organizations with “eyes on the endpoint” and the ability to continuously monitor user behavior. Alerts can be sent out regarding activities that put the organization at risk.

Answer 183

A

An automated machine learning platform for detecting insider threats. It combines predictive modelling expertise, best practices of data science, and experience to deliver accurate, actionable predictions with full transparency and rapid deployment.

Answer 184

A

An Insider Threat Detection tool that allows incident handlers to monitor, detect and analyze user-based insider threats.

Answer 185

A

ObserveIT
DataRobot
Ekran System
SS8 Insider Threat Detection (ITD)
CyberArk
Netwrix Auditor
InsightDR
Splunk UBA
CognitoTM
Forcepoint UEBA
Securonix UEBA
Leidos' Arena ITITM
Veriato Recon

Answer 186

A

To provide the ability to build custom queries, generate alerts, retrieve data from multiple data sources, and enhance the potential analytical capability to prevent, detect, and respond to various insider threats.

Answer 187

A

DPL tools scan network traffic to find exfiltration of sensitive data and alert the administrators.

Answer 188

A

Symantec Data Loss Prevention
SecureTrust Data Loss Prevention
McAfee Total Protection
Check Point Data Loss Prevention
Digital Guardian Endpoint DLP
Clearswift's Adaptive DLP
Trend MicroTM Integrated DLP
Sophos SafeGuard Enterprise Encryption
WatchGuard Data Loss Prevention

Answer 189

A

User Behavior Analytics (UBA) and User Entity Behavior Analytics tools collect user activity details and use artificial intelligence and machine learning algorithms to perform user behavior analysis to prevent and detect insider threats before the fraud is perpetrated.

Answer 190

A

Exabeam Advanced Analytics
LogRhythm UEBA
Dtex Systems
Interset
Gurucul Risk Analytics (GRA)
Securonix UEBA
ZoneFox

Answer 191

A

Activity monitoring tools record all the user activity on the organizational networks, systems, and other IT resources. The tools can record the user’s keystrokes, capture screenshots, monitor internet usage, monitor software usage and track various other user activities on the organizational network.

Answer 192

A

ActivTrak
SoftActivity Monitor
EKRAN Employee Monitoring Software
Spyrix Personal Monitor
StaffCop Standard
Hubstaff Employee Monitoring Software
iMonitor EAM
Employee Desktop Live Viewer
Veriato Investigator
Personal Inspector
REFOG Personal Monitor
Screenshot Monitor
Power Spy
NetVizor
SentryPC

Brainscape's Knowledge GenomeTM

Tools And Commands Flashcards

Brainscape's Knowledge Genome^TM