CSAD
Kartei Details
| Karten | 34 |
|---|---|
| Lernende | 11 |
| Sprache | English |
| Kategorie | Informatik |
| Stufe | Andere |
| Erstellt / Aktualisiert | 20.02.2018 / 11.02.2025 |
| Weblink |
https://card2brain.ch/box/20180220_cyber_security_attack_defense
|
| Einbinden |
<iframe src="https://card2brain.ch/box/20180220_cyber_security_attack_defense/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
Give a reason why penetration test methologies are needed.
- Improve chances of successfully completing penetration testing method
List and briefly describe the five process groups in the Project Management Book of Knowledge (PMBOK)
–Initiating (gain approval for project, let client know whats included/excluded, identify stakeholders)
–Planning (duration of project, size of team, cost of project, resources needed)
–Executing (attacks are conducted)
–Closing (final documents released to client, contractual agreement concluded, closing process)
–Monitoring and Controlling (watch out for changes that need to be managed)
Why discuss the PMBOK, when the PMBOK has nothing to do with penetration testing?
As penetration testing is a project itself, the standardized project management practices of PMBOK are of great help when performing pen testing.
State and briefly describe the three phases in Information System Security Assessment Framework (ISSAF)
Phase 1: Planning & Preperation (exchange information, plan and prepare for the test)
Phase 2: Apply layers to the following targets: Networks, Hosts, Applications, Databases.
Phase 3: Generating reports and securing data that was obtained during the test.
List the advantages and disadvantages of using ISSAF in penetration testing
•Advantages
–Does not assume previous knowledge.
–Provides examples of penetration test tool use.
•Disadvantages
–Out of date quickly.
–Penetration test tool examples are not extensive.
–Last update: May 2006
List and briefly describe the six common test types for Open Source Security Testing Methodology Manual (OSSTMM)
Blind: Analyst no knowlede of defenses, assets or channels. Target is prepared.
Double Blind: Analyst no knowledge of defenses, assets or channels. Target is not notified in advance.
Grey Box: Analyst limited knowledge of defenses and assets, full knowledge of channels. Target is prepared
Double Grey Box: Analyst limited knowledge of defenses and assets, full knowledge of channels. Target is notified about scope and time frame, but not channels and vectors.
Tandem: Analyst and Target both prepaired knowing all the details.
Reversal: Analyst full knowledge. Target no knowledge.
List and briefly describe the six error types in OSSTMM
False Positive:
Taret response indicates state as true, but in reality is not true.
False Negative:
Target response indicates state as no true, but in reality is true.
Gray Positive:
Target response indicates state as true, however target is designed to always respond with this state.
Gray Negative:
Target response indicates state as not true, however target is designed to always respond with this state.
Specter:
Target response indicates state as true or not true, but in reality it cannot be known.
Indiscretion:
Target response indicates state as true or false but only during particular time.
Entropy Error:
Target response cannot indicate state as true or false due to a high noise to signal ratio.
Falsification:
Target response indicates state as either true or false although in reality it is dependent on largely unknown variables.
List the advantages and disadvantages of using OSSTMM in penetration testing.
•Advantages
–More flexibility for Pentesters.
–Frequent updates.
•Disadvantages
–Assumes tester have necessary knowledge beforehand.
–Latest version requires paid subscription.
What is the purpose of reconnaissance?
- gather information from public sources (people and culture, terminology, technical infrastructure)
- identify patterns of behaviour of people or system
Explain what footprinting is.
- process of creating a map of network and systems of target organisation
Explain what Whois databases are.
Whoisdatabases contains:
–Technical, administrative, and billing contact names
–Phone numbers and e-mail addresses
–Domain Name Servers
–Other juicy tidbits
Why the Internet Corporation for Assigned Names and Numbers (ICANN) requires organisations to register domain names?
To ensure only a single organisation uses a specific domain name
What is the main difference between Whois lookup and Whois reverse lookup?
Whois lookup: done on domain name
Whois reverse lookup: done on ip address
List and briefly describe the six Google search operators
site
Searches a specificwebsite or domain.
filetype
Search for a particularfile type.
link
Searches within hyperlinks for a specific term.
cache
Identifies the versionof a web page.
intitle
Searches for a termwithin the document title.
inurl
Searches only within the URL of a document.
What is the function of a Domain Name Server (DNS)?
maps domain names to ip addresses
What does a zone file contain?
It contains all resource records for a domain (mapping between domain names and ip addresses)
Name and briefly describe the common DNS record types.
•A: Address Record
–Maps a domain name into IP address.
•SOA: Start of Authority Record
–Indicates that a server is authoritative for that DNS zone.
•NS: Name Server Record
–Indicates the name servers associated with a given domain.
•MX: Mail Exchange Record
–Identifies the mail servers for a given domain.
•CNAME: Canonical Name Record
–Indicates aliases and alternative names for a given host.
•PTR: Pointer for inverse lookups records (Reverse Record)
–Indicates an IP address to domain name mapping.
•SRV: Service Records
–Identifies services such as directory services.
State the difference between passive and active information gathering.
- passing information gathering uses non intrusive methods to gather information (most information can be obtained publicly)
- active information gathering uses more intrusive methods to gather information (like actively interacting with the target without dropping to the level of scanning)
Explain what Domain Name Server (DNS) enumeration is.
Process of locating all the DNS servers in a target organisationand retrieving corresponding records from them
Explain the DNS forward lookup and how DNS forward lookup brute force works
Resolve a given name. If it resolves, server exists. If not "not found" will be returned.
Brute Force: automated process by running a script through a complete list of DNS names
Explain the DNS reverse lookup and how can the results from the lookup be used.
Resolve ip address.
Brute Force: automated process by running a script that finds out all the hosts in a particular domain. Host names will give clues on the use of specific servers (smpt.gmail.com)
What is the implication if the DNS server allows anyone to perform a zone transfer?
Misconfigured DNS server. It is the equivalent to telling the hacker what the network topology is.
Configurations should separate internal DNS namespace and external DNS namespace into different unrelated zones.
Explain what social engineering is.
- nontechnical method of breaking into a system or network by deceiving the user of a system and convince them to perform acts that are useful to the attacker (reveal sensitive information)
List and elaborate on the two types of social engineering attacks.
Human-Based:
- Person to person interaction to retrieve desired information.
- Examples: Caling helpdesk to find out password, impersonating an employee, posing as important user, shoulder surfing, dumpster diving
Computer-based:
- uses software that attempts to retrieve the desired information
- Example: phishing, email attachments, popup windows, URL Obfuscation
List the countermeasures against social engineering.
Good policies and security awareness programmes that are taught and reinforced to employees.
One advantage of a strong security policy is that it helps the employee decide how to respond to hackers requests.
Explain enumeration and name three types of enumeration.
NetBIOS enumeration:
SNMP enumeration:
SMTP enumeration:
State the purpose of the scanning phase.
- Learn more about targets and find openings by interacting with the target.
- Hacker continues to gather information regarding the target network and its individual hosts
- Information gathered in this phase help hacker to determine which exploit to use
List and describe the different types of scanning
Network Sweeping:
- Identify live hosts in the target network by sending probe packets to all addresses in target range
Network Tracing:
- Determine the topology of a network to draw a network map using the results of the sweep.
Port Scanning:
- Find openings by listening to TCP and UDP ports. Specific numbers give hints to what services could be running
OS Fingerprinting:
- Determine OS based on network behaviours.
Version Scanning:
- Determine versions of services and protocols by interacting with open TCP and UDP ports
Vulnerability Scanning:
- Determine a list of potential vulnerabilities in the target environment
Explain war dialling.
technique of dialing telephone numbers to find an open modem connection that provide remote access to a network
Explain clearly how the ping sweep technique works
- do ping sweep of an address range
- systems that respond with a ping reply are live
What is the benefit of using the ping sweep technique?
- can run parallel
- all systems can be scanned at the same time
Explain how traceroute works
packets with incremental TTL values are sent to the target. using the TTL behaviour the addresses of routers between attacker and target can be determined
List the objectives of port scanning.
- Verification of the existence of the system
- Check for open ports that accept connection
Explain how scanning ports can aid in an attack.
- ports reveal what types of services are running and therefore aid in the attack by providing the attacker with info on which vulnerabilities to look for
