IT359

¡Supera tus tareas y exámenes ahora con Quizwiz!

IP address decoy

generating or manually specifying IP addresses of the decoys so that the IDS/firewall cannot determine the actual IP address appears to the target that the decoys as well as the host are scanning the network hard to determine which IP was actually scanning the network nmap -D RND:10 nmap -D decoy1, decoy2

hacking

group of people exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to system resources involves modifying system or application features to achieve a goal outside of the creator's original purpose used to steal, pilfer, redistribute intellectual property leading to business loss

vulnerability

help the attacker in fulfilling his intentions attackers try various tools and attack techniques to exploit vulnerabilities in a system to achieve their motives

why penetration testing?

identify threats of an organizations assets, enhance return on security investment, assessment of organizations security, industry regulation, validating security protections and controls, upgrading existing infrastructure, high security vulnerabilities and application level security issues, preparation steps to prevent exploitation

application threats

improper data/input validation, authentication and authorization attack, security misconfiguration, information disclosure, broken session management, buffer overflow issues, cryptography attacks, SQL injection

ethical hacking skills - technical

in depth knowledge of major operating environments, in depth knowledge of networking concepts, computer expert of technical domains, knowledge of security areas and related issue, high technical knowledge to launch attacks

foot printing

first step of any attack on systems in which an attacker collects information about a target network for identifying various ways to intrude into the system

Flaw Hypothesis Methodology

gather information, flaw hypothesis (identify flaws), flaw testing (test exploit system), flaw generalization (similar faults), flaw elimination

passive foot printing

gathering information about a target without directly interacting

active footprinting

gathering information about the target with direct interaction

fingerprinting websites

netcraft to determine the operating system in use by the target organization SHODAN search engine lets you find connected devices censys search engine enables researchers to ask questions about the hosts and networks that compose the internet

black box

no prior knowledge of the infrastructure to be tested blind testing (one has information), double blind testing (no one has information)

UDP scan

open - no three way handshake, system does not respond with a message when the port is open closed - will respond with an ICMP port unreachable message, spyware, trojans horses, and other malicious applications use UDP ports

information obtained in footprinting

organization info - employee details, number, location, background network - domains, blocks, IP addresses, who is record, DNS system info - location of web servers, users and passwords

payload

part of an exploit code that performs the intended malicious action, such as destroying, creating backdoors and hijacking computer

phases of penetration testing - attack

penetrating perimeter, acquiring target, escalating privileges, execution, implantation, retracting

phases of penetration testing - pre attack

planning and preparation, methodology designing, network information gathering

scanning tools - Nmap

use for network inventory, managing server upgrade schedules, monitoring host or service uptime extract information such as live hosts on the network services, type of packet filters/firewalls, operating systems, OS versions

google hacking

use of advanced google search operators for creating complex search queries in order to extract sensitive or hidden information that helps attackers to find vulnerable targets

bot

A software application that can be controlled remotely to execute or automate predefined tasks (used for DDOS attack)

Flaw Hypothesis Methodology

A system analysis (on gernal purpose OS's) and penetration technique where specifications and documentation for the system are analyzed and then flaws in the system are hypothesized

zero-day attack

An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability.

penetration testing

Method of evaluating the security of a computer system or network, by simulating an attack to find out vulnerabilities that an attacker could exploit security measures are actively analyzed for design weaknesses and technical flaws and vulnerabilities document weaknesses can be exploited results are put into a report to executive management and technical audiences

hack value

Notion among hackers that something is worth doing or is interesting

examples of security testing methodologies

OWASP (open source applications that assist the organizations to purchase, develop and maintain software tools), OSSTMM (peer reviewed high quality security tests), ISSAF (research, develop, publish, promote), EC council LPT (security auditing framework)

doxing

Publishing personally identifiable information about an individual collected from publicly available databases and social media.

vulnerability

existence of weakness, design or implementation error that can lead to an unexpected event compromising the security of the system

black hats (crackers)

extraordinary skills who perform malicious and destructive activities, criminal activities

TCP header flags

URG - data contained in the packet should be processed immediately PSH - sends all buffered data immediately ACK - acknowledges the receipt of a packet FIN - there will be no further transmissions RST - resets a connection SYN - initiates a connection between hosts

exploit

a breach of IT system security through vulnerabilities

ethical hacking skills - non technical

ability to learn, strong work ethics, committed to organizations security policies, awareness of local standards and laws

hacking phases - Passive Reconnaissance

acquiring information without directly interacting with the target (search public records, news releases, trash, social media)

hacking phases - clearing tracks

activities carried out by an attacker to hide malicious acts intentions can include: continuing access to the victims system, remaining unnoticed and uncaught, deleting evidence that might lead to his prosecution attacker overwrites the server, system and application logs to avoid suspicion

misconfiguration attacks

affect web servers, application platforms, databases, networks, frameworks that may result in illegal access or possible owning of the system

monitoring using alerts

alerts are the content monitoring service that provide up to date information based on your preference usually via email

Idle/IP Scan

every IP packet on the internet has a fragment identification number, OS increases the IPID for each packet sent, probing gives an attacker the number of packets sent after the last probe a machine that receives an unsolicited SYN/ACK packet that will response with an RST, unsolicited RST will be ignored

location

finds information for a specific location

hacking phases - scanning (pre attack phase)

attacker scans the network for specific information on the basis of information gathered during reconnaissance

ACK flag probing

attacker send TCP probe packets with ACK flags set to a remote device and then analyze the header information of received RST packets to find out if the port is open or closed if TTL value of RST packet on a port is less than the boundary value of 64, the port is open if WINDOW value of RST packet on a port has a non zero value, the port is open

TCP flag scanning

attacker send TCP probe packets with a TCP flag set or with no flags, no response implies that the port is open while RST means the port is closed

hacking phases - maintaining access

attacker tries to retain ownership of the system attackers may prevent the system from being owned by other attackers by securing their exclusive access with backdoors, rootkits or trojans attackers can upload, download or manipulate data, applications, and configurations on the owned system attackers can use the compromised system to launch further attacks

shrink wrap code attack

attackers exploit default configuration and settings of the off the shelf libraries and code, easier and cheaper

application level attacks

attackers exploit the vulnerabilities in applications running on organizations information system to gain unauthorized access and steal or manipulate data flash player buffer overflow, cross site scripting, SQL injection, man in the. middle, session hijacking, DOS

operating system attack

attackers search for vulnerabilities in an operating system's design, installation or configuration and exploit them to gain access to a system (buffer overflow vulnerabilities, bugs in the system, unpatched operating system)

location of target

attackers use google earth to get the physical location of the target

IP address spoofing

changing source IP addresses so that the packet appears to be from someone else

Nmap ACK scan

check the filtering system of target sends an ACK probe packet with a random sequence number, no response implies that the port is filtered and RST response means that the port is not filtered

scanning tools - HPING

command line network scanning and packet crafting tool for the TCP/IP protocol used for network security auditing, firewall testing, manual path MTU discovery, advanced trace route, remote OS fingerprinting, remote uptime guessing, TCP/IP stacks auditing' hping3 -l 10.10.10.10 hping3 -S 10.10.10.10 -p 80 -c 5 hping3 -A 10.10.10.10 -c 5 -p 80 (if you get a response the port is open) hping3 -8 90-100 -S 10.10.10.10 -V

white box

complete knowledge of the infrastructure that needs to be tested

nmap connect scan

detects when a port is open after completing the three way handshake establishes a full connection and tears it down by sending an RST packet doesn't require the super user privileges

objectives of network scanning

discover live hosts, operating systems, services running on hosts, vulnerabilities in live hosts

cache

displays the web pages stored in the google cache

motives behind security attacks

disrupting business continuity, manipulate data, create fear, financial loss to target, propagate religious or political beliefs, damage reputation, revenge, ransom

state sponsored hackers

employed by governments to penetrate and gain top secret information

penetration testing best practices

establish parameters, appoint a legal penetration tester, suitable set of tests, follow methodology with planning, document results

red team

ethical hackers perform penetration tests on an information system with no or very limited access to the internal resources with or without warning detect network and system vulnerabilities and check security for an attacker's perspective

attacks = equals

motive, method, vulnerability

hacking phases - scanning (port scanner)

include use of dialers, port scanners, network mappers, ping tools, vulnerability scanners

network threat examples

info gathering, sniffing, eavesdropping, spoofing, session hijacking, man in the middle, DNS and ARP poisoning, password based attacks, DOS, compromised key attack, firewall and IDS attacks

hacking phases - reconnaissance

initial preparation phase where an attacker seeks to gather information before launching an attack easier to enter when target is known on a broad scale target range may include organizations clients, employees, operations, network, systems

hacking phases - Active Reconnaissance

interacting with the target directly by any means ( telephone calls or technical department, emails, calls)

daisy chaining

involves gaining access to one network and or computer and then using the same information to gain access to multiple networks and computers that contain desirable information

ethical hacking

involves the use of hacking tools, tricks and techniques to identify vulnerabilities so as to ensure system security simulating techniques used by attackers to verify the existence of exploitable vulnerabilities in the system security perform security assessment of their organization with the permission of concerned authorities to find existing vulnerabilities before attacker

ethical hacking

is necessary as it allows counter attacks from malicious hackers by anticipating methods used by them to break into a system

objectives of foot printing

know security posture, reduce focus area, identify vulnerabilities, draw network map

ethical / legal issues

legal issues for tools in offensive testing (CFAA, unlawful act to stored communications, state and international laws) private data exposed in testing process (cloud customer, provider, third party) unforeseen service downtime/breakage hacking with malicious intent vs ethical hacking

grey box

limited knowledge of the infrastructure that needs to be tested

related

lists web pages that are similar to a specified web page

link

lists web pages that have links to the specified web page

hacking phases - scanning (extract information)

live machines, port, port status, OS details, device type, system uptime, to launch attack

host threats examples

malware, foot printing, profiling, password attacks, DOS, arbitrary code execution, unauthorized access, privilege escalation, backdoor attacks, physical security threats

security testing / pen testing methodology

methodological approach to discover and verify vulnerabilities in the security mechanisms of an information system, enabling administrators to apply appropriate security controls to protect critical data and business functions

website fingerprinting

monitoring and analyzing the target organization's website for information burp suite, paros proxy, website informer, firebug

hacking phases - gaining access

point where the hacker gains control over the operating system or application on the computer or network gain access at the operating system level, application level or network level attacker can escalate privilege to obtain complete control of the system. in the process intermediate systems that are connected to it are also compromised password cracking, buffer overflow, DOS, session hijacking

phases of penetration testing

pre attack phase, attack, post attack

info

presents some information that google has about a particular web page

reasons why organizations recruit ethical hackers

prevent hackers form gaining access to system, uncover vulnerabilities, analyze and strengthen an organizations security posture including policies, preventative measures, safeguard customer data, enhance security awareness

hacktivists

promoting political agendas, traditionally by defecting or disabling the websites or extract info from websites

motive or objective

reason an attacker focuses on a particular system the target system stores or processes something valuable and this leads to threat of an attack on the system

hacking phases

reconnaissance, scanning, gaining access, maintaining access, clearing tracks

network scanning

refers to a set of procedures used for identifying hosts, ports and services in a network one of the components of intelligence gathering which can be used by an attacker to create a profile of the target organization

phases of penetration testing - post attack

reporting, clean up, artifact destruction

nmap stealth scan

reseting the TCP connection between the client and server abruptly before completion of three way handshake signals, making the connection half open bypass firewall rules, logging mechanism, hide themselves as usual under network traffic process: SYN, SYN/ACK, RST, RST

inurl

restricts the results to documents containing the search keyword in the URL

intitle

restricts the results to documents containing the search keyword in the title

site

restricts the results to those websites in the given domain

allintitle

restricts the results to those websites with all of the search keywords in the title

allinurl

restricts the results to those with all of the search keywords in the URL

finding TLDs and sub-domains

search for the target company's external URL in a search engine such as Google subdomains provide an insight into different departments and business units in an organization you may find a company's subdomain by trail and error you can use sublist3r python script that enumerates subdomains across multiple sources at once

white hats (pent tester)

security analyst or individuals with hacking skills using them for defensive purpose

packet fragmentation

sending fragmented probe packets to the intended server which re assembles it after receiving all the fragments splitting of a probe packet into several smaller packets while sending it to a network TCP header is split into several packets so that the packet filters cannot detect what the packet intends to do

blue team

set of security responders perform analysis of a system to assess the efficiency of its controls, has access to all the organizational resources and information, detect and mitigate red team activities and surprise attacks

cyber terrorists

skilled individuals motivated by religious or political beliefs attacking on a large scale to create fear

source routing

specifying the routing path for the malformed packet to reach the intended server router examines the destination IP address and chooses the next hop to direct the packet to attacker makes some or all decisions on the router

method

technique or process used by an attacker to gain access to a target system

Nmap ping sweep

this is not port scanning since the ICMP does not have a port abstraction it is useful in determining which hosts in a network is up by pinging all of them nmap -P cert.org/24.12.123.0/16

script kiddies

unskilled hackers hacking and compromising systems using tools and scripts made by real hackers (use black hat tools)

proxy server

using chain of proxy server to hide the actual source of a scan and evade certain IDS/firewall restrictions

suicide hacker

who aim for destruction without worrying about punishment (bridge through systems)

grey hats

who work for offensive and defensive


Conjuntos de estudio relacionados

AP PSYCH CHAPTER 8- Motivation & Emotion

View Set

Art History Survey II Quiz Stuff

View Set

"First Aid- Chapter 23: Disaster, Remote, and Wilderness Emergencies"

View Set

Chapter 5: Competitive Rivalry & Competitive Dynamics

View Set

Chapter 6 Quiz: Development of the Person

View Set