ITN Module 4
competitive intelligence
A means of gathering information about a business or an industry by using observation, accessing public information, speaking with employees, and so on
piggybacking
A method attackers use to gain access to restricted areas in a company. The attacker follows an employee closely and enters the area with that employee
zone transfer
A method of transferring records from a DNS server to use in analysis of a network is uses the dig command
web bug
A small graphics file referenced in an <IMG> tag, used to collect information about the user. This file is created by a third-party company specializing in data collection
phishing
A social engineering attack carried out by email--for example, a message containing a link to fake Web sites intended to entice victims into disclosing private information or installing malware
shoulder surfing
A technique attackers use; involves looking over an unaware user's shoulders to observe the keys the user types when entering a password.
cookie
A text file containing a message sent from a Web server to a user's Web browser to be used later when the user revisits the Web site
spear phishing
A type of phishing attack that targets specific people in an organization, using information gathered from previous reconnaissance and footprinting; the goal is to trick recipients into clicking a link or opening an attachment that installs malware
Footprinting
Gathering information about a company before performing a security test or launching an attack; sometimes referred to as "reconnaissance."
dumpster diving
Gathering information by examining the trash that people discard
POST
HTTP command that allows data to be posted (i.e., sent to a Web server)
HEAD
HTTP command that is the same as the GET method, but retrieves only the header information of an HTML document, not the document body
OPTIONS
HTTP command that requests information on available options
PUT
HTTP command that requests that the entity be stored under the Request-URI
DELETE
HTTP command that requests that the origin server delete the identified resource
GET
HTTP command that retrieves data by URI
TRACE
HTTP command that starts a remote Application-layer loopback of the request message
CONNECT
HTTP command used with a proxy that can dynamically switch to a tunnel connection, such as Secure Sockets Layer (SSL)
Spidering or Crawling
Programmatically following every link on a Web page
social engineering
Using an understanding of human nature to get information from people
Plug-n-hack
What ZAP feature automatically edits the configuration of a Web browser to direct traffic through ZAP proxy. This allows the ZAP tool to intercept and manipulate traffic sent between your Web browser and the target Web server.
Google, Zed Attack Proxy, Whois, Domain Dossier , and dig and netcat command
What are some examples of reconnaisance tools?
High, Medium, Low, or informational
What are the four levels of vulnerability risks?
Start of Authority (SOA) record
What do you look for when determining a company's primary DNS server
information on company's IP addresses and other domains the company might be a part of
What does WHOIS display
persuasion, intimidation, coercion, extortion, and blackmail
What generalized methods are used by social engineers
email addresses
What information is extremely useful for digging for more information. In companies, these often show patterns for determining more
reconnaissance
What is another word for footprinting?
Company websites
Where do attackers often begin their information gathering?
Alerts tab in an HTML report
Where will possible vulnerabilities be located after an Active scan on ZAP and in what form
Active footprinting
footprinting where you are prodding the target network in ways that might seem suspicious to network defenders. This includes things like port scans, DNS zone transfers, and interacting with a target's Web server
at least 7
how many times should the software "disk cleaning" be used before being discarded
Passive footprinting
nonintrusive footprinting where you aren't accessing information illegally or gathering unauthorized information with false credentials. With this, you are not even engaging with the remote systems, but rather attempting to glean information about your target from other sources. These activities are likely to go unnoticed
Quid pro quo, urgency, status quo, kindness, and position
what are 5 techniques social engineers use to gain more information
Active Scan
what feature of ZAP sends the Web server a series of requests designed to identify vulnerabilities
