Reliaquest Study Guide
common ports hacked in cyber attacks
20 and 21 FTP, 22 SSH, 23 Telnet, 25 SMTP, 80,81,8080,8181 HTTP(s)
What does a Trojan horse do?
A Trojan is made to look like a real file (system file most of the time) while it is executing malicious code
What is Metasploit?
A penetration testing tool used to automatically execute exploits against targeted systems. Metasploit uses a scripting language to allow the automatic execution of common attacks, saving testers (and hackers!) quite a bit of time by eliminating many of the tedious, routine steps involved in executing an attack.
How does the TCP three way handshake work?
A three-way handshake is also known as a TCP handshake or SYN-SYN-ACK, and requires both the client and server to exchange SYN (synchronization) and ACK (acknowledgment) packets before actual data communication begins. (SYN-SYN/ACK-ACK)
What does a virus do?
A virus can damage programs, delete files and reformat or erase your hard drive, spread itself amoung networks or through contacts, steal data on computers
Path traversal
Also resulting from improper protection of data that has been inputted, these webserver attacks involve injecting patterns into the webserver hierarchy that allow bad actors to obtain user credentials, databases, configuration files, and other information stored on hard drives.
What is the DMZ?
Demilitarized Zone: - Subnetwork that contains an organization's external services, accessible to the internet. - Deploys external / internal firewall - External protects DMZ, Internal protects internal network from attacks launched from DMZ
What does adware do?
Displays unwanted pop-up ads or other forms of advertising
How would you find and copy a file within the command prompt?
Go to the first directory using "cd /" and type "dir 'file' /s /p"
OSI Physical Layer
Handles the transmission of bits over a communications channel Includes voltage levels, connectors, media choice, modulation techniques
what is IPS?
Intrusion Prevention System - a form of network security that works to detect and prevent identified threats.
Where do you find logs in Linux
Linux log files are stored in plain-text and can be found in the /var/log directory and subdirectory.
Name all layers of the OSI model
Physical Layer. Data Link Layer. ... Network Layer. ... Transport Layer. ... Session Layer. ... Presentation Layer. Application Layer.
What is port scanning?
Port scanning is process of sending messages in order to gather information about network, system etc. by analyzing the response received.
what are some common ports and their protocols?
Ports 20 and 21: File Transfer Protocol (FTP). ... Port 22: Secure Shell (SSH). ... Port 25: Simple Mail Transfer Protocol (SMTP). ... Port 53: Domain Name System (DNS). ... Port 80: Hypertext Transfer Protocol (HTTP). Port 443: HTTPS
What is Wireshark?
Protocol analyzer, packet sniffer, packet analyzer.
OSI Presentation Layer
Responsible for "final presentation" of data (code conversions, compression, encryption)
what is snort?
SNORT is a powerful open-source intrusion detection system (IDS) and intrusion prevention system (IPS) that provides real-time network traffic analysis and data packet logging. SNORT uses a rule-based language that combines anomaly, protocol, and signature inspection methods to detect potentially malicious activity
What is a SIEM?
Security information and event management; centralized management of information and events regarding the devices on a network, including logs and other security-related documentation.
OSI Session Layer
Sets up and manages sessions ('conversations') between network nodes/users. Manages Ports
(Windows) How would you browse directories, list users, processes, etc.?
Similar to linux, windows command prompt uses cd for the current directory but instead of using ls, it uses dir to list the contents inside of the directory. to list users type "net user" to list processes, type "tasklists"
What are the different types of firewalls?
Software and Hardware Firewalls packet filtering firewall. - network layer, most basic, check data packet for IP, protocol, source port, and destination against predefined rules. circuit-level gateway- keep track of TCP sessions and similar ot packet filtering, works on session layer. stateful inspection firewall- creates a table to keep track of active connections and drop packets that are not routing within the table. Create its own rules to allow expected network traffic instead of being predetermined. application-level gateway (aka proxy firewall) Acts as a guard where connections have to be established with the proxy before it is forwarded to the internal device. next-generation firewall (NGFW)- combination of previous firewalls
What are a few examples of SIEMs?
SolarWinds Security Event Manager. Micro Focus ArcSight ESM. SolarWinds Threat Monitor. Splunk Enterprise Security. LogRhythm NextGen SIEM. IBM QRadar. AlienVault Unified Security Management. Sumo Logic.
How should IDS and IPS be deployed?
The IPS sits behind a firewall adding an extra layer of security while an IDS is deployed on devices throughout the network.
What is a SSL Handshake?
The SSL or TLS handshake enables the SSL or TLS client and server to establish the secret keys with which they communicate. Using public keys
OSI Network Layer
The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
what are the differences between routing and switching
The function of Switching is to switch data packets between devices on the same network (or same LAN - Local Area Network). The function of Routing is to Route packets between different networks (between different LANs - Local Area Networks).
OSI Application Layer
The seventh layer of the OSI Model which provides services directly to the user and allows the user to use the network. Where applications access network services.
What does rootkits do?
The whole purpose of a rootkit is to protect malware. Think of it like an invisibility cloak for a malicious program.
SQL Injection (SQLI)
This happens when a hacker submits destructive code into an input form. If your systems fail to clean this information, it can be submitted into the database, changing, deleting, or revealing data to the attacker.
Local File Inclusion
This relatively uncommon attack technique involves forcing the web application to execute a file located elsewhere on the system.
What is TCP & UDP
Transmission Control Protocol TCP is a connection-oriented protocol, whereas User datagram protocol UDP is a connectionless protocol. A key difference between TCP and UDP is speed, as TCP is comparatively slower than UDP. Overall, UDP is a much faster, simpler, and efficient protocol, however, retransmission of lost data packets is only possible with TCP.
How would you browse directories, list users, processes, etc.?
Use LS to list directory, and use cd to change the current directory you are in or just type cd to go to the default directory. you can use ./ to go back a directiory or even ../ to go back two directories. If there is a specific path then users can type "cd (path)" to be taken there. to list users type "cat etc/passwd". You can use other texts editors too like nano or vim. to list processes type "ps , top , htop , and atop"
What is the purpose of Kali Linux?
Vulnerability and Penetration testing pre installed applications.
what are web based attacks?
When criminals exploit vulnerabilities in coding to gain access to a server or database, these types of cyber vandalism threats are known as application-layer attacks.
Where are the windows system logs located?
Windows stores event logs in the C:\WINDOWS\system32\config\ folder
What does a worm do?
Worms can modify and delete files, and they can even inject additional malicious software onto a computer. Sometimes a computer worm's purpose is only to make copies of itself over and over
what is bro? (now Zeek)
Zeek, formerly known as Bro, is an open-source software framework for analyzing network traffic that is most commonly used to detect behavioral anomalies on a network for cybersecurity purposes. (IDS)
what does zombies do?
a zombie is a computer connected to a network that has been compromised by a hacker, a virus or a Trojan. It can be used remotely for malicious tasks.
what is Pfsense Firewall
fSense is a free and open source operating system for routers and firewalls. example of software firewall
What role does SIEM play in Security Operations?
offers real-time monitoring and analysis of events as well as tracking and logging of security data for compliance or auditing purposes. Combines if integrated IDS and IPS to improve overall security.
What are some common Linux commands
pwd command. cd command. ls command. ... cat command. ... cp command. ... mv command. ... mkdir command. ... rmdir command. clear ping ifconfig
o How would you find a copy a file within the terminal?
"find [where to look] -name "name of file" -type (f or d)
What is IDS?
- intrusion detection system - it reports attacks against monitored systems/networks
What is Burp Suite?
Burp Suite is an integrated platform/graphical tool for performing security testing of web applications.
What are some basic Windows commands
Networking Information (ipconfig) ... List Hardware Information (systeminfo) ... Check if Server is Reachable (ping) ... List Currently Running Tusk (tasklist) clr (clear) dirlist directory content echo (repeat text)
what is nmap
Nmap is a network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.
OSI Data Link Layer
OSI model protocol responsible for making the rules for gathering and completing all the elements that make up a data frame and putting the whole thing together so that it can be passed to a Physical-layer device and on to the network?
OSI Transport Layer
OSI model protocol responsible for splitting packet data that are too large for lower-level protocols in to two or more packets. This protocol also ensures that packets reach their destinations intact and will resend them if not. Determines TCP or UDP
What does spyware do?
Spyware is any software that installs itself on your computer and starts covertly monitoring your online behavior without your knowledge or permission.
Stateful vs Stateless
Stateful firewalls are capable of monitoring and detecting states of all traffic on a network to track and defend based on traffic patterns and flows. Stateless firewalls, however, only focus on individual packets, using preset rules to filter traffic.
Distributed Denial of Service (DDoS) attacks
Such destructive events happen when an attacker bombards the server with requests. In many cases, hackers use a network of compromised computers or bots to mount this offensive. Such actions paralyze your server and prevent legitimate visitors from gaining access to your services.
What is Suricata?
Suricata is an open source-based intrusion detection system and intrusion prevention system.
Cross-site scripting (XSS)
That involves an attacker uploading a piece of malicious script code onto your website that can then be used to steal data or perform other kinds of mischief. Although this strategy is relatively unsophisticated, it remains quite common and can do significant damage.
Examples of Malware
viruses, worms, trojan horses, rootkits, spyware, adware, and zombies
Vulnerability scanning vs vulnerability sweeping
vulnerability scanning looks for any open ports available while vulnerability sweeping scans specific ports to see the status of those ports.