Labs for Quiz 1 Vargas
The default root user account was removed from Kali in the 2020.1 release.
true
one can download 64-bit, 32-bit and Apple M1 versions of Kali.
true
some very small differences do exist between the registries of the different Windows versions
true
the .ISO contains all of the files needed to install an operating system
true
there are third party utilities that also allow one to edit and manage the Windows Registry, such as RegCool and RegAlyzer
true
values of the REG_BINARY type contain raw binary data and are displayed in hexadecimal format
true
verifying the SHA256 sum of the downloaded file does NOT mean that the file has not been trojanized.
true
when creating VM's, we change GW ENTERPRISE B50 LAB to the computer's D: Drive.
true
whenever an application or peripheral is installed on a system, related entries are added in a specific location in the Windows Registry. The Registry entry is then accessed by the operating system, as needed.
true
while Registry Editor is the default application used to view and make changes to the Registry, it is not the Registry itself.
true
REG_MULTI_SZ
- Data entries that comprise multiple text strings - Commas or spaces separate the strings, and two null characters (which the registry editors do not display) terminate the entry.
Each hive contains a ________ ____
registry tree
MAC address policy options
• Include all network adapter MAC addresses • Include only NAT network adapter MAC address (default) • Generate new MAC addresses for all network adapters o Assigns a new MAC address to each network card. This is the best option when both the source VM and the copy must operate on the same network
How to turn off windows updates
• Open an elevated Command Prompt (CMD) or PowerShell session • Type 'sconfig' and press Enter • Select option 5 and press Enter • Select 'M' (for Manual updates) and press Enter o One would select 'A' to automatically download and install updates or 'D' for download only • Select '15' and press Enter to exit to the command line
Minimum requirements for installing Kali
• Processor: i386, amd64, or ARM platform • Disk Space: Minimum of 20 GB • Memory (RAM): Minimum of 1GB (2GB or more is recommended) • CD-DVD Drive / USB boot support / VirtualBox
Ways to shutdown Kali
- Via the GUI - Click on the circle icon in the top right of the desktop - Via the CLI - At the command line, enter the command 'sudo shutdown -h now':
REG_SZ
- fixed-length text strings. Most of the entries that use this type are either Boolean or have short text string values. - This data type is common and probably arises almost as frequently as the REG_DWORD type.
bootloader
- the first program started by the BIOS/UEFI - loads the Linux kernel into memory and then executes it.
REG_DWORD
- two 16-bit words, making the value 32 bits. - the most common data type in the registry. Entries of this type contain device driver information, Boolean values, quantities (e.g., the number of seconds that can elapse before something happens or doesn't happen), and other assorted information.
OVF file extensions
.OVA, .OFV
How to enable root
1. As the CLI, run the command 'sudo su' 2. Enter the appropriate password 3. Run the command 'passwd root' 4. Enter and then reenter the password one wants for the root account 5. Log out and log back in as root
two ways to delete a powered off VM (one cannot delete a running VM):
1. Select the VM on the right panel of the VirtualBox Manager, select the "Machine" menu item and select 'Remove 2. Right click on the VM from the right panel and select 'Remove' from the dropdown menu
There are _ Windows 10 hives
5
GNOME
A common desktop environment.
KDE Plasma
A common desktop environment.
Xfce
A desktop environment is a variety of components that provide the GUI
Subkey (registry key)
A folder within a subfolder. Subkeys may, in turn, contain other subkeys.
Key (registry key)
A subfolder
Sysinternals Process Monitor (Procmon)
A way to confirm that the registry is constantly being referred to by windows.
When a user logs in, their credentials must match those saved in ______ _________
Active Directory
Sections under view in regedit menu
Address Bar Split Display Binary Data Refresh Font
Manual (Kali guided option)
Allows for greater flexibility by allowing the user to choose the purpose and size of each partition. This mode is required for software RAID configurations. This option is meant for experienced users because it presents more granular options
Bare Metal
Allows one to download a .ISO file that one uses to install Kali directly onto computer hardware, as opposed to running it as a guest virtual machine - Can also be used to create VM's
ARM (Kali)
Allows one to install Kali on computers with ARM chips.
Everything (Kali)
An all-packages-in-one solution.
Using load hive ex
Another reason for doing this would be to change a particular part of the Registry on a remote system. For example, if you needed to repair an area of the Registry, you could load the related hive file into the Registry of another machine and then repair the problem on the remote machine.
REG_EXPAND-SZ
Applies to entries that include one or more variables that an OS service or an application needs to resolve. The variables are the same variables one uses in batch files and scripts (e.g., \%systemroot%, \%username%).
Separate /home, /var, and /tmp partitions
Appropriate for servers and multi-user systems. It divides the file tree into many partitions. In addition to the root (/) and user accounts (/home) partitions, it also creates partitions for server software data (/var) and temporary files (/tmp). These divisions have several advantages. For example, users cannot lock up the server by consuming all available hard drive space (they can only fill up /tmp and /home). Also, daemon data (especially logs) can no longer clog up the rest of the system.
Registry values
Are instructions that are located within Registry keys (folders that contain more data), all within one of several Registry hives (main folders that categorize all the data in the Registry using subfolders).
Save the machine state
Because it saves the system's 'state', when one restarts the VM, it will continue from where it left off if there was any activity on the system.
Cancel
Cancels the operation and nothing is deleted.
HKEY_CURRENT_USER (HKCU)
Contains configuration information for Windows and software specific to the currently logged in user
HKEY_CLASSES_ROOT (HKCR)
Contains file extension association information, as well as a programmatic identifier (ProgID), Class ID (CLSID), and Interface ID (IID) data. Contains the necessary information for Windows to know what to do when it is asked to do something, such as, view the contents of a drive, or open a certain type of file, etc.
HKEY_LOCAL_MACHINE (HKLM)
Contains the majority of the configuration information for software installed, as well as for the Windows operating system itself. In addition to software configuration data, it contains a lot of valuable information about currently detected hardware and device drivers
HKEY_USERS (HKU)
Contains user-specific configuration information for all "currently active" users on the computer. Currently active users are users logged in at the moment and any other users who have also logged in but have since "switched users."
Accessible dark contrast installer menu
Converts installations screens to black and white
.VHD
Created by Microsoft Windows Hyper-V
.VDI
Created by Oracle VirtualBox
.VMDK
Created by VMware
Install with speech synthesis (kali)
Designed for the blind, this option reads the text from the installation-menu out loud
Display binary data (regedit)
Display data in binary format (where possible)
Partitioning
Divides the physical hard disk into logical sections called "partitions". Hard drives are normally partitioned according to the type of data that is stored on them and the use for which the computer is intended
HKEY_CURRENT_CONFIG (HKCC)
Does not store any information itself, but instead acts as a pointer to the Registry key that keeps information about the hardware profile currently being used. Specifically, it shortcuts to the HKEY_LOCAL_MACHINE hive. More specifically, to that hive's \SYSTEM\CurrentControlSet\Hardware Profiles\Current\ Registry key. It is there that the information is truly stored.
Windows Domain-based networks require the special servers called ______ __________
Domain Controllers
the 5 windows 10 hives
HKEY_CLASSES_ROOT (HKCR) HKEY_CURRENT_USER (HKCU) HKEY_LOCAL_MACHINE (HKLM) HKEY_USERS (HKU) HKEY_CURRENT_CONFIG (HKCC)
HKEY
Handle to Registry Key
Registry tree structure
Hive Key Subkey Value
Values that are present for selected adapters in the HKEY_LOCAL_MACHINE hive
IP Address Subnet Mask Default Gateway DNS Servers DHCP Server
Kali GNU/Linux
Immediately boots the user into Kali.
Sections under file in regedit menu
Import Export Load Hive Unload Hive Connect Network Registry Disconnect Network Registry Print Exit
hostnamectl | grep Kernel
In systemd based Linux distros like Kali, one can use the 'hotnamectl' command to display hostname and running Linux kernel version.
apt upgrade
Installs the newest versions of all packages currently installed on the system from the sources enumerated in "/etc/apt/sources.list". Packages currently installed with new versions available are retrieved and upgraded.
Containers (Kali)
Kali images for both the Docket and LXC/LXD platforms.
Files that can be used to create a VM
Live Image files (.ISO) Virtual Machine Image files (.VDI, VMDK, .VHD) Virtual appliance files (.OVA).
Storage on physical hard disk
Make sure that "Dynamically allocated" radio button is selected. This assures that the virtual machine's can grow and take space from the physical disk as files are added to the VM (applications, updates, etc)
Sections under edit in regedit menu
New Permissions Delete Rename Copy Key Name Find Find next
Virtual Machines (Kali)
One can download virtualized versions of Kali by selecting the option to the right of 'Bare Metal. If one selects this option, one is taken to a page that allows users to select from 64 and 32-bit versions of VMware and VirtualBox VMs.
Load Hive (regedit)
One may have to work with individual hive files. The most common reason for doing this is when one must modify a user's profile to correct an issue that prevents the user from accessing or using a system.
How to tell if guest additions is a required installation
One will not be able to increase the size of the VM's screen.
The ___ must be on and reachable for a workstation to join its Domain
PDC
Formatting
Prepares the selected partition to hold data by setting up a file system. The OS then uses the file system to locate data on the partition. In Linux, the default file system is ext4 (fourth extended file system)
Graphical install
Presents installation options via a GUI. The only difference between text-mode and graphical mode is in the visual appearance.
uname -r
Prints the kernel release.
the 5 main data types
REG_BINARY REG_DWORD REG_EXPAND-SZ REG_MULTI_SZ REG_SZ
The Windows Registry is accessed and configured using the ________ ______
Registry Editor
apt update
Resynchronizes the package index files from their sources. The indexes of available packages are fetched from the location(s) specified in "/etc/apt/sources.list"
Send the shutdown signal:
Same as pressing the power button on a real computer. This is the preferred shutdown option.
Guided - Use entire disk and set up LVM
Sets up LVM logical volumes instead of partitions.
How to change boot order in virtual box
Settings > System > Boot Order > select 'Hard Disk' and deselect the other selected options, which are usually 'Optical' and 'Floppy'.
cat /proc/version
Shows Linux kernel version with help of a special file.
Users in Active Directory Users and Computers
Shows someone all the users and groups in a domain
VM shutdown options
Shut down the OS from within the OS - via the GUI or CLI Select 'File' > 'Close' from VirtualBox Manager 'X' out from VirtualBox Manager
sddm
Simple Desktop Display Manager is the recommended display manager for KDE Plasma.
Hard disk file type
Since one will use this VM only in VirtualBox, select VDI (VirtualBox Disk Image) and click on Next. If one was creating the virtual machine for use with a hypervisor other than VirtualBox one would select one of the other listed options.
Separate /home partition
Splits the file hierarchy in two -- one partition contains the Linux system (/) and the second contains the user home directories under '/home'.
Power off the machine
Stops the VM without saving its state - equivalent to pulling the power plug on a real computer. Because it does not shut the VM down properly, it should be avoided as it may harm the guest.
Value (registry key)
The actual data within a folder. Each value has a name and data type, followed by a representation of the value's data.
File location
The default folder displayed shows the path where the VM will be stored and the name of the virtual machine file (in this case, 'Kali (ISO) .vdi'). One can change the default location in File > Preferences > General.
All files in one partition
The entire Linux system tree is stored in a single file system, corresponding to the root (/) directory. This simple and robust partitioning fits perfectly for personal or single-user systems. In actuality, two partitions will be created: the first will house the complete system, the second the virtual memory (swap)
Hive (registry tree)
The root folder
Guided - Use entire disk and set up encrypted LVM
The same as Guided - Use entire disk and set up LVM, but data is stored in an encrypted form using the Linux Unified Key Setup (LUKS) specification.
Account is disabled
This allows one to create the account but not immediately allow login. This option is also selected when one wants to disable the account of an existing user (i.e., before termination).
Hard disk
This is a very important step. The option selected here depends on type of source file. Since in this example the source is a .ISO file, one would select 'Create a virtual hard disk now'
Memory Size
This is the amount of memory that the VM will have available to it. The default memory size is usually insufficient so it is recommended that one at least double it
Machine Folder
This line displays where the folder for this VM will be created. Normally, there is no need to change this location unless one is using a different storage location.
User must change password at next logon
This option allows for the creation of a generic login for the user's first login attempt but the user will immediately be presented with a screen to select one's own password.
Delete all files
This option deletes the VM in VirtualBox's right panel including its folder in the file system. With this option, the VM is completely gone
User cannot change password
This option is usually set for generic accounts (i.e. receptionist) where one does not want the user to change the password.
Remove only
This option removes the VM from the left panel of VirtualBox but keeps its folder in the file system. As a result, one can re-add the VM to VirtualBox Manager.
file size
This setting can normally be left at its default, however, some Linux installations (i.e., Kali) will eventually generate a message that theirs is not enough disk space if one does so. If one sees this error, one must restart the installation and increase the default 'file size'.
Address Bar (regedit)
To add or remove the address bar.
Split (regedit)
To adjust the left and right sides of the screen.
Font (regedit)
To change the font, font style and/or size of the text that appears in the Registry.
Copy Key Name (regedit)
To copy the entire path of a key so that it can then be pasted into another document.
New (regedit)
To create a new Key, String Value, Binary Value, DWORD (32-bit) Value QWORD (64-bit) Value, Multi-String Value, or Expandable String Value.
Add to Favorites (regedit favorites tab)
To create shortcuts to frequently accessed areas of the Registry.
Remove Favorite (regedit favorites tab)
To delete any favorites.
Delete (regedit)
To delete keys and subkeys.
Disconnect Network Registry (regedit)
To disconnect from another computer's Windows Registry.
Mobile (Kali)
To download Kali NetHunter, an open-source penetration testing platform for Android devices. NetHunter allows for access to the Kali toolset from various supported Android devices.
Find Next (regedit)
To find the next instance of the keyword being searched for via 'Find'.
print (regedit)
To print portions of the registry to either paper or PDF.
refresh (regedit)
To redraw the screen.
Connect Network Registry (regedit)
To remotely connect to another computer's Windows Registry. One will have to provide the destination computer's name.
Rename (regedit)
To rename selected keys and subkeys.
Find (regedit)
To search for keywords in the Keys, Values and Data areas of the Registry.
unload hive (regedit)
To unload any loaded hives.
Permissions (regedit)
To view and/or change the permissions or any Registry entry
About Registry Editor (regedit help tab)
To view the version of Windows (not Registry Editor) one is operating.
Import (regedit)
Used to import .REG (Registration Files) files into the Windows Registry.
Export (Regedit)
Used to make a backup copy of the registry before editing settings. The file saved will have the .REG extension.
Live Boot (Kali)
Used when booting Kali as a live image/ISO
Installer (Kali)
Used when installing Kali onto a hard disk (physical or virtual). This is the option one will be selecting for this lab
NetInstaller (Kali)
Used when installing Kali over a network.
Advanced options for Kali GNU/Linux
Useful when troubleshooting, allows one to boot into previous versions of the Linux kernel in 'recovery mode'. If the kernel was never updated, on would see only one version of the kernel
WSL (Kali)
Version of Kali that can be run in Windows Subsystem for Linux (WSL) which allows one to run Linux on Windows, in an optimized container.
Cloud (Kali)
Version of Kali that can be run on one's AWS
Windows Registry
a collection of databases that contain the configuration settings for software programs, hardware devices, user preferences, and operating system configurations for a Windows operating system.
lightdm
a lightweight cross-desktop display manager (does not require a lot of memory).
hive
a logical group of keys, subkeys, and values in the registry that have a set of supporting files loaded into memory when the operating system is started or a user logs in.
Server Manager
a management console in Windows Server that helps sys admins provision and manage both local and remote Windows-based servers from the desktop, without requiring either physical access to servers, or the need to enable Remote Desktop protocol (RDP) for each server.
OVA file
a virtual appliance used by virtualization applications. It contains files used to describe a virtual machine and includes an .OVF descriptor file, optional manifest (.MF) and certificate files, and other related files.
How to launch registry editor
a. Entering the command 'regedit' at the Command Prompt b. Entering 'regedit' in the 'Search' box c. Entering 'regedit' in the 'Run' box from the Start menu
simple rules for dealing with the Registry
a. If one does not know what it is, do not mess with it! b. Always export one's settings (or the entire Registry database) before making Registry changes. c. Test configuration changes before they go live.
Methods to correct the error asking the user to boot off the CD:
a. System > Boot Order b. Storage > delete .ISO
Type 2 hypervisors (ex. virtualbox)
allow for the creation of guest operating systems that run on top of a computer's actual (host) operating system.
LVM
allows one to create "virtual" partitions that span over several disks. The benefits are twofold: - The size of the partitions are no longer limited by individual disks but by their cumulative volume - One can resize existing partitions at any time, possibly after adding an additional disk when needed.
Virtual memory, swap
allows the Linux kernel to store parts of the contents of RAM on the hard drive when there is insufficient RAM to hold all data. The items moved to swap are those that have been inactive for some time. While Linux can use either a swap file or swap partition (preferred) to accomplish this task, Windows operating systems use a swap file called "pagefile.sys", which is normally located at the root of the computer's C:\ partition. Data in swap is removed from the drive when the computer is rebooted
Registry Editor
an editing utility that is included with every version of Windows.
ISO file
an image of data that is used for distributing large file sets.
Weekly (Kali)
an untested image with the latest updates.
The integrity of the Registry is so important that any corruption can _____ the entire system.
brick
.REG files
contain keys and values that one wants to add to the system's Registry.
To be able to access the resources on a Windows Domain (shares, printers, etc), Windows computers must first be join the ______
domain
REG_BINARY
entries in which the data is raw binary data. This data type is used mostly for hardware-component information. Registry editors can display the data—and one can edit it—in either binary or hexadecimal format.
top 10 tools
i. aircrack-ng ii. hydra iii. nmap iv. wireshark v. burpsuite vi. john vii. responder viii. crackmapexec ix. metasploit-framework x. sqlmap
data type (value)
indicates what kind of data the value contains as well as how it is represented.
Guest additions are installed ______ a VM.
inside
The Windows 'set' command
is used to display, set, or remove cmd.exe environment variables.
Directory Services Restore Mode (DSRM).
is used with the DC suffers a critical failure and a repair or recovery procedure is required. This user and password are stored outside the directory database, allowing an Administrator to authenticate even if the directory database is not functional.
Time to download depends on _______ speed
network
Promoting a server to a Domain Controller (DC) will make the following changes to the server:
o Install a default Domain Database, populated with all of the default Domain objects. o Make the server a member of the new Domain. o Make the server the Primary Domain Controller (PDC) for the Domain and the Operations Master for the Domain and the Forest: § Domain Naming Master (Forest-wide) § Relative Identification (RID) Master (Domain-wide) § Infrastructure Master (Domain-wide) § Primary Domain Controller (PDC) and Time Master (Domain-wide) § Schema Master (Forest-wide) o Install the Global Catalog (GC) service. o Install Kerberos authentication services o Install a Domain Name System (DNS) server to support the use of SRV records used to locate AD DCs and services. o Install and configure Domain and Forest replication processes to synchronize AD objects with other DCs throughout the Domain and (potentially) DCs throughout the Forest. o Install the Lightweight Directory Access Protocol (LDAP) and related services. o Install and apply the Default Domain Group Policy and the Default Domain Controllers Group Policy. o Install a collection of AD administrative tools.
Open Virtualization Format (OVF)
open source standard for packaging and distributing VMs.
Preseeding
provides a way to set answers to questions asked during the installation process, without having to manually enter the answers while the installation is running.
One can view their Windows Domain from the command line by entering the command ___ ____
set user
Guest Additions
software packages that improve guest OS performance as well as add extra features.
Domain membership
state of trusting a third party, the domain controller, for identity and authentication information
commands to update Kali
sudo apt update sudo apt full-upgrade -y
Mount point
the directory tree that will house the contents of the file system on the selected partition.
gdm3
the recommended display manger for GNOME.
exit (regedit)
to exit regedit
. OVA files are normally saved in the Open Virtualization Format (OVF), a standard format that is used to package and distribute software that is run in virtual machines
true
.ISOs are single files that are images of an entire CD or DVD
true
.OVA files are supported by both VirtualBox and VMware, but one must convert the .OVA file into the .VHD format if it going to imported into Hyper-V
true
.REG files are text-based files that are typically used to make repairs to or save data from the Windows Registry. One can also use .REG files to add or change values in the Registry.
true
A component called the 'Domain Naming Master' verifies that the NETBIOS domain namespace chosen is unique within the currently accessible network environment and allows the option to adjust the NETBIOS domain namespace, as may be desired. Many Microsoft operating system components and applications use NETBIOS domain names (i.e., vargas) instead of fully qualified domain names (FQDNs) like 'vargas.com'.
true
Active Directory is the central database on a DC where the login credentials of all client computers, printers, and other shared resources in the network are stored.
true
All memory used by a VM is taken from a host
true
As long as one backs up the contents of the Registry, one can always revert back to the original if the changes do not work. One might also opt to create a 'restore point' in Windows before making any changes
true
At the first "Configure the network" screen, one is asked to enter a hostname for the system (the default is "kali").
true
At the second "Configure the network" screen, one is asked to enter the domain name for the system (which is optional).
true
Before proceeding with the installation of Active Directory, configure the server with a static IP address in the range used by VirtualBox's host-only mode
true
Both registry editors hide the terminating zero, so you don't need to think about it (unless you're writing a software application that manipulates the registry, in which case you must remember to pay attention to the terminating byte).
true
Loading and unloading hives affects only HKEY_LOCAL_MACHINE and HKEY_USERS, and you can perform these actions only when one of these root keys is selected
true
Confirm that one's Windows Server 2016 VM is configured for host only networking. It is important to note that this configuration will result in the generation of several errors during the installation process but it will be successful regardless.
true
Depending on the distribution, one may be able to shut down a Linux system from the CLI by running the command 'sudo shutdown -h now'
true
Directory services may include billions of different objects
true
From the members screen in a domain group, one can add additional accounts to the Domain Admin group by clicking on 'Add...' and repeating the above process.
true
HKEY_CURRENT_CONFIG exists for convenience. It is easier to access the data in the other Registry key - to view and modify it, by just going to HKEY_CURRENT_CONFIG. Since they contain the same information and are always connected to each other, one can make changes in either location to get the same results.
true
Hyper-v must be disabled to use virtual box
true
If one gets a "No bootable medium found error" when the VM boots, the boot order was not properly altered and the 'Optical' option remains as a boot option.
true
If one is installing Kali directly on hardware instead of in a VM (which is rarely done), one must make sure that the system is set to boot off of the physical CD/DVD or USB port - wherever the installation ISO will reside. As a result, one may have to alter the boot order in the system's BIOS/UEFI.
true
If one is using last-snapshot, one will not receive updates until they are released with the next version of Kali for that year.
true
If one selects 'Export configuration settings' to save the PowerShell script locally, a file named "DeploymentConfigTemplate" will be saved to the Desktop.
true
If one wants to change any of the options selected, one would click on 'Previous' and return to the appropriate dialog to make the change. Also note that one can view and save a copy of the PowerShell script that would complete this AD DS promotion. It would allow one to deploy DCs by script, and with a consistent set of options.
true
If the server is not connected to the network, an "error" message will appear and the installation will stop until this is resolved. Also, if the server does not have a static IP address, the prerequisites check will also show a "warning". One may also see a "warning" that the delegation for a DNS server cannot be created, if the DNS server installed is not fully configured. If one sees" warnings" one can continue to install AD and make a note to fix the problems associated with the warnings later. If one sees an "error", one cannot continue with the Active Directory Domain Services installation until the error is corrected
true
If the source file is a .VMDK, .VDI, .VHD file, select 'Use an existing virtual hard disk file'.
true
If the source file is an .ISO, select 'Create a virtual hard disk now'.
true
If the source file was an already created VM (.VDI, .VMDK, .VHD) one would select 'Use an existing virtual hard disk file'.
true
In enterprise networks, permissions are usually assigned to groups instead of individual users
true
In order to automate the process as much as possible, the installer attempts an automatic network configuration via DHCP (for IPv4) and by IPv6 network discovery. If this fails, it offers more choices: try again with a normal DHCP configuration, attempt DHCP configuration by declaring the name of the machine, or set up a static network configuration (this last option requires an IP address, a subnet mask, an IP address for a potential gateway, a machine name, and a domain name)
true
In previous versions of Kali, the first user was always root
true
In the 'Enter the object names to select (examples):' box enter the phrase 'Domain Admins' and click on 'Check Names'. After 'Check Names' is pressed, the Domain Admins that was just entered will be underlined. If so, click OK
true
In the 'Ethernet Properties', one should configure the client's DNS server to be the IP address of the PDC
true
In the 'Ethernet Properties', one should configure the client's DNS server to be the IP address of the PDC. In this scenario, one is getting DNS information from the DHCP server in VirtualBox.
true
In the HKEY_LOCAL_MACHINE hive, IP configuration information is stored.
true
In the field of digital forensics, Type 2 hypervisors are usually the ones found on suspect machines.
true
In the lab, we installed Active Directory Domain Services' with management tools in Active Directory
true
In this class, to save storage space, we will not be running windows updates on our server 2016 VM.
true
In this course, we are using the Windows Server 2016 Standard Evaluation (Desktop Experience) version
true
It is best practice to ensure that all tools work before starting a penetration testing engagement and during the engagement one should not update
true
It is inadvisable to rename a Domain Controller once it is the member of a Domain
true
Kali automatically creates a Swap partition
true
Kali can be installed directly onto a hard drive, run inside a type 2 hypervisor or run from a flash drive or from a network
true
Kali's partitioning software has a 'guided' mode, which recommends partitions for the user to make.
true
The current version of Virtual Box is windows v6.1
true
Making changes to the values and keys using Registry Editor will change the configuration that a particular value controls
true
Not all modern Windows applications use the Windows Registry
true
OVA files can be created from existing VMs.
true
OVF allows for one to share VMs between different virtualization applications.
true
On disk, the Windows Registry is not one large file but many files organized into "hives"
true
On most systems, the installation of Guest Additions will be required
true
Once a VM is created, the boot order should be configured so the VM only boots off the virtual hard drive
true
One can double click on the user's name in the right pane if one wants to add a 'Description' for the user (ie job title) or other information
true
One of the main purposes of DCs is to authenticate network clients.
true
One of the most powerful groups in a Windows Domain is the "Domain Admin" group.
true
One will be notified that one must restart the computer to complete the process of joining the Windows Doman.
true
Only a network administrator, with the appropriate privileges, can add computers or shared resources to the domain
true
Rather than replacing the selected root key, the hive you are loading then becomes a subkey of that root key.
true
Registry editors display REG_DWORD entries in hex format, but one can switch to decimal or binary format (depending on the entry) when one needs to perform an edit
true
Server Manager opens each time the system is logged into.
true
Servers are not normally configured for DHCP but are instead statically configured.
true
Since no domains or forests currently exist, the Domain Controller (DC) that is about to be created will be the first DC in a new domain that will also create the first new forest.
true
Some Windows applications store their configurations in XML files instead of the Registry, and others are entirely portable and store their data in an executable file.
true
System state (log files, mail and printer spool directories, transient and temporary files) is under the '/var' directory which holds variable data, or data that changes often
true
The "Dhcp" that begins some names signifies that the information was received from the DHCP server as part of IP address assignment.
true
The 'MAC Address Policy' at the bottom of the screen allows one to specify how to retain network card MAC addresses.
true
The 'full-upgrade' option used in the command above removes packages, in addition to, installing and upgrading them.
true
The .OVF extension means that some files were written separately while an .OVA extension means that all the files were combined into one OVF archive.
true
The DSRM password is used to restore AD, if needed.
true
The Domain Name System (DNS) is hierarchical. If this domain namespace were a child domain namespace (i.e., support.vatg, consulting.vatg) one would connect the child namespace to its parent namespace (vargas) within the DNS. Since this is not the case, one cannot specify a DNS delegation.
true
The Forest and Domain Functional Levels dictate the AD DS feature set that will be available within the Forest and the Domain. They will also dictate the minimum version of the server OS used on any DC in the Forest and Domain.
true
The GC is like an index of all the objects within the Forest that allows one to quickly locate objects.
true
The HKEY_LOCAL_MACHINE (HKLM) is the most important hive because it contains hardware, software and security information
true
The IP address of the server will usually vary depending on how networking is configured but since we are using host-only, the first three octets will be '192.168.56.x".
true
The Live version of Kali provides a 'forensic mode' that allows one to boot off of a flash drive and run applications on a target hard drive without having to install the applications on the hard drive. One can also install Kali onto a hard drive from a Live version.
true
The SHA256sum that is displayed would be used to verify the integrity of the downloaded file.
true
The Windows Registry replaced autoexec.bat, config.sys, and nearly all of the .INI files that contained configuration information in MSDOS and in very early versions of Windows.
true
The automated install choice allows one to install Kali completely automatically by using preseeding, whose source can be entered after accessibility features get started.
true
The bootloader is a low-level program that is responsible for booting the Linux kernel just after the BIOS/UEFI passes off its control. To handle this task, it must be able to locate the Linux kernel to boot on the disk. On the i386 and amd64 architectures, the two most used programs to perform this task are LILO, the older of the two, and GRUB, its modern replacement. Isolinux and Syslinux are alternatives frequently used to boot from removable media.
true
The directory database, AD DS logging, and the SYSVOL directories can become busy. For security and performance reasons, in the real world, it may be desirable to place these on physical disks that are separate from the Windows OS
true
The entries in the "sources.list" file tell the system where to go to download programs for installation or upgrade. This file is used when adding or upgrading applications and updating one's system since it points to the system's software repositories
true
The notation SZ means String/Zero byte termination; the entries are terminated with a zero byte at the end (i.e., a zero is added to the end of the string).
true
The only way to verify that a download has not been trojanized is by verifying its digital signature.
true
There is no Linux equivalent of the Windows Registry. Instead, Linux configurations are kept in text files
true
To create the new domain user, right click on 'Users', select 'New' and then select 'User'
true
User configuration and state live in "dot files" (files and directories in the user's home directory that begin with a '.')
true
VirtualBox supports the use of pre-configured VMs. The source file's format depends on the hypervisor used to create the VM.
true
Virtualization must be enabled in BIOS/UEFI of a computer in order to create and run VMs
true
We installed Kali using the Bare Metal option
true
When applications do a lookup on any REG_MULTI_SZ entry, they receive the entire entry; applications can't ask for a specific string.
true
When at the select start-up disk screen, one should use the yellow folder icon on the bottom right to navigate to and select the .ISO source file and then press 'Start'
true
When one chooses the radio button of "domain", one will be prompted to enter credentials of a user that is authorized to join computers to the Windows Domain
true
When one is downloading the ISO image of Windows Server 2016, the file will be downloaded to the browser's default download location, but is highly recommended that one move it to a "VMs" folder on the Desktop
true
When one makes changes to nearly any setting, changes are also made to the appropriate areas in the Registry, though these changes are sometimes not realized until one reboots the computer.
true
When one selects a key, the top-right pane displays the key's values, which are the information associated with that key.
true
When retiring a system, one would first remove it from the Windows Domain. To do so, one would return to the 'Computer Name/Domain Changes' dialog, select the 'Workgroup' radio button, click 'OK', and follow the instructions.
true
When the mount point directory is named '/', it is known as the root of the file tree, and therefore the root of the partition that will actually host the operating system.
true
When you view or edit an entry of the REG_SZ type in regedit, the window that opens is titled String Editor. The regedit editing window displays the name of the value
true
Window's System Restore lets one restore a Windows system back to its last working state in cases where the system is experiencing problems. 'Restore points' are snapshots of the Windows system files, certain program files, Registry settings, and hardware drivers
true
Windows Domains will most likely have many DCs. Once logged into the client, one can see which DC the computer authenticated to by moving to the command line and entering the command 'echo %logonserver%'.
true
Windows Hyper-V does not support the use of .OVA files
true
Windows computers that are part of a Domain trust the domain controller for many tasks, including trusting the DC as the authoritative source of time.
true
With .OVA files, the login information is sometimes included in the description box of the VM.
true
With .VMDK/.VDI/.VHD files, since the VM was already created, one does not have to install the operating system. One will also inherit the configurations determined by the source file's creator (passwords, accounts, etc).
true
With virtual machines, disk partitioning is not required, and sometimes it is not possilble
true
a .OVA (Open Virtual Appliance) file is an OVF directory saved as an archive using the .tar archiving format. The file itself is a binary file.
true
each value has a name and (data) type and is followed by a representation of the value's data.
true
files that end in .7zip must be decompressed with the 7Zip compression utility.
true
if an attacker were to exploit a process running as root they will have complete control of the target system
true
m configurations are in text files under the '/etc' directory which holds system-wide configuration files and databases
true
once the VM has been created it is okay to delete the .ISO source file unless one expects to use it again
true
Password never expires
when this option is set the password for the user never expires and even overrides any policies in place for password expiration.
Install (kali)
will run the installation routine in text-mode. As a result, one must manually select all configuration answers.
Wireless downloads will take longer than ____ downloads
wired
