Cybersecurity 29

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

side note

Certificate issuers publish logs of the SSL/TLS certificates that they issue to organizations. This certificate transparency can be exploited by attackers and used to search for subdomains.

There are three primary types of penetration tests

no view, full view and partial view.

Active reconnaissance

when you directly engage with a target system. For example, running a port scan directly on a server.

Passive reconnaissance

when you try to gain information about a target's system and network without directly engaging with the systems.

Domain Hijacking

Alters registrar information in order to redirect traffic away from your DNS server and domain towards another destination.

DNS flooding

Overwhelms a server with malicious requests so that it cannot continue servicing legitimate DNS requests.

An engagement consists of five stages

Planning and Reconnaissance Scanning Exploitation Post Exploitation Reporting

side note

Regardless of the scenario, the main deliverable for pentesters is a report that summarizes their findings and recommendations for improvements.

side note

Search: site:megacorpone.com in the google search engine. This is a very basic subdomain enumeration task that yields a variety of MegaCorp One's subdomains. The file system shows up in the search results and we can see all the assets of the site. This gives an attacker a deeper understanding of the site's file structure.

Distributed reflection denial of service (DRDoS)

Sends requests from its own servers with a spoofed source address of the targeted victim, causing all replies to flood the target.

side note

The first form of contact is usually a kickoff call or meeting during which clients work with pentesters to determine the purpose and scope. During this stage, clients will: Clarify their needs and concerns and communicate which assets the business is most interested in protecting. This defines the purpose. Inform pentesters which machines and networks are off-limits and should not be targeted for attack. This defines the scope

side note

To conduct passive reconnaissance, pentesters can use the massive amounts of both useful and superfluous information that already exist on the web. For instance, there are many third-party tools that may have already scanned a system. A pentester can use these third-party tools to get information without engaging directly with a system.

Another useful OSINT tool is Shodan

a search engine that searches specifically for computers and machines connected to the internet. It scans the entire web and reports back all of its findings in the browser window.

DNSSEC

a set of protocols that use public keys and digital signatures to verify data throughout the DNS lookup and exchange process. It adds an extra layer of security during DNS transport.

OSINT

aims to gather publicly available information about a target

No view testing

also known as black box, simulates a hacker who has no prior knowledge of the target system and network. They are paid to learn and exploit as much as they can about the network using only the tools available to an attacker on the public internet.

Partial view testing

also known as grey box, is performed by the in-house system or network administrator.

Full view testing

also known as white box, is given full knowledge of the system or network. This knowledge allows them to tear apart subtle security issues on behalf of their clients. Full view pen testing is most appropriate when the client wants a detailed analysis of all potential security flaws, rather than all exposed and visible vulnerabilities.

A penetration test is often referred to as an

engagement

Recon-ng

framework that ingests a lot of popular OSINT modules, allowing the results of multiple tools to be combined into a single report.

Google hacking, also known as Google dorking

is a technique that uses Google for OSINT and to discover security holes in a website's code.

the first step to executing any attack

is performing reconnaissance

pen testing or ethical hacking

is the offensive security practice of attacking a network using the same techniques that a hacker would use, in an effort to identify security holes and raise awareness in an organization.


Set pelajaran terkait

Foundations Exam 2 Chapter 16 PrepU

View Set

Med Surg Ch. 36 HIV/AIDS patient management

View Set

NA23- Patterns & General Rules 1

View Set

Investment Company Securities KM

View Set

Insurance License: Georgia Rules and Codes Pertinent to Life and Accident & Sickness Insurance Only

View Set

Advanced Formatting (Excel 2016)

View Set

Personal Finance 2 Variable earnings, Sources of Income, Financial Literacy: Net Pay vs Gross Pay, employee benefits, employee benefits

View Set

Business Law Chapter 4: Administrative Law

View Set