Module 02: Threat Management and Cybersecurity Resources
Steps to penetration testing:
1. The threat actors first conduct reconnaissance against the systems, looking for vulnerabilities. 2. When a path to a vulnerability is exposed, they gain access to the system through the vulnerability. 3. Once initial access is gained, the threat actors attempt to escalate to more advanced resources that are normally protected from an application or user. 4. With the advanced privileges, the threat actors tunnel through the network looking for additional systems they can access from their elevated position 5. Threat actors install tools on the compromised systems to gain even deeper access to the network. 6. Threat actors may install a backdoor that allows them repeated and long-term access to the system in the future. The backdoors are not related to the initial vulnerability, so access remains even if the initial vulnerability is corrected. 7. Once the backdoor is installed, threat actors can continue to probe until they find their ultimate target and perform their intended malicious action, such as stealing R&D information, password files, or customer credit card numbers.
fusion center
A formal repository of information from enterprises and the government used to share information on the latest attacks.
Which of the following requires a carrier to be infected with a file-based virus?
A human to transfer these files from an infected computer
Center for Internet Security (CIS)
A nonprofit community-driven organization.
Cloud Controls Matrix
A specialized framework (meta-framework) of __________-specific security controls.
SSAE SOC 2 Type III
A standard for reports on internal controls that can be freely distributed.
Common Vulnerabilities and Exposures (CVE)
A tool that identifies vulnerabilities in operating systems and application software.
Penetration testing
A type of ________ that attempts to exploit vulnerabilities just as a threat actor would.
threat feeds
Cybersecurity data __________ that provide information on the latest threats.
sentiment analysis
The process of computationally identifying and categorizing opinions, usually expressed in response to textual data, in order to determine the writer's attitude toward a particular topic.
What is the sequence of the rules of engagement during a penetration testing attack?
Timing, scope, authorization, exploitation, communication, clean up, reporting
The following are Service and OS Fingerprinting tools
Xprobe2 Queso Nmap p0f Httprint Amap Winfingerprint
lateral movement
____________ through a network looking for additional systems threat actors can access from their elevated position.
Common Vulnerability Scoring System (CVSS)
A numeric rating ____________ of the impact of a _________________________<--(word meaning susceptibility)_.
pivot
Turning to other systems to be compromised.
fileless viruses
malware that leverages LOLBins running on the operating system to perform malicious activities like lateral movement, privilege escalation, evasion, reconnaissance, and the delivery of payloads.
vulnerability scan V.S. penetration test
vulnerability scan and a penetration test are similar. both should be conducted following a data breach, the launch of a new application, or a major change to the network. A vulnerability scan is continuous so it may only need to focus on the new application or change to the network.
NIST Cybersecurity Framework (CSF)
A measuring stick against which companies can compare their __________________________ practices relative to the threats they face.
persistence
A process in which a load balancer creates a link between an endpoint and a specific network server for the duration of a session.
framework
A series of documented processes used to define policies and procedures for implementation and management of security controls in an enterprise environment.
SSAE SOC 2 Type II
A standard for reports on internal controls report that reviews how a company safeguards customer data and how well those controls are operating.
ISO 31000
A standard that contains controls for managing and controlling risk.
ISO 27001
A standard that provides requirements for an information security management system (ISMS).
Security Orchestration, Automation, and Response (SOAR)
A tool designed to help ________________ teams manage and ______________ to the very high number of ________________ warnings and alarms by combining comprehensive data gathering and analytics in order to ________________<-(be done by AI) incident response.
Security Information and Event Management (SIEM)
A tool that consolidates real-time ________________ monitoring and ____________________ of ________________ ____________________ with analysis and reporting of ________________ ____________.
intrusive scan
A vulnerability ________ that attempts to employ any vulnerabilities which it finds, much like a threat actor would.
nonintrusive scan
A vulnerability ________ that does not attempt to exploit the vulnerability but only records that it was discovered.
non-credentialed scan
A vulnerability _________ that provides no authentication information to the tester.
ISO 27701
An extension to ISO __________ and is a framework for managing privacy controls to reduce the risk of privacy breach to the privacy of individuals.
Cloud Security Alliance (CSA)
An organization whose goal is to define and raise awareness of best practices to help secure __________ computing environments.
drones
An unmanned aerial vehicle (UAV) without a human pilot on board to control its flight.
Benchmark/secure configuration guides
Guidelines for configuring a device or software usually distributed by hardware manufacturers and software developers.
platform/vendor-specific guides
Guidelines that only apply to ________________ products.
What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas?
Requests for comments (RFCs)
cleanup
Returning all systems back to normal following a penetration test.
You are working on a contract with the external penetration testing consultants. You do not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation?
Scope
war driving
Searching for wireless signals from an automobile or on foot while using a portable computing device.
passive reconnaissance
Searching online for publicly accessible information.
questions about a vulnerability that can help in identifying which ones need early attention:
- Can the vulnerability be addressed in a reasonable amount of time, or would it take longer? - Can the vulnerability be exploited by an external threat actor, or would exploitation require that the person be sitting at a computer in a vice president's office? - If the vulnerability led to threat actors infiltrating the system, would they be able to pivot to more important systems, or would they be isolated? - Is the data on the affected device sensitive or is it public? - Is the vulnerability on a critical system that runs a core business process, or is it on a remote device that is rarely used?
credentialed scan
A ________ in which valid authentication ______________________, such as usernames and passwords, are supplied to the vulnerability ______________ to mimic the work of a threat actor who possesses these ___________.
adversary tactics, techniques, and procedures (TTP)
A database of the behavior of threat actors and how they orchestrate and manage attacks.
standard
A document approved through consensus by a recognized standardization body.
vulnerability scan
A frequent and ongoing process, often automated, that continuously identifies vulnerabilities and monitors cybersecurity progress.
NIST Risk Management Framework (RMF)
A guidance document designed to help organizations assess and ____________ __________ to their information and systems.
What is another name for footprinting?
Active reconnaissance
Log reviews
An analysis of ______ data.
reference architecture
An authoritative source of information.
war flying
An efficient means of discovering a Wi-Fi signal using drones.
configuration review
An examination of the software settings for a vulnerability scan.
you are assigned to scan all database servers for vulnerabilities, during which you find a bunch of vulnerabilities. What are the most appropriate parameters that you should consider while prioritizing the top vulnerabilities that need to be fixed?
Common vulnerability scoring system (CVSS) score and true positivity
Which of the following vulnerability scans are slower but can provide a deeper insight into the system by accessing a wider range of the installed software and examine the software's configuration settings and current security posture?
Credentialed vulnerability Scans
Which of the following malware types attacks the endpoint device; encrypts files, making them unreadable; and demands the user make payments to retrieve the files?
Cryptomalware (specific type of ransomware)
vulnerability feeds
Cybersecurity data __________ include that provide information on the latest vulnerabilities.
Which of the following standard/law focuses on protecting the financial non-public information?
GRAMM-LEACH-BILLEY ACT (GLBA)
ISO 27701 is an extension of which ISO framework
ISO 27001
The most basic cybersecurity tasks:
Identify, protect, detect, respond, and recover
Which of the following is NOT something that a SIEM can perform?
Incident response
user behavior analysis
Looking at the normal _________________ of __________ and how they interact with systems to create a picture of typical activity.
privilege escalation
Moving to more advanced resources that are normally protected from an application or user.
The following are Vulnerability Scanners
Nessus BurpSuite Acunetix SQLMap Vega __________________________ ______________
A threat actor has gained initial access to a system in the network by sending a spear-phishing email into the network that installed a virus. What sequence of actions should he perform to achieve repeated and long-term access to multiple systems in the network with a highly privileged account?
Perform privilege escalation, then lateral movement, and then perform backdoor installation
Threat hunting
Proactively searching for cyber ______________ that thus far have gone undetected in a network. When doing this task, one must assume that ____________ actors have already infiltrated the network.
Nessus
Produced by Tenable; the best-known and most widely used vulnerability scanner.
open source intelligence (OSINT)
Publicly accessible information.
false positive
Raising an alarm when there is no problem
Your supervisor wants to share a recent audit outside the organization. you warns him that this type of audit can only be read by those within the organization. What audit does your supervisor want to distribute?
SSAE SOC 2 Type II
What is the primary difference in the goals of vulnerability scanning and penetration testing, respectively?
To identify risks by scanning systems and networks; to gain unauthorized access and exploit vulnerabilities
Active reconnaissance
directly probing for vulnerabilities and useful information, much like a threat actor would do.
ISO 27002
A "code of practice" for information security management within an organization and contains 114 different control recommendations.
Payment Card Industry Data Security Standard (PCI DSS)
A compliance standard to provide a minimum degree of security for handling customer card information.
bug bounty
A monetary reward given for uncovering a software vulnerability.
European Union General Data Protection Directive (GDPR)
A regulation regarding data protection and privacy in the ________________ __________ and the ________________Economic Area (EEA).
Which of the following is NOT a characteristic of a penetration test?
Automated
Which of the following standards provide guidelines for hardening a Webserver?
Center for Internet Security (CIS)
During an external security audit, a gap was discovered: The company you work for does not have any framework or governing guidelines to define security defenses for protecting the operating systems, underlying services, and application software. Which framework or set of guidelines should you adopt to cover this gap?
Center of Internet Security (CIS) Benchmarks
maneuvering
Conducting unusual behavior when threat hunting.
Which type of control identifies a security risk that might be present in a policy, process, or procedure?
Detective
Footprinting and gathering information about the target is performed in which phase of penetration testing?
Discovery
Requests for comments (RFCs)
Documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas.
false negative
Failure to raise an alarm when there is a problem.
footprinting
Gathering information from outside the organization.
rules of engagement
Limitations or parameters in a penetration test.
The following are Port Scanners
Nmap Superscan Hping
you've installed a new application from a free software website that converts avi-formatted files into mpeg format. After installing the application, you noticed that new applications are automatically getting downloaded and installed on the computer. What kind of attack is your computer subjected to?
Spyware
regulations
Standards typically developed by established professional organizations or government agencies using the expertise of seasoned security professionals.
you've installed new meeting-scheduling software that automatically sends emails and reminders to the recipient's computer. you noticed that after installation, the software was also tracking other applications he accessed on his computer. What is this attack called?
Trojan
Which of the following is the target of an attacker in a server-side request forgery (SSRF)?
Web server
What is an attack on a NoSQL database compromised by data manipulation when the input is not sanitized by the application?
XML injection
The most common frameworks are from:
the National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), American Institute of Certified Public Accountants (AICPA), Center for Internet Security (CIS), and Cloud Security Alliance (CSA).
living-off-the-land binaries (LOLBins)
trusted, legitimate processes
