Cyber Attack Cycle

Ace your homework & exams now with Quizwiz!

What is Reconnaissance?

- the process of gathering information about a target - the best path to a target is identified - gathered information is studied for the attack - the focus should be on vulnerabilities that can be exploited with the least amount of effort

Crunch

- used to create wordlists for brute-force attacks - has an option to set a range of characters has an option to create a template for passwords

Secondary Delivery Goal

avoid detection and blocking by the victim and discovery of attacker-related information

Wordlist Generation

can be downloaded or generated using tools

Delivery Technique Examples

physical access social engineering direct communication malware

Google Advanced search - filetype:

search for a specific file type

Google Advanced search - site:

search in a specific website

Google Advanced search - inurl:

search in the URL

Google Advanced search - intext:

search in the page's text

Google Advanced search - intitle:

search in the page's title

Web App Attack Requirements

specific web app analysis is required

Primary Delivery Goal

successfully transmit a malicious payload from the attacker's machine to the victim's machine

Password Attack Requirements

wordlist generation is required

Google Dorking

- Google Hacking Database (GHDB) - vulnerabilities database that can be found with search commands - commands can be used to find vulnerabilities and collect information

Hydra

- a common and powerful tool for brute force attacks - supports attacks against SSH, FTP, etc - run from a command line or UI

Social Media

- a great source of information on various targets - people will often carelessly publish sensitive information - images, posts, locations, friends, colleagues, and relatives can all be found on it

Search Engines

- a type of passive reconnaissance - a great source of publicly available information - advances search capabilities can yield useful information

WHOis

- can provide useful information about domain names - presents lots of administrative and technical information

Robots.txt

- found in most websites - made for web crawlers to know which paths to index and which not to index - can be used to reveal restricted paths on a server

Delivery Basics

- getting the malicious object to the victim's machine - detection and protection systems need to be bypassed - the method must be chosen carefully - based on information gathered during reconnaissance

Exploitation Basics

- implemented after successful delivery - involves active hacker participation - an exploitable vulnerability must exist - includes steps taken to avoid detection

Cywar Platform

- on demand, self paced learning environment - provides hand's on, scenario based challenges that are updated in real-time - keeps track of account performance

Nmap and Zenmap

- open source network scanners that can be used via CLI or GUI - scan open ports on a device - both create a lot of network and can be detected

Wayback Machine

- presents old versions of websites - in some cases, old versions of websites included sensitive information - can be used to view information that has since been removed

EternalBlue

- remote code execution exploit - created by the National Security Agency (NSA) - the hacker group "shadow brokers" leaked it - exploits Microsoft's SMB protocol

Choosing a Weapon

- should be based on the attack vector - always choose more than one weapon - each type of cyber attack requires different weapons

Weaponization Basics

- technically preparing for an attack - tuning, modifying, and creating tools - based on gathered information - accurate weaponization is a key to success - information gathered during reconnaissance serves as a guide for the appropriate methods and tools

Cyber Kill Chain

A systematic outline of the steps of a cyberattack. Describes how a successful cyber attack is achieved Reconnaissance > Weaponization > Delivery > Exploitation > Installation > Command & Control > Actions on Objects

Hosts

Accounts, groups, OS, architecture (e.g., x86), ports

Common Search Engines

Bing Yahoo Google DuckDuckGo

Password Cracking

Brute force and dictionary attacks are two of the most commonly used techniques

Passive Reconnaissance Methods

Gathering information without the targets knowledge

Personal

ID, phone #, address, relatives, hobbies

Networks

IP addresses, subnets, network topologies

Security Policies

Password requirements, physical security, firewall rules, IDS, IPS

Significant Information

any type of information that can be useful in the attack process, even information that may seem insignificant at first

DDoS Attack Requirements

a large amount of traffic generation is required

Adversary-Controlled Delivery

directly hacking into the system using various methods

Active Reconnaissance Method

higher risk of target awareness due to directly interacting with the target or its infrastructure

Time Investment

information gathering is a long term activity, and time for it should not be limited

Password cracking method

most effective way to gain access to a system that is susceptible to brute-force attack

Adversary Released Delivery

the malware is delivered to the victim via methods such as email, USB drive, and downloadable content


Related study sets

Chapter 24: Newborn Nutrition and Feeding NCLEX

View Set

Ch11 Corporate Reporting and Analysis

View Set

Chapter 29: The Child with a Genitourinary Condition

View Set

Mastering Astronomy Chapter 5 HW

View Set

Prelicense Texas Life and Health Insurance- General Principles, Life, Health, and Texas Law

View Set

Medical Terminology Chapter 8 Male Reproductive System

View Set