This document provides a study cheat sheet for the CEH v9 certification. It includes definitions and explanations of various cybersecurity topics like subnet addressing, types of network attacks (teardrop, SMURF, FRAGGLE), TCP/UDP ports, malware types (bot, worm), and network protocols (NTP, DNS). It also provides summaries of NIST risk assessment methodology, Microsoft SDL practices, and wireless security protocols (WPA, WPA2, CCMP). Finally, it includes questions about tools (Nmap, Nikto, NetStumbler), OS exploits (WebGoat), and compliance requirements (PCI DSS).
Secure code review is probably the most effective technique to identify security bugs early in the system development lifecycle.
When used together with automated and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. This presentation explain how can we start secure code review effectively.
Secure code review is probably the most effective technique to identify security bugs early in the system development lifecycle.
When used together with automated and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. This presentation explain how can we start secure code review effectively.
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfHaris Chughtai
Course is designed for those who are willing to write ISC2 CC (Certified in Cybersecurity) exam and not sure where to start and how to move forward.
Course is designed in two parts, this is part 2 which focuses on each of the ISC2 CC domain. At the end of the course , it suggest the additional reference study that could help to pass the exam in first attempt. Part 1 is focused more on course outline, exam registration using free vouchers & necessary precautions to avoid exam day issues.
There are hyperlinks in the deck for quick access to useful information, you will have to download it to have links available to you.
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
This post contains detailed Mindmap related to Complex subject of Cyber security and address critical components summarized as below:
- Cyber Security standards
- SOC (Security Operation Center)
- Cybersecurity Lifecycle
- Hacker Kill Chain
- Malware (Types,Protection Mechanism)
- Cyber Architecture
- CSC (Critical Security Standards)
- Incident Management
- Network Perimeter best security practices
- Final Case Study
I hope the Technical post is appreciated and liked by Security Consultants and Subject Matter experts on Cybersecurity.Your criticals Inputs are appreciated.Thank you
- Wajahat Iqbal
(Wajahat_Iqbal@Yahoo.com)
Slides for my lecture "Software security: vulnerabilities, exploits and
possible countermeasures" I had been giving for Samsung Electronics in Suwon, Korea (South).
Model Inversion attack exploiting confidence intervalsPhD. TTU
This presentation about a current model inversion attack. The attacker has an access to machine learning model, some features and the label. The goal of the attacker is to reveal one missing sensitive feature. Two methods are proposed in case of the decsion trees, and neural networks.
Aujas Cyber Security is a global cyber security services company consistently recognized by NASSCOM, Deloitte and Gartner for its unique cyber security capabilities. With a growing workforce of 400+ security experts, Aujas Networks has served more than 1500 clients across the globe.
Certified Ethical Hacker v11 First Look.pdfTuan Yang
Do you want to create a robust cybersecurity strategy for your team and secure your networks and other assets from malicious threats? The EC-Council CEH v11 masterclass will give your IT teams a rundown on the latest commercial-grade hacking tools, techniques, and methods to spot vulnerabilities in your IT infrastructure and thereby safeguard your organization from cyber-threats.
Watch Now: https://bit.ly/3IMOGAP
Cybersecurity Interview Questions Part -2.pdfInfosec Train
It is a hacking method that makes use of trial and error to
break encryption keys, passwords, and login credentials.
It is a straightforward but effective strategy for
unauthorized access to user accounts, company
systems, and networks.
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
In enumeration the hacker now pursuing an in-depth analysis of all targeted devices such as hosts, connected devices. Hacker is mapping out your network to build a offensive attack strategy,**very important topic**
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
Developing an attractive website for your business operations to generate more leads and profit for the company is no longer the only concern. There are various other factors in play. It is important to ensure that the website and software of your company are safe from any kind of malware. The main priority of any organization should be to build a defence system for its servers and data. Render your expert service to the clients and meet their requirements with this Cyber Security for Organization Proposal PowerPoint Presentation Slides. Utilize this PPT template to highlight your key deliverables such as uninterrupted server protection, secure organization information, network security, penetration testing, monitoring system vulnerabilities, and personnel training to avoid cyber attacks. Use this internet security PPT layout to talk about the whole process of project kick-off, planning, development, implementation, maintaining, and training for the cyber security services that your company adopts. Showcase the overall project cost that a client has to invest in availing your services as well as mention in detail the financial outlay according to each service and package. Grab the opportunity to educate your audience about the additional services that you provide like software development, cloud services, security, and networking by employing our electronic safeguard services PPT deck. Implement this visually-appealing security services PowerPoint theme to present an attractive business overview of your company and convey your mission, vision, objectives, and goals in an organized manner. Gain the trust of your clients by displaying your past achievements, awards, and client testimonials with this PPT design. You can take the assistance of this PowerPoint slide to inform the customer about your expertise in mobile app development, onsite developer, and business intelligence analytics. Download our ready-to-use computer security PPT graphic and promise the best security to your clients and make an everlasting impression on them. https://bit.ly/3fxyjMt
** Machine Learning Training with Python: https://www.edureka.co/python **
This Edureka tutorial will provide you with a detailed and comprehensive knowledge of the Naive Bayes Classifier Algorithm in python. At the end of the video, you will learn from a demo example on Naive Bayes. Below are the topics covered in this tutorial:
1. What is Naive Bayes?
2. Bayes Theorem and its use
3. Mathematical Working of Naive Bayes
4. Step by step Programming in Naive Bayes
5. Prediction Using Naive Bayes
Check out our playlist for more videos: http://bit.ly/2taym8X
Cybersecurity Fundamental Course by Haris Chughtai.pdfHaris Chughtai
This Cybersecurity Foundation level course is designed for those who want to embark a career path in this domain but not sure how to start and move forward.
At the end, this foundation level course suggests further study and provide a 8 step guide on how to to begin your new career.
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Tools" gives an introduction to the various tools used in the industry for the purpose of cybersecurity. You get to know different kinds of security tools in today's IT world and how they protect us against cyber threats/attacks. The following tools are discussed in this tutorial:
- BluVector
- Bricata
- Cloud Defender
- Contrast Security
- Digital Guardian
- Intellicta
- Mantix4
- SecBI
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Introduction to Web Application Penetration TestingAnurag Srivastava
Web Application Pentesting
* Process to check and penetrate the security of a web application or a website
* process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities
* Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?ITpreneurs
EC-Council Certified Ethical Hacker (CEH) program is the worlds most advanced ethical hacking course. Help information security professionals master hacking technologies. They will become a hacker, but an ethical one!
ITpreneurs has formed a partnership with EC-Council to provide a diverse portfolio of IT Security training and certifications in the Middle East (Kingdom of Saudi Arabia, United Arab Emirates, Kuwait, Oman, Bahrain, Qatar, Lebanon, Jordan) and Turkey. EC Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for information security professionals and e-business. ITpreneurs partners can provide unique offerings to help their clients in these countries to manage the emerging challenges posed by cyber security related threats.
Contact us today on info@itpreneurs.com and find out how you can bring EC-Council training to your clients.
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfHaris Chughtai
Course is designed for those who are willing to write ISC2 CC (Certified in Cybersecurity) exam and not sure where to start and how to move forward.
Course is designed in two parts, this is part 2 which focuses on each of the ISC2 CC domain. At the end of the course , it suggest the additional reference study that could help to pass the exam in first attempt. Part 1 is focused more on course outline, exam registration using free vouchers & necessary precautions to avoid exam day issues.
There are hyperlinks in the deck for quick access to useful information, you will have to download it to have links available to you.
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
This post contains detailed Mindmap related to Complex subject of Cyber security and address critical components summarized as below:
- Cyber Security standards
- SOC (Security Operation Center)
- Cybersecurity Lifecycle
- Hacker Kill Chain
- Malware (Types,Protection Mechanism)
- Cyber Architecture
- CSC (Critical Security Standards)
- Incident Management
- Network Perimeter best security practices
- Final Case Study
I hope the Technical post is appreciated and liked by Security Consultants and Subject Matter experts on Cybersecurity.Your criticals Inputs are appreciated.Thank you
- Wajahat Iqbal
(Wajahat_Iqbal@Yahoo.com)
Slides for my lecture "Software security: vulnerabilities, exploits and
possible countermeasures" I had been giving for Samsung Electronics in Suwon, Korea (South).
Model Inversion attack exploiting confidence intervalsPhD. TTU
This presentation about a current model inversion attack. The attacker has an access to machine learning model, some features and the label. The goal of the attacker is to reveal one missing sensitive feature. Two methods are proposed in case of the decsion trees, and neural networks.
Aujas Cyber Security is a global cyber security services company consistently recognized by NASSCOM, Deloitte and Gartner for its unique cyber security capabilities. With a growing workforce of 400+ security experts, Aujas Networks has served more than 1500 clients across the globe.
Certified Ethical Hacker v11 First Look.pdfTuan Yang
Do you want to create a robust cybersecurity strategy for your team and secure your networks and other assets from malicious threats? The EC-Council CEH v11 masterclass will give your IT teams a rundown on the latest commercial-grade hacking tools, techniques, and methods to spot vulnerabilities in your IT infrastructure and thereby safeguard your organization from cyber-threats.
Watch Now: https://bit.ly/3IMOGAP
Cybersecurity Interview Questions Part -2.pdfInfosec Train
It is a hacking method that makes use of trial and error to
break encryption keys, passwords, and login credentials.
It is a straightforward but effective strategy for
unauthorized access to user accounts, company
systems, and networks.
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
In enumeration the hacker now pursuing an in-depth analysis of all targeted devices such as hosts, connected devices. Hacker is mapping out your network to build a offensive attack strategy,**very important topic**
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
Developing an attractive website for your business operations to generate more leads and profit for the company is no longer the only concern. There are various other factors in play. It is important to ensure that the website and software of your company are safe from any kind of malware. The main priority of any organization should be to build a defence system for its servers and data. Render your expert service to the clients and meet their requirements with this Cyber Security for Organization Proposal PowerPoint Presentation Slides. Utilize this PPT template to highlight your key deliverables such as uninterrupted server protection, secure organization information, network security, penetration testing, monitoring system vulnerabilities, and personnel training to avoid cyber attacks. Use this internet security PPT layout to talk about the whole process of project kick-off, planning, development, implementation, maintaining, and training for the cyber security services that your company adopts. Showcase the overall project cost that a client has to invest in availing your services as well as mention in detail the financial outlay according to each service and package. Grab the opportunity to educate your audience about the additional services that you provide like software development, cloud services, security, and networking by employing our electronic safeguard services PPT deck. Implement this visually-appealing security services PowerPoint theme to present an attractive business overview of your company and convey your mission, vision, objectives, and goals in an organized manner. Gain the trust of your clients by displaying your past achievements, awards, and client testimonials with this PPT design. You can take the assistance of this PowerPoint slide to inform the customer about your expertise in mobile app development, onsite developer, and business intelligence analytics. Download our ready-to-use computer security PPT graphic and promise the best security to your clients and make an everlasting impression on them. https://bit.ly/3fxyjMt
** Machine Learning Training with Python: https://www.edureka.co/python **
This Edureka tutorial will provide you with a detailed and comprehensive knowledge of the Naive Bayes Classifier Algorithm in python. At the end of the video, you will learn from a demo example on Naive Bayes. Below are the topics covered in this tutorial:
1. What is Naive Bayes?
2. Bayes Theorem and its use
3. Mathematical Working of Naive Bayes
4. Step by step Programming in Naive Bayes
5. Prediction Using Naive Bayes
Check out our playlist for more videos: http://bit.ly/2taym8X
Cybersecurity Fundamental Course by Haris Chughtai.pdfHaris Chughtai
This Cybersecurity Foundation level course is designed for those who want to embark a career path in this domain but not sure how to start and move forward.
At the end, this foundation level course suggests further study and provide a 8 step guide on how to to begin your new career.
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Tools" gives an introduction to the various tools used in the industry for the purpose of cybersecurity. You get to know different kinds of security tools in today's IT world and how they protect us against cyber threats/attacks. The following tools are discussed in this tutorial:
- BluVector
- Bricata
- Cloud Defender
- Contrast Security
- Digital Guardian
- Intellicta
- Mantix4
- SecBI
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Introduction to Web Application Penetration TestingAnurag Srivastava
Web Application Pentesting
* Process to check and penetrate the security of a web application or a website
* process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities
* Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?ITpreneurs
EC-Council Certified Ethical Hacker (CEH) program is the worlds most advanced ethical hacking course. Help information security professionals master hacking technologies. They will become a hacker, but an ethical one!
ITpreneurs has formed a partnership with EC-Council to provide a diverse portfolio of IT Security training and certifications in the Middle East (Kingdom of Saudi Arabia, United Arab Emirates, Kuwait, Oman, Bahrain, Qatar, Lebanon, Jordan) and Turkey. EC Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for information security professionals and e-business. ITpreneurs partners can provide unique offerings to help their clients in these countries to manage the emerging challenges posed by cyber security related threats.
Contact us today on info@itpreneurs.com and find out how you can bring EC-Council training to your clients.
I'm take picture from here and there by goggling not mentioning all source please let me know if anyone has any objection. This presentation was presented in IUT CTF G3t R00t
Hunting for APT in network logs workshop presentationOlehLevytskyi1
Nonamecon 2021 presentation.
Network logs are one of the most efficient sources to hunt adversaries, but building good analytics capabilities require a deep understanding of benign activity and attacker behavior. This training focuses on detecting real-case attacks, tools and scenarios by the past year.
The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises for the students to get used to the detection engineering methodology and prepare them to start implementing this at their organizations.
Presentation topics:
- Netflow Mitre Matrix view
- Full packet captures vs Netflow
- Zeek
- Zeek packages
- RDP initial comprometation
- Empire Powershell and CobaltStrike or what to expect after initial loader execution.
- Empire powershell initial connection
- Beaconing. RITA
- Scanning detection
- Internal enumeration detection
- Lateral movement techniques widely used
- Kerberos attacks
- PSExec and fileless ways of delivering payloads in the network
- Zerologon detection
- Data exfiltration
- Data exfiltration over C2 channel
- Data exfiltration using time size limits (data chunks)
- DNS exfiltration
- Detecting ransomware in your network
- Real incident investigation
Authors:
Oleh Levytskyi (https://twitter.com/LeOleg97)
Bogdan Vennyk (https://twitter.com/bogdanvennyk)
IPv6: Threats Posed By Multicast Packets, Extension Headers and Their Counter...IOSR Journals
ABSTRACT: Security issues concerning the spreading Internet Protocol version 6 (IPv6) is one of the major
issues in the world of networking today. Since it is not the default network protocol deployed nowadays (but
systems are migrating slowly from ipv4 to ipv6) there are no best practices from the point of network
administrators, nor are any guarantees that implemented IPv6 protocol stacks and security techniques without
any bugs. This paper addresses some security concerns like extensive use of multicast packets and extension
headers and its countermeasures.
Keywords: multicast, extension headers, reconnaissance, rogue dhcpv6 server spoofing, dual-stack,
tunnels, Nat, ping of death
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
1. Dave Sweigert,
CISA, CISSP, HCISPP, PCIP, PMP, SEC+
Study cheat sheet for CEH v9
Directive Control – Example: distributing a policy that forbids personal devices.
192.168.2.32/27 Subnet address. /27 indicates that 27 bits belong to the 32 bit
IP address. Thus, the host portion of the I.P. address is made up of the
remaining bits. Use the formula 2 to the n power to determine the number of
addresses defined by a subnet mask. A /27 subnet mask uses 5 bits for host
addresses, so 2 to the power of 5 equals 32 addresses for the subnet.
What is a teardrop attack? During a teardrop attack, attacker sends several
large overlapping IP fragments.
What is a SMURF attack? Attacker pings broadcast address by sending ICMP
echo request packets from a forged source address (which will receive the
replies from the ICMP echo requests). Each device that received the forged
source address will response with an echo request to that address, flooding the
source (target).
What is a FRAGGLE attack? Attacker sends forged UDP echo and chargen
(character generator) packets with a forged source address.
A hostmay connectto a serverthat supportsthe CharacterGeneratorProtocol on either
TransmissionControl Protocol (TCP) orUserDatagram Protocol (UDP) port number19. Upon
openingaTCP connection,the serverstartssendingarbitrarycharacterstothe connecting
hostand continuesuntil the hostclosesthe connection.Inthe UDP implementationof the
protocol,the serversendsaUDP datagram containinga randomnumber(between0and 512)
of characterseverytime itreceivesadatagramfrom the connectinghost.Anydatareceived
by the serverisdiscarded.
https://en.wikipedia.org/wiki/Character_Generator_Protocol
Why would someone operate TCP over DNS (port 53)? To vade firewall
inspection by creating a tunnel via Port 53. There are TCP-over-DNS tools that
accomplish this task.
Describe a characteristic of block ciphers: Block ciphers encrypt specific blocks
of data. WARNING: block ciphers are NOT faster than stream ciphers.
2. Describe a sparse infector virus. Sparse infector viruses are executed only when
a specific condition is met. They are conditional virus.
sparse infector virus
Also known as a sparse virus, a type of virus that only infects files when certain
conditions are met. Examples include viruses that infect files only on their 10th
execution or viruses that target files with a maximum size of 128 KB. These viruses
use the conditions to infect less often and therefore avoid detection.
http://en.termwiki.com/EN/sparse_infector_virus
Why can’t the Windows Traceroute program guarantee response times and
packets? Traceroute uses ICMP packets and many routers and firewalls are
configured to drop ICMP packets. Thus, Traceroute cannot guarantee responses
from devices with ICMP packets.
PCI DSS question. What tests must be performed at least quarterly to maintain
compliance with Requirement 11? 1) internal and external vulnerability scans, 2)
unauthorized Wireless Access Point 9WAP) detection.
PCI DSS requirement 11.1 mandates the use of wireless scanners in your
cardholder environment on at least a quarterly basis to ensure that rogue
wireless networks are not present. The text of the requirement reads “Test for
the presence of wireless access points by using a wireless analyzer at least
quarterly or deploying a wireless IDS/IPS to identify all wireless devices in
use.”
11.2 Run internal and external network vulnerability scans at least quarterly
and after any significant change in the network (such as new system
component installations, changes in network topology, firewall rule
modifications, product upgrades). (Source: PCI DSS v3.0, p. 91)
Wireshark filter question. What filter will display traffic TO and FROM
192.168.10.0/24? ip.src==192.168.10/24 or ip.dst==192.168.10.0/24 and
ip.addr==192.168.10.0/24
3. Filtering IP Address in Wireshark:
(1)single IP filtering:
ip.addr==X.X.X.X
ip.src==X.X.X.X
ip.dst==X.X.X.X
(2)Multiple IP filtering based on logical conditions:
OR condition:
(ip.src==192.168.2.25)||(ip.dst==192.168.2.25)
AND condition:
(ip.src==192.168.2.25) && (ip.dst==74.125.236.16)
What platforms can NETSTUMBLER operate on? NetStumbler can only be
installed on Windows platforms. It will not install on Mac O/S or Linux.
Additionally, NetStumbler DOES NOT support 802.11n mode nor will it support
monitor mode (passive monitoring).
NIST SP 800-30. What is the first step in the NIST 800-30 risk assessment?
System characterization.
Step 1. System Characterization
The firststepin assessingriskistodefine the scope of the effort. Todo this,identifywhere
ePHI iscreated,received,maintained,processed,ortransmitted.
Step 2. Threat Identification
For thisstep,potential threats(the potential forthreat-sourcestosuccessfullyexercise a
particularvulnerability) are identifiedanddocumented.
Step 3. VulnerabilityIdentification
The goal of thisstepis to developalistof technical andnon-technical systemvulnerabilities
(flawsorweaknesses) thatcouldbe exploitedortriggeredbythe potential threat-sources.
Step 4. Control Analysis
The goal of thisstepis to documentandassessthe effectivenessof technical andnon-
technical controlsthathave beenorwill be implementedbythe organizationtominimizeor
eliminatethe likelihood(orprobability)of athreat-source exploitingasystemvulnerability.
Step 5. LikelihoodDetermination
The goal of thisstepis to determine the overall likelihoodratingthatindicatesthe probability
that a vulnerabilitycouldbe exploitedbyathreat-source giventhe existingorplanned
securitycontrols.
Step 6. Impact Analysis
The goal of thisstepis to determine the level of adverse impactthatwouldresultfroma
threatsuccessfullyexploitingavulnerability.
Step 7. Risk Determination
By multiplyingthe ratingsfromthe likelihooddeterminationandimpactanalysis,arisklevelis
determined.
4. Signs of unauthorized data on a device?
a. User created data in the HPA
b. A file created with steganography with data in it
c. A file header that does not match the extension.
What are the scripting languages: PERL, RUBY, JAVA.
What is a false negative? A false negative occurs when an IPS or IDS does not
identify malicious traffic entering the network.
What type of malware can propagate without human interaction? BOT and
WORM. A worm can self-propagate and replicate itself within the infected
operating system of the target. A bot can self-propagate to establish a
connection with a mother ship and create a zombie device.
What is a hyper-visor root kit? Allows the migration of the O/S in a virtual
machine; thus allowing concealment of malicious programs within the VM.
Hyper-visor level root-kits install themselves between the hardware layer and the
O/S.
A hypervisorrootkitdoesnothave tomake anymodificationstothe kernel of the targetto
subvertit;however,thatdoesnotmeanthat itcannot be detectedbythe guestoperating
system.Forexample,timingdifferencesmaybe detectablein CPUinstructions.
https://en.wikipedia.org/wiki/Rootkit
Which protocol uses Port 123? Network Time Protocol (NTP).
Name three practices that take place in the DESIGN stage of the Microsoft
Security Development Lifecycle: Establish design requirements, Perform attack
service analysis and reduction and Use threat modeling.
SDL Practice #5: Establish Design Requirements Considering security
and privacy concerns early helps minimize the risk of schedule
disruptions and reduce a project's expense.
SDL Practice #6: Attack Surface Analysis/Reduction Reducing the
opportunities for attackers to exploit a potential weak spot or
vulnerability requires thoroughly analyzing overall attack surface and
includes disabling or restricting access to system services, applying the
principle of least privilege, and employing layered defenses wherever
possible.
SDL Practice #7: Use Threat Modeling Applying a structured approach
to threat scenarios during design helps a team more effectively and less
5. expensively identify security vulnerabilities, determine risks from those
threats, and establish appropriate mitigations.
http://www.microsoft.com/en-us/SDL
Which DNS record is used to translate an IP address from a hostname? A
DNS Syntax Types Explained
An “A” record, which stands for “address” is the most basic type of syntax used
in DNS records, indicating the actual IP address of the domain. The “AAAA”
record is an IPV6 address record that maps a hostname to a 128-bit Ipv6
address. Regular DNS addresses are mapped for 32-bit IPv4 addresses.
The “CNAME” record stands for “canonical name” and serves to make one
domain an alias of another domain. CNAME is often used to associate new
subdomains with an existing domain's DNS records.
The “MX” record stands for “mail exchange” and is basically a list of mail
exchange servers that are to be used for the domain.
The “PTR” record stands for “pointer record” and maps an Ipv4 address to the
CNAME on the host.
The “NS” record stands for “name server” and indicates which Name Server is
authoritative for the domain.
An “SOA” record stands for “State of Authority” and is easily one of the most
essential DSN records because it stores important information like when the
domain was last updated and much more.
An “SRV” record stands for “service” and is used to define a TCP service on
which the domain operates.
A “TXT” record lets the administrator insert any text they'd like into the DNS
record, and it is often used for denoting facts about the domain.
http://www.pcnames.com/articles/what-are-dns-records
Describe the characteristics of WebGoat:
a. It uses BLACK BOX testing methods
b. It is available from OWASP
c. It can install on Windows, Linux and Mac O/S
d. It provides 30 demonstration lessons
e. It can be used with either Java or .NET
6. Explain what is meant by multi-honed devices: All firewalls are multi-honed
devices (meaning more than one network connection).
Network layer or packet filters
Network layer firewalls, also called packet filters, operate at a relatively low level of
the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they
match the established rule set. The firewall administrator may define the rules; or
default rules may apply. The term "packet filter" originated in the context of BSD
operating systems.
Network layer firewalls generally fall into two sub-categories, stateful and stateless.
Stateful firewalls maintain context about active sessions, and use that "state
information" to speed packet processing. Any existing network connection can be
described by several properties, including source and destination IP address, UDP or
TCP ports, and the current stage of the connection's lifetime (including session
initiation, handshaking, data transfer, or completion connection). If a packet does not
match an existing connection, it will be evaluated according to the ruleset for new
connections. If a packet matches an existing connection based on comparison with the
firewall's state table, it will be allowed to pass without further processing.
Application-layer
Main article: Application layerfirewall
Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all
browser traffic, or all telnet or FTP traffic), and may intercept all packets traveling to
or from an application. They block other packets (usually dropping them without
acknowledgment to the sender).
On inspecting all packets for improper content, firewalls can restrict or prevent outright
the spread of networked computer worms and Trojans. The additional inspection
criteria can add extra latency to the forwarding of packets to their destination.
https://en.wikipedia.org/wiki/Firewall_(computing)
Describe a Ping of Death attack: Uses fragmented ICMP messages to disable
the target. When the target attempts to re-create the fragmented ICMP
messages, the message exceeds its capacity. This re-assembly causes the O/S
to crash.
7. What are the top three control categories?
Preventive - These are controls that prevent the loss or harm from occurring. For
example, a control that enforces segregation of responsibilities (one person can
submit a payment request, but a second person must authorize it), minimizes the
chance an employee can issue fraudulent payments.
Detective - These controls monitor activity to identify instances where practices or
procedures were not followed. For example, a business might reconcile the general
ledger or review payment request audit logs to identify fraudulent payments.
Corrective - Corrective controls restore the system or process back to the state
prior to a harmful event. For example, a business may implement a full restoration
of a system from backup tapes after evidence is found that someone has improperly
altered the payment data.
http://ishandbook.bsewall.com/risk/Assess/Risk/control_types.html
Does RC4 use a block cipher? NO. RC4 is a symmetric encryption algorithm
that uses a stream cipher. NOTE: stream ciphers are faster than block ciphers.
What is ESP? Encapsulating Security Protocol used in IP Sec. ESP provides for
confidentiality in IP Sec. NOTE: Unlike Authentication Header (AH), ESP in
transport mode does not provide integrity and authentication for the entire IP
packet.
AH provides authentication and integrity.
The IPSec Authentication Header (AH) protocol allows the recipient of a datagram to
verify its authenticity. It is implemented as a header added to an IP datagram that
contains an integrity check value computed based on the values of the fields in the
datagram. This value can be used by the recipient to ensure that the data has not
been changed in transit. The Authentication Header does not encrypt data and thus
does not ensure the privacy of transmissions.
http://www.tcpipguide.com/free/t_IPSecAuthenticationHeaderAH-3.htm
What is NIKTO? Nikto is an open-source Web server scanning tool. It is NOT a
SQL injection test tool. SQL injection tools include: SQL Injector, SQL Ninja,
Havij, Pangolin and Absinthe.
8. Testing for SQL Injection
OWASP SQLiX
Sqlninja: a SQL Server Injection & Takeover Tool –
http://sqlninja.sourceforge.net
Bernardo Damele A. G.: sqlmap, automatic SQL injection tool –
http://sqlmap.org/
Absinthe 1.1 (formerly SQLSqueal) – http://sourceforge.net/projects/absinthe/
SQLInjector – Uses inference techniques to extract data and determine the
backend database server. http://www.databasesecurity.com/sql-injector.htm
Bsqlbf-v2: A perl script allows extraction of data from Blind SQL Injections –
http://code.google.com/p/bsqlbf-v2/
Pangolin: An automatic SQL injection penetration testing tool –
http://www.darknet.org.uk/2009/05/pangolin-automatic-sql-injection-tool/
Antonio Parata: Dump Files by sql inference on Mysql – SqlDumper –
http://www.ruizata.com/
Multiple DBMS Sql Injection tool – SQL Power Injector –
http://www.sqlpowerinjector.com/
MySql Blind Injection Bruteforcing, Reversing.org – sqlbftools –
http://packetstormsecurity.org/files/43795/sqlbftools-1.2.tar.gz.html
What is CCMP? CCMP is used by WPA2 to provide integrity. It was invented to
correct weaknesses with the TKIP (Temporal Key Integrity Protocol). CCMP
implements the IEEE 802.11i standard. NOTE: WPA2 uses AES for encryption.
NOTE: WPA uses TKIP and RC4 for encryption. RC4 provides 128-bit
encryption.
Counter Mode Cipher Block Chaining Message Authentication Code Protocol,
Counter Mode CBC-MAC Protocol or simply CCMP (CCM mode Protocol) is an
encryption protocol designed for Wireless LAN products that implement the
standards of the IEEE 802.11i amendment to the original IEEE 802.11
standard.
https://en.wikipedia.org/wiki/CCMP
9. WPA2, aka 802.11i
Fully conforms with 802.11i as it implements all mandatory features.
Guarantees interoperability certification.
Effectively WPA2 is Wi-Fi Alliance's brand name for 802.11i.
Note: In some cases other optional features of 802.11i may be required, but
interoperability may not be guaranteed.
Support for AES encryption and AES-based CCMP message integrity is mandatory (is
optional in WPA).
As well as mandatory AES, WPA2 also adds PMK (Pair-wise Master Key) and Pre-
authentication to help fast roaming.
What does the –p- parameter in NMAP accomplish? The –p- parameter scans
ports 1 thru 65535. Without the trailing dash specific ports can be specified; e.g.
nmap –p20-100 for ports 20 to 100.
What is PCAP? It is the capture library used by Nmap, TCPDUMP, Wireshark,
LophtCrack, etc.
What can scan remote devices to validate security? Microsoft Baseline Security
Analyzer (MBSA) can use the Windows Update Agent to remotely scan the
security state of computers on a network.
Where does OSSTMM place PCI DSS? The contractual compliance category.
What are the other OSSTMM categories? LEGISLATIVE, CONTRACTUAL,
STANDARDS-BASED.
NOTE: OSSTMM is maintained by ISECOM.
What is the command NMAP –A equivalent to? Nmap –sV –sC –O –traceroute
What is the function of PAT? PAT translates multiple private IP addresses to a
single public IP address. Port Address Translation.
10. Port Address Translation (PAT), is an extension to network address translation
(NAT) that permits multiple devices on a local area network (LAN) to be
mapped to a single public IP address. The goal of PAT is to conserve IP
addresses.
http://searchnetworking.techtarget.com/definition/Port-Address-Translation-
PAT
What is the hash value created by MD%? 128 bits. SHA-1 can create a 160 bit
value.