Boson Ceh

a design in which a database or knowledgebase is established to solve a particular problem, it is typically updated by various sources

A software design in which software components deliver information to other components over a network Example: API to give developers access to a database

A network design in which client computers use a centrally administered server to share data, data storage space, and devices. Example: Server that delivers web pages to a browser

A design in which a single application is developed to handle components that have functional differences Example: A single application that has both the UI and code to access data.

Rootkit

????

When a hashing algorithm creates the same hash from different plain text values.

128 bit hashes

When two devices transmit at the same time

A technique that generates a large amount of alert traffic to prevent detection of a legit attack by an IDS

An attack that uses fragmentation to avoid an IDS. It breaks session data up to pass it to a host. This way the IDS doesn't see all the attack data at once and may think the data is unrelated Only works on session-based protocols like HTTP

Changing or disguising the source IP address of an IP packet. Useful to mask the source of a DDoS attack

Sender defines some or all hops a packet must travel through. Enable by enabling loose source routing or strict source routing and providing all IPs to use

TCP Port 23

TCP PORT 25

TCP/UDP Port 53

It Means Domain Name System

It translates web addresses that people use into addresses the Internet uses

Directive - Company Policy Deterrent - Firing someone for failing it Preventative - Firewall blocking it Compensating - Extra policy on a policy Detective - IDS Corrective - antivirus correcting issues Recovery - antivirus

Institute of Electrical and Electronics Engineers

Extensible Authentication Protocol (EAP)

It stands for Network Access Control

It stands for Advanced Encryption Standard

It is a cryptographic algorithm used in WPA2. After 802.1X is authenticated AES can encrypt communication

IP Security

Provides security for VPNs

Confidentiality - Encrypts before sending Integrity - encryption says if it was tampered with

Layer 2 Tunneling Protocol

Used to establish VPN Connections

They are encapsulated in UDP packets

National Institute of Standards and Technology

Catalogs security and privace controls for federal information systems except those related to Directive Deterrent Preventative Compensating Detective Corrective Recovery NATIONAL SECURITY

Federal Information Security Management Act of 2002

Requires all federal agencies to have an Info Sec program It also assigns responsibilities to Office of Management and Budget and NIST

Federal Information Technology Acquisition Reform Act (2013)

Provides a framework for US Govt purchases. Was aimed to reduce spending on old systems This act failed

Health Insurance Portability and Accountability Act

Pearl module that supports IDS evasion Nikto uses libwhisker

A General Public License(GPL) web vulnerability scanner that performs multiple checks. Relies on Libwhisker Supports SSL Supports HTTP Supports reporting

a suite of tools for attacking web applications. Has free and professional versions

A proprietary commercial vulnerability scanner. Patch levels Vul of known exploits Has plugins

1, 2, 5, 14, 15,16, 17,18

1 - 768 bit - smallest 2 - 1024 bit - 2 GB 5 - 1536 bit - only with 5 in it 14 - 2048 bit 15 - 3073 bit - 15x2 = 30 16 - 4096 bit 17 - 6144 bit - Matt 17-44 18 - 8192 - Dylan #81 92

Diffie-Hellman an Asymmetric encryption protocol

An asymmetric encryption protocol that is used to exchange security keys between two parties who have had no previous communication

A packet capture library that is used by many packet sniffers and network monitors

It is used by the following: Kismet L0phtCrack Nmap Ngrep Snort Tcpdump Wireshark

It was created by the developers of Tcpdump

the premier network analysis tool for information security professionals. Having a solid grasp of this über-powerful application is mandatory for anyone desiring a thorough understanding of TCP/IP.

a C/C++ version of fpcap used in UNIX systems

Windows based version of libpcap

a password cracking tool

A password cracking tool

a password cracking tool

As password cracking tool

A password cracking tool

A method of sitting between a network session's source and destination so that traffic can be captured by a sniffer and analyzed

Code or credentials that are built into software that give complete access to the workstation it is running on

A password-hashing algorithm Creates 128bit hash

Microsoft's LAN Manager

a hashing technique that converts a users password into uppercase and then adds blank spaces until the size is 14 bytes. The 14 bytes are split into 2x 7byte chunks then each is ran through DES then the two are put back together Used prior to Windows NT

Data Encryption Standard

a 16 byte MD4 hash of a UTF-16 Unicode password?

Message Digest 4

Collision attacks because the hash is so small

NT LAN Manager

A protocol that uses both an NT hash and an LM hash to store passwords

It is used to hide true source IP address of traffic. It is used to evade detection on an IDS

ipfwadmin ipchains iptables

ipfwadmin ipchains iptables

The individual or entity accountable for data

The individual or entity that is responsible for granting access to data

Open Source Security Testing Methodology Manual

Provides protection for operations and can influence the impact of threats

10

Interactive Process Controls

Interactive Controls

Process Controls

Authentication Indemnification Resilience Subjugation Continuity

Nonrepudiation Confidentiality Privacy Integrity Alarm

Provides for identification and authorization based on credentials

provides contractual protection against loss or damages

Protects assets from corruption or failure

Ensure that interaction occur according to processes defined by the asset owner

Maintains interactivity with assets if corruption of failure occurs

Prevents a participant from denying its actions

Ensures that only participants have knowledge of an asset

Ensures that only participants have access to the asset

Ensures that participants know when assets and processes change

Notifies participants when interactions occur

As types of compliance

SOX - Sarbanes-Oxley HIPAA - Healthcare Information Portability Accountability

PCI DSS - Payment Card Industry Data Security Standard

ITIL - Information Technology Infrastructure Library ISO - International Organization for Standardization

International Organization for Standardization

Payment Card Industry Data Security Standard

Information Technology Infrastructure Library

ISECOM - Institute of Security and Open Methodologies

a repeatable framework for operational security testing and analysis

Human Physical Wireless Telecomms Network security OSSTMM also has a web-app version

Enables HTTP clients to update files to the target system

Will report whether GET is supported by the target system

Will report whether HEAD is supported by the target system

Will report whether POST is supported by the target system

Will report whether OPTIONS is supported on the target system

It allows for execution of arbitrary calls with the permission of either the SQL Server or proxy account

sysadmin should be the only one with this access

Disable guest accounts

disable it

None

Intrusion Detection System

Scan an IP address range to determine open and close ports

captures network data as it passes through the network interface

Passive

promiscuous mode

Can monitor network traffic and examine the traffice for signatures. When it finds a signature it notifies the admin

Packet Details Pane

Packet Number Timestamp Source Destination Protocol Length Additional Info

Shows the protocols and protocol fields in the packet. Displayed in tree format that can be expanded or collapsed

Contains hexadecimal characters and data offset (line number)

Disables DNS resolution

Enables DNS resolution

Disables ICMP (older parameters)

Internet Control Message Protocol

Disables ICMP (older parameters)

Disables DNS

Do this when performing stealth scans to avoid detection

Configures timing options. Is followed by a number 1-5 (1 is safest and 5 is worst)

Sets scan frequencey to "Paranoid scan"

Waits 5 minutes between each packet

Sets scan frequency to "Sneaky Scan"

15 second pause between each packet

10 second pause between each packet

10 second pause between each packet

1.25 second pause between each packet

.3 second pause between each packet

It is called Polite Scan in NMAP

It is called normal scan in NMap

It is called aggressive scan in Nmap

It is called Insane Scan in Nmap

It performs a stealth scan in Nmap

SYN scan Half-open scan

SYN/ACK is returned by the target

RST/ACK

It sends an RST response to reset the connection

Advanced Persistent Threat

The installation of a back door

Advanced - the techniques that are used Persistent - Remote/permanent control of the system Threat - non-technical, human

Planning Discovery Attack Reporting

Expected results of the project Constraints Any conditions

During the reporting phase

MitM Session Replay Data Manipulation

Username/Password preshared keys Digital certificates one-time passwords

It verifies the checksums at each end of the connection

Network Layer (Layer 3)

Physical, - computer Data Link, Network, Transport, Session, Presentation, Application

Point-to-Point Tunneling Protocol

Transferring data across IP-based VPN connections

Data Link Layer (Layer 2)

Extensible Authentication Protocol (EAP)

Extensible Authentication Protocol

transferring data across a VPN

It can use IPSec for VPN connections since it doesn't provide security itself

Operates at the Data Link layer (Layer 2)

Generic Routing Encapsulation

Network Layer (Layer 3)

Encapsulates and forwards non-IP protocols such as the below across an IP network. IPX - Internetwork Packet Exchange AppleTalk Uses IPSec to provide encryption and authentication

RID 500

RID 501

RID 1000+

Security Identifier

That the string is an SID

The revision onumber of the SID

a 5 indicates this is an SID for Windows NT authority

the domain or local computer identifier of the SID

This is the relative identified (RID) and identifies the type of user the SID is for

A virus that infect files only when a specific condition is met They execute less frequently to avoid antivirus software

a virus that overwrites portions of a file, filling the unused areas. This results in an infected file that is the same size as the original

A virus that rewrites itself each time it infects a new file

A virus that stays hidden by monitoring service calls to the OS. If a call is made to an infected file the original file's attributes are returned to the OS

14 characters is the maximum length

14 characters. Anything shorter than 14 characters is filled in with blanks

The second part of the hash is: AAD3B435B51404EE 404 Page Not FOUND

Compiles C++

C++ extension

Javascript extension

Pearl extension

Python extension

defines an output executable g++ gotcha.cpp -o clickme.exe compiles gotcha.cpp into clickme.exe

.C .cc .cpp .CPP .c++ .cp .cxx .hh .hpp .H .ii .tcc

data fragmentation can be used in this to evade an IDS

Putting more data in a buffer than it can hold which allows an attacker to execute malicious code on the computer

It is particularly vulnerable to overflow attacks

Used to provide limited amount of data integrity for IP datagrams. When a host receives an IP datagram it calculates the checksum of the header and compares it to the value of the header's checksum. If they don't match it is discarded

Network Address Translation

translates Private IP addresses to Public IP addresses and Public IP addresses back to Private IP addresses. is a many-to-many mapping

Maintains a pool of public IP addresses and assigns them to devices with a private IP address on an as-needed basis. As communication sessions close the public IPs are put back in the pool for use

a one-to-one mapping between private IPs and public IPs

Port Address Translation Many-to-one mapping

Updates every second by default

Selcting VIEW->UPATE SPEED

1 second 2 seconds 5 seconds Paused

a host-based tool that displays Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) connections between the host and destination devices

It displays Process ID Protocol Local and remote address Local and remote port Connection state number of sent and received packets number of sent and received bytes Devices can be displayed by host name or by ip address

It only operates on Windows

It operates on Windows, Linux and UNIX systems

Tcpvcon is a command-line alternative

Runs tcpvcon and displays all end points

prints the output of tcpvcon as a comma-separated CSV

configures tcpvcon to not resolve addresses

This attack is specific to UDP

This attack is a denial-of-service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router's broadcast address within a network. It is very similar to a different attack which uses spoofed ICMP traffic rather than UDP traffic to achieve the same goal.

TCP

When an attacker can guess the next sequence number from the legit sender to a host.

An attack that uses ICMP Echo Requests with a spoofed source address to a broadcast address. All that receive the request ping back but is directed to the DoS target

A virus that attempts to infect the boot sector and various files and programs

A virus that infects MS templates by using on-board VBA to run commands

Deletes a table EX DROP TABLE customer_table

Executes a command string on a database

Allows you to update values in a SQL database

Gramm-Leach-Bliley Act

Protects the confidentiality and integrity of personal information that a financial institution collects. Also requires the institution to disclose their privacy practices to the customer

Trusted Computer System Evaluation Criteria AKA Orange Book

Provides guidance on evaluating the effectiveness of computer security controls

A - verified protection B - Mandatory protection C - Discretionary Protection D - Minimal protection

Allows you to manage user accounts on a Windows command prompt

This command starts a service on a Windows command prompt

This command pauses a service on a Windows command prompt

This command connects to a remote resource on a Windows command prompt

This command allows you to manage different aspects of services on a windows command prompt

This flag configures Netcat to accept inbound connections on a UNIX host

This command configures Netcat to listen for inbound connections and restart after a session terminates. Only available in Windows

This flag specifies a TCP port in Netcat

This flag specifies the program to run when a session is established in Netcat

This Netcat flag specifies a UDP Port

Operate at Layer 7 (Application Layer)

Operate at Layer 5, Session Layer

Operate at Layer 3 Network Layer

Multiple OSI layers They combine Packet-filtering circuite-level application-level techniques

Encapsulating Security Payload

It encrypts the entire IP packet in IPSec when in tunnel mode

Only the IP payload is encrypted by ESP in this mode

Authentication Header

Authentication and Integrity is provided

No, AH doesn't encrypt data

Create a hash of the message Encrypt the hash using your private key Encrypt the message with the recipients public key

Something you have Something you know Something you are

a cryptography method in which data is hidden in another media type

A transmission that is authorized and is performed in compliance with security policies

A transmission that violates a company's security policy. Often used to mask transmissions

Maximum Tolerable Downtime

Disaster recovery plan

Internet Relay Chat

IRC Is most common

Develop BCP Policy Conduct BIA Identify controls Develop recovery strats Develop an IT DRP Perform DRP training Perform BC/DR maintenance

As short as possible

Not specific

Policies have these words

Senior Management should endorse them or they'll fail

Guidelines have these types of words

Server Message Block

Enables file and printer sharing without the need for NetBIOS port broadcasting

TCP Port 110

Post Office Protocol v3

TCP port 179

Border Gateway Protocol

It is an exterior gateway protocol that can be used to exchange routing info between network providers

It is used by mail clients to retrieve email from a remote server

Simple Network Management Protocol

It is used to monitor and manage network devices

TCP/UDP Port 445

TCP Port 139

Application Layer (Layer 7)

Layer 2 (Network layer)

Spanning Tree Protocol

Layer 2 (data link)

Layer 4 (Transport)

Secure Sockets

Layer 5 (session)

It uses a list of words (like dictionary) but substitutes numbers and symbols for some characters

It used a list of words from a "dictionary" to attack

It denotes a character string in SQL

Denotes a commend in SQL

It can concatenate two strings together

Denotes a variable in SQL

Searches for files that DO NOT contain the search term at the beginning of the name in grep

It configures grep to accept a regular expression pattern as a search term

It configures grep to match only the beginning of the line to the search term

When something that shouldn't trigger an alert does

When something that should trigger an alert doesn't

TCP/UDP 53

You should use this when you want to filter internet traffic for internal hosts on the network

You should use this when you want to allow customers to access your website

Dynamic Host Configuration Protocol

You should use DHCP for this

an IDS

confidentiality, integrity, authentication, & Non-repudiation

Annualized Loss Expectancy

ALE = SLE x ARO

Annualized Rate of Occurrence

Single Loss Expectancy

Network Time Protocol

UDP Port 123

File Transfer Protocol

TCP Ports 20, 21

UDP Port 161 and 162

Internet Printing Protocol

TCP Port 631

It is used to print to a network printer

Local Area Network Denial

It uses malformed IP packets with the same source and destination address. When the victim receives the packet it can become confused and crash

Uses several large overlapping IP fragments. The system will try to reassemble them but they're too big and sometimes crash

This attack finds two passwords with the same hash

Malicious code that wait for triggers to go off before activating Dates Times

Targets the deterring and prosecution of computer crimes against government systems, financial systems or systems that operate internationally

$5000 over 1 year

Electronic Communications Privacy Act

Protects electronic communications from illegal wiretapping

This act made it legal for the government to access internet communications, medical records, and even your home, all without notice or a search warrant.

packETH

A command-line tool for generating packets that is available on Linux and Windows

A command-line tool that can generate TCP/IP packets. Available on all platforms

A dictionary attack tool

Signal from hardware or software indicating that an event has occurred or that a process needs attention

This is the frequency or rate of a potential negative event

The likelihood that a threat will happen

Describes the damage of a successful attack

Threat x Vulnerability

Symmetric encryption is excellent for this

UDP Port 514

This algorithm creates hashes that are 128-bits long

This algorithm creates a hash that is 160-bits long

Secure Hash Algorithm

Mandatory low-level guides that explain how to accomplish a task

This document should have as much details as possible

Provides a minimum level of security that a company's employees and systems must meet

Provides helpful bits of advice

It allows any device from one to connect to any device on the other

This is a scripting language

C++ Java Visual Basic

OWASP OPen Web App Security Project

COBIT = Objectives for Information and related Technology. It is a framework for IT and IT governance that provides a systematic way of integrating IT with business strategy and business risk

It categorizes control objectives into four domains Planning & Organization Acquisition & Implementation Delivery & Support Monitoring & Evaluation

OSSTMM

This command line command enables you to determine domain names and their IP addresses.

This nslookup command lists all records for the specified DNS domain by initiating a zone transfer

This nslookup command lists all records for the specified DNS domain by initiating a zone transfer

This nslookup command lists aliases of computers in the DNS domain

This nslookup command lists aliases of computers in the DNS domain

This command lists CPU and OS information for the DNS domain

This command lists CPU and OS information for the DNS domain

This nslookup command lists well-known services on the DNS domain

This nslookup command lists well-known services on the DNS domain

a devices that has more than one network connection

Open Systems Interconnection

Proxy firewalls can do this

Application-level firewalls

Triple Data Encryption Standard

It applies DES three times

it produces a 168 bit key

produces a 56 bit key

2048 bits and up

RSA Encryption supports this

It is used to prevent viruses from infecting a network

It is used to control other computers on a botnet

Firewalls and proxy servers can be used to prevent this

Address Resolution Protocol

Converts IP address to MAC Address

Converts MAC addresses to IP Addresses

It enables participants to trust another participant's Public Key. Trust is established between the two.

a third party establishes trust for the two wanting to communicate

This is also known as trusted third-party model

This is also known as the bridge model

Cross-Site scripting

When an attacker gets a victim to execute client-side code on a web app/site

WPA2 Adheres to this entire standard

It is 127.0.0.1

It is a Layer 3 limited broadcast address

it is an example of a layer 3 directed broadcast address

It is an example of a Layer 2 ethernet broadcast address

A group of security responders who are responsible for mitigating attacker activities and have access to all of an orgs information during a simulated attack

A group of security responders who are responsible for mounting attacks against an organization as part of an attack simulation

A pentester who has the same network knowledge as an employee

A pentester who has no network knowledge

Their main benefit is that they have a low false positive rate

Their main benefit is being great at detecting new security threats

It used AES-CCMP for encryption

Advanced Encryption Standard-Counter Mode with Cipher Block Message Authentication Code Protocol

It uses TKIP for encryption

Temporal Key Integrity Protocol

Its encryption is 128-bit

RSA

ISO 27001 is based on this

BS 7799

Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI)

This standard is focused on governance for IT security

Clickjacking

When an attacker places invisible links over legit links that intercept mouse clicks. The mouse clicks are then directed to the attacker's desired use

A malicious attack that is directed toward a small group of specific individuals who visit the same website.

This attack's main goal is to steal online banking information

Typically uses email messages with trojans as attachments

An advertisement that is infected with a virus

This command launches Microsoft Management Console (MMC) and initiates the Group Policy snap-in

This command launches MMC with Computer Managment snap-in initiated

Launches MMC with services snap-in initiated. It allows you to see running services and modify whether those star manually or automatically

It enables MMC with the Event Viewer enabled. It allows you to examine windows host's event logs, application logs, security logs and system logs

It is a tool that is used to determine what ports are filtered by a gateway firewall

It manipulates Time-to-live values so they expire one hop after the firewall

Firewalk assumes the port is open and unfiltered

Firewalk assumes the port is filtered

It assumes the port is filtered

Supplying completely random data to the object to see what it does

Microsoft Security Development Lifecycle

You would use this to evade firewall inspection

You would use this to craft packets

To perform ping sweeps

Cross-Site Request Forgery

It show a list of failed login attempts on a linux computer

It shows a list of currently logged in users on a linux system

It contains a list of all login and logout activity on a linux system

It contains system authorization information on a linux system

/var/log

Certificate Authority

It issues digital certificates

Certificate Authority (CA)

Certificate Revocation List

Secure/Multipurpose Internet Mail Extensions

A Security Audit does this

A Vulnerability Assessment does this

A penetration test does this

Indicates the target website in metagoofil

It indicates the file type in metagoofil

It indicates the output file in metagoofil

This Nmap command indicates OS detection

This nmap command indicates version scanning

This nmap command indicates Script scanning

--traceroute

This command does OS detection Script scanning Version scanning

This will show you information on drivers and services but only active services

This will show you all active and inactive services on Windows Server 2012

It indicates the process should run in the background on a linux machine

add nohop to the front of the command