4.1 Tool to assess organizational security

Question 1

Reconnaissance tools: what is traceroute ?

Answer 1

Network diagnostic tool that helps determine the path packets take from a source to a destination. It is primarily used for troubleshooting network connectivity issues, identifying network bottlenecks, and understanding the path taken by packets.
Use Traceroute when you want to trace the path packets take from a source to a destination, identify network hops, measure round-trip times, and troubleshoot network connectivity issues.

Question 2

Reconnaissance tools: what are the commands in Linux & Windows to traceroute a packet ?

Answer 2

• Windows: tracert
• Linux: traceroute

Question 3

Reconnaissance tools: what is the mechanics of traceroute (how does it work)?

Answer 3

Takes advantage of ICMP Time to Live (TTL) exceeded error message.

Ex: TTL=1 is the first router, TTL=2 is the second router etc

Question 4

Reconnaissance tools: what nslookup command for ?

Answer 4

Command-line tool available on many operating systems for querying DNS servers and performing basic DNS lookups. It allows users to manually query DNS servers and retrieve information about domain names, IP addresses, name servers, and other DNS records. Nslookup is commonly used for simple DNS troubleshooting, verifying DNS resolution, and checking DNS configurations. However, its feature set is relatively limited compared to Dig. In recent years, the functionality of nslookup has been largely superseded by more advanced tools like Dig.

Question 5

Reconnaissance tools: what ipconfig and ifconfig command for ?

Answer 5

Determine IP and network information
- ipconfig: windows
- ifconfig: linux

Question 6

Reconnaissance tools: what ping command for ?

Answer 6

Test reachability of an IP

Question 7

Reconnaissance tools: what pathping command for ?

Answer 7

Combines the functionalities of ping and traceroute. It is a Windows-specific command-line utility that measures packet loss, round-trip times, and other network performance metrics. Use PathPing when you need a combination of Ping and Traceroute functionalities. It provides information about latency and packet loss at each hop along the network path, making it useful for diagnosing intermittent connectivity issues and identifying network segments with performance problems.

Question 8

Reconnaissance tools: what netstat command for ?

Answer 8

It stands for network statistics and show network status and protocol statistics:
- netstat -a: show all active connection
- netstat -b: show binaries (windows)
- netstat -n: do not resolve names

Question 9

Reconnaissance tools: what is ARP ?

Answer 9

Address Resolution Protocol determine a MAC address based on an IP address (you need the hardware address to communicate)

Question 10

Reconnaissance tools: is there a command to see MAC address ?

Answer 10

Using the arp command:
- arp -a: view local ARP table

Question 11

Reconnaissance tools: what curl command for ?

Answer 11

It stands for Client URL and allow to grab the raw data (html) from a websites and display it

Question 12

Reconnaissance tools: why using curl command ?

Answer 12

To be able to see the source code of a website and search through it

Question 13

Reconnaissance tools: what is hping ?

Answer 13

Command-line network tool known for packet crafting, network scanning, and testing. It allows you to craft and send customized packets with specific characteristics, such as source and destination IP addresses, ports, protocols, flags, and payloads.
Use Hping when you require advanced network scanning, port scanning, or packet manipulation capabilities for network testing, security assessments, or troubleshooting purposes.

Question 14

Reconnaissance tools: what is nmap ?

Answer 14

It stands for network mapper. It can port scan, discover OS, service scan, can use script

Question 15

Reconnaissance tools: what is OSINT ?

Answer 15

OSINT skills are the abilities and knowledge necessary to collect, analyze, and use information from open sources for various purposes.

Ex of OSINT tool: theHarvester

Question 16

Reconnaissance tools: what is sn1per ?

Answer 16

Penetration testing tool and scanner designed for reconnaissance, vulnerability scanning, and information gathering. It combine many tools: dnsenum, metasploit, nmap, wfuzz, nikto etc

Question 17

Reconnaissance tools: what can be a problem when you do a scan? how to prevent it ?

Answer 17

Your device can be identify as the source of the scan. To prevent from this, you can scan from a different host (for ex a proxy)
Scaless tool can be use for this type of scan

Question 18

Reconnaissance tools: what dsnenum command for ?

Answer 18

DNSenum is a specialized tool for DNS enumeration and information gathering. It focuses on discovering DNS-related information about a target domain, such as subdomains, DNS records, zone transfers, reverse DNS lookups, and DNSSEC configurations. DNSenum automates the process of gathering DNS data and provides a comprehensive view of the DNS infrastructure of a domain. It is commonly used in reconnaissance and information gathering during penetration testing and security assessments to identify potential targets and vulnerabilities related to DNS configurations.

Question 19

Reconnaissance tools: what is nessus for ?

Answer 19

A vulnerability scanner The most popular because it has a very large DB

Question 20

Reconnaissance tools: what is cuckoo for ?

Answer 20

A sandbox (a virtual env) for malware.
It test a file in a safe environement and can track & trace API calls, network traffic, memory analysis, traffic captures etc

Question 21

File manipulation tools: what cat command for ?

Answer 21

Show the content of a file on linux machines

Question 22

File manipulation tools: what head command for ?

Answer 22

View the first part of a file (linux)

Ex: head -n 5 syslog: view the 1st 5 line of syslog file

Question 23

File manipulation tools: what tail command for ?

Answer 23

View the last part of a file. Same syntax as the head command

Question 24

File manipulation tools: what grep command for ?

Answer 24

Find text in a file

Ex: grep failed auth.log: find the word ‘failed’ in the auth.log file

Question 25

File manipulation tools: what chmod command for ?

Answer 25

Change the permission of a file:
- r= read; w=write, x= execute
- set for the file owner (u), the group (g), others (o) or all (a)

Ex: chmod 744 script.sh

Question 26

File manipulation tools: explain chmod permission

Answer 26

If you use the chmod command, you give permission through number. Hence:
- 0: none; —
-1: Execute only; –x
-2: Write only; -w-
-3: Write and execute; -wx
-4: Read onlt; r–
-5:Read and execute; r-x
-6: Read and write; rw-
-7: Read, write and execute; rwx

Question 27

File manipulation tools: explain this command “-rwxr–r–” ?

Answer 27

This display when you list the content of a directory (ls -la). The mode (ex: -rwxr–r–) are listed before and can be divided into 4 pieces. In our example of -rwxr–r– :
- the piece is the “-“ which is the type of object ‘-‘ for file, d for directory
- rwx are for the user’s permission (7)
- r– is for group permission (4)
- r– is for others permission (4)

Question 28

Shell & script env: what is SSH?

Answer 28

Encrypted console communication that is more secure than Telnet

Question 29

Shell & script env: what is Windows Powershell?

Answer 29

Command line administrator for Windows. You can manage windows OS and run scripts in the powershell

Question 30

Shell & script env: what is Open SSL for ?

Answer 30

A toolkit and crypto library for SSL/TLS. It can build certificate and manage SSL/TLS communication

Question 31

Packet tools: what is Wireshark for ?

Answer 31

A packet analyzer. it gather frames on the network and help to identify unknown traffic, verify packet filtering and security controls

Question 32

Packet tools: what is a tcpdump ?

Answer 32

Command-line packet capture tool used for capturing and analyzing network traffic. It allows users to monitor and capture network packets in real-time or from pre-captured packet capture files. Tcpdump captures packets at the data link layer and provides detailed information about each packet, including source and destination addresses, protocols, headers, and payload. It is commonly used for network troubleshooting, protocol analysis, security monitoring, and forensic investigations.

Question 33

Packet tools: what is a tcpreplay ?

Answer 33

command-line tool used for replaying captured network traffic back onto a network interface. It takes packet capture files (e.g., pcap files) generated by tools like Tcpdump and replays the captured packets onto a network in the same order and timing as they were originally captured. The purpose of Tcpreplay is to recreate network traffic scenarios for testing, benchmarking, or simulating real-world network conditions. It allows users to replay captured network traffic and observe how systems or network devices respond to that traffic.

Question 34

Forensic tools: what is the dd comand for ?

Answer 34

Allows to create a bit by bit copy of a drive/ directory

Ex: dd if=/dev/sda of=/tmp/sda-image.img to create a disk image
dd if=/tmp/sda-image.img of=/dev/sda to restore from an image

Question 35

Forensic tools: what is the memdump comand for ?

Answer 35

Copy information in system memory to the standard output stream. Therefor, everything that happens is in memory

Question 36

Forensic tools: what is WinHex?

Answer 36

A hexadicimal editor used for analyzing and editing binary files, disk drives, and forensic imaging. Use in forensics, data recovery, cybersecurity, and software debugging.

Question 37

Forensic tools: what is Autopsy tool?

Answer 37

Autopsy is widely used by digital forensic investigators, law enforcement agencies, and incident responders to process and analyze digital evidence in a forensically sound manner. It provides a comprehensive set of tools for examining various types of digital artifacts, recovering deleted files, reconstructing user activities, and generating detailed reports for investigative purposes (downloaded files, browser history, email, DB, etc)

Question 38

Forensic tools: what is data sanitization ?

Answer 38

Completely remove data from a drive /directory and make sure data cannot be recovered

Question 39

Reconnaissance tools: what dig command for ?

Answer 39

Command-line tool used for querying DNS servers and retrieving DNS-related information. It provides detailed information about DNS records, name servers, IP addresses, and other DNS-related data. Dig supports various types of DNS queries, including A, AAAA, CNAME, MX, NS, PTR, SOA, and TXT records. It is a powerful tool for troubleshooting DNS issues, performing DNS lookups, and gathering DNS-related information manually. Dig provides extensive control over query parameters and offers more flexibility and advanced features compared to nslookup and dnsenum.