Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

0-CWO > 8 - OCO > Flashcards

8 - OCO Flashcards

1
Q

Lockheed Martin’s Cyber Kill Chain

A
  • Framework aimed to improve visibility and understanding of attacker’s TTPs
  1. Reconnaissance
  2. Weaponization
  3. Delivery
  4. Exploitation
  5. Installation
  6. Command and Control
  7. Actions and Objectives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Reconnaissance (Lockheed)

A
  • Harvesting email addresses, conference information, etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Weaponization (Lockheed)

A
  • Coupling exploit with backdoor into deliverable payload
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Delivery (Lockheed)

A
  • Delivering weaponized bundle to a victim via email, web, etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Exploitation (Lockheed)

A
  • Exploiting a vulnerability to execute code on victim’s system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Installation (Lockheed)

A
  • Installing malware on the asset
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Command and Control

A
  • Command channel for remote manipulation of victim
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Actions on Objectives

A
  • Intruders accomplish original goals
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

MITRE ATT&CK for Enterprise

A
  • Adversarial Tactics, Techniques, and Common Knowledge
    – Describes actions an adversary would take against a target network
  • Last 4 stages of Lockheed Cyber Kill Chain broken down into:
    – Initial Access
    – Execution
    – Persistence
    – Privilege Escalation
    – Defensive Evasion
    – Credential Access
    – Discovery
    – Lateral Movement
    – Collection
    – Exfiltration
    – Command and Control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Hacker Methodology

A
  1. Footprinting
  2. Scanning
  3. Enumeration
  4. Gaining Access
  5. Escalating Privileges
  6. Pilfering Data
  7. Covering Tracks
  8. Creating Backdoors
  9. Actions on Objectives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Footprinting (Hacker Methodology)

A
  • Collecting data about your target
  • Passive - no direct interaction
  • Methods
    – whois
    – nslookup / dig
    – Google
    – Social Networking
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Scanning (Hacker Methodology)

A
  • Bulk assessment and identification
  • Active - direct interaction
  • Methods
    – Ping sweeps
    – Trace route
    – nmap (-sn also does ping sweep)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Enumeration (Hacker Methodology)

A
  • Looking for vulnerabilities
  • Aggressive probing
  • Methods
    – Service version detection (-sV in nmap)
    – OS detection (-O in nmap)
    – Banner grabbing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Gaining Access (Hacker Methodology)

A
  • Establish a foothold on target system
  • Methods
    – default Username/passwords
    – Brute force PW guessing
    – Remote code execution (metasploit, phishing)
    – Buffer overflow
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Escalating Privileges (Hacker Methodology)

A
  • Take full control of system
  • Elevate to higher system privileges
  • Methods
    – Hashdump
    – PW Cracking
    – Phishing (if from user-level)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Pilfering Data (Hacker Methodology)

A
  • Gather information from target system
  • Copy, don’t move
  • System configs
  • Shares
  • ARP tables
  • Be careful of large data transfers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Covering Tracks (Hacker Methodology)

A
  • Make sure users/admins don’t know we are here
  • Methods
    – Log removal
    – Restarting crashed services
    – Timestomping
    – Removing uploaded/installed malware
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Creating Backdoors (Hacker Methodology)

A
  • Persist on the system
  • Methods
    – Rogue user accounts
    – Meterpreter
    – Netcat
    – Cron Job/Scheduled Tasks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Actions on Objectives (Hacker Methodology)

A
  • Perform end-goal actions on target systems
  • Denial of Service
    – Encryption
    – Password Changes
    – Deleting critical system files
  • Installing Malware
    – Spyware Ransomware
  • Stealing Information
    – PII
    – Financial
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Advanced Methods (Hacker Methodology)

A
  • Post Exploitation Survey
  • Tunneling
  • Buffer overflows
  • Rootkits
  • Man in the Middle
  • Triggering
  • Obfuscation
  • Social Engineering
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Post Exploitation Survey (Hacker Methodology)

A
  • Target verification
  • Information Gathering
  • Look for:
    – Host verification (IP, hostname, etc.)
    – Host configuration (interfaces, firewall rules, installed programs, etc.)
    – Situational Awareness (process list, network connections, antivirus, etc.)
    – Useful Information (desktop, docs, dirwalk)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Pivoting

A
  • Using an already compromised host to further exploit deeper into a target network
23
Q

WEP

A
  • Wired Equivalent Privacy
  • Intended to provide data confidentiality like wired networks
  • RC4 encryption
    – Keys never used twice (24-bit IV)
    – Reuse restriction not guaranteed on busy network, allowing WEP key crack
24
Q

WPA

A
  • Wifi Protected Access
  • Partial implementation in response to WEP weakness
  • TKIP encryption
    – Randomly generates 64 or 128 bit key per packet
    – Message integrity check, replaced by CRC
  • Retained vulnerabilities of WEP
25
Q

WPA2

A
  • Wifi Protected Access II
  • AES-CCMP Encryption
  • Prevents
    – Frame forgeries
    – Replay Attacks
  • Never re-uses encryption key
26
Q

WPS

A
  • Wifi Protected Setup
  • 2 Mandatory connection modes
    – Push button
    – PIN (8-digit pin, last digit is checksum, first 4 digits evaluated from last 3)
  • 2 Optional connection modes
    – NFC
    – USB
  • 11,000 possible combinations before gaining access to system
27
Q

WPA3

A
  • Wifi Protected Access 3
  • Simultaneous Authentication Equals (SAE)
    – Replaces WPA2 pre-shared key
  • Uses forward secrecy
    – Minimal data exposure if hacked
  • Easy Connect, Enhanced Open
28
Q

airmon-ng

A
  • Modify or show status/mode of wireless interfaces and kill network managers
29
Q

airodump-ng

A
  • Packet capture of raw 802.11 frames
  • Suitable for collecting on WEP, WPA, and WPA2 networks
30
Q

aireplay-ng

A
  • Used for injecting frames
    – For WPA2, used for deauth
31
Q

aircrack-ng

A
  • Used for cracking WPA2 pre-shared keys (like john-the-ripper for wifi)
    – Requires packet capture of WPA2 handshake (with airodump-ng)
32
Q

Wireless Hacking Methodology

A
  • Network identification and monitoring
  • Client ID and deauth
  • Handshake capture
  • Password Cracking
  • Connect to network
  • Must
    – Know SSID of network
    – Be in footprint of AP
    – Connect client to the AP
33
Q

Buffer

A
  • Region of physical memory used to temporarily store data
34
Q

Buffer Overflow

A
  • Entering data that exceeds the buffer size and spills over into other memory space, corrupting or overwriting data stored in that space
35
Q

Rootkit

A
  • Malware which hides its presence from users/OS
    – Can attach to security software to remain hidden
    Types:
    – Hardware/firmware
    – Bootloader
    – Memory
    – Application
    – Kernel Mode
36
Q

Man-in-the-Middle

A
  • Attacker inserts his/herself into the communication between two devices
  • Attacker impersonates both sides of the conversation
37
Q

Triggering

A
  • Interact w/ a target to have a program perform a defined function for an attacker
  • May be triggered through sending packets
  • Functions include:
    – Running a command
    – Starting a listener
    – Starting a reverse connection
38
Q

Obfuscation

A
  • Making something obscure, unclear, or unintelligible
  • Goal is to alter appearance of malware to evade antivirus
  • Packers
    – Compress malware
    – Hides from AV; makes it difficult to reverse engineer
  • Crypters
    – Encrypt, obfuscate, and manipulate software
    – Make reverse engineering more difficult
39
Q

Types of Obfuscation

A
  • Network Traffic
    – Make network traffic appear to be something else (i.e. make beacon look like normal HTTP/HTTPS traffic)
  • Executables
    – Use packers/obfuscation software to bypass defender programs or prevent reverse engineering
  • Text
    – Multiple techniques; i.e. base64 encoding
  • Steganography
    – Hiding information inside pictures (steghide on Kali)
40
Q

Social Engineering

A
  • Goal: Convince a target to take actions they would normally not
  • Types:
    – Pretexting - Creating a believable story
    – Baiting - Using targets greed/curiosity
    – Tailgating - Attempting to gain access to restricted areas
    – Phishing - Email campaigns
41
Q

SSH Tunnel

A
  • Securely forward network traffic through an encrypted SSH connection
  • Also known as SSH port forwarding
42
Q

Forward SSH Tunnel

A
  • Forward local port to remote port, allowing the user to access a service running on the remote server as if it were running on the local machine
43
Q

Reverse SSH Tunnel

A
  • Forward remote port to a local port, allowing the user to access a service running on local machine as if it were running on the remote server
44
Q

Dynamic SSH Tunnel

A
  • Created dynamically
  • Used when multiple ports are needed, such as in port scanning
45
Q

SSH Tunnel Options

A

-f - background after auth
-N - no need for remote commands
-C - request compression

46
Q

IPTables/Firewall Redirection

A
  • Routes traffic through prerouting and postrouting chains without touching the local system
  • Won’t show up on netstat
  • Does not provide encryption (connection must do its own encrypting)
  • System must be configured for routing
47
Q

Industrial Control System

A
  • Computing systems that control and monitor industrial processes
48
Q

Programmable Logic Controllers (PLC)

A
  • Devices that control and monitor industrial machinery
49
Q

Modbus

A
  • Protocol used by PLCs
  • Establishes communication between devices and facilitates transfer of data between them
  • Port 500
  • Can be used to:
    – Change value of registers
    – Read an I/O port
    – Read values contained in registers
50
Q

nmap port states

A
  • open
    – Application listening on that port
  • closed
    – Port is accessible but has no application listening
  • filtered
    – Firewall or other network obstacle is blocking the port; nmap cannot tell if it is open or closed
  • unfiltered
    – Port is accessible, but nmap is unable to determine state
  • open | filtered
    – Used when nmap is unable to determine if port is open or filtered
  • closed | filtered
    – Used when nmap is unable to determine if port is closed or filtered
51
Q

netcat flags

A
  • -v - verbose
  • -w - wait x seconds for a response
  • -z - do not send data to a TCP connection and limited data to UDP
  • -d - tells nc to detach from the console
  • -L - keep listening for connections even after the first connection disconnects
  • -p - port to listen on
  • -e - execute the following command after connection is made
52
Q

Adobe_Geticon

A
  • Exploit used to create a weaponized PDF
53
Q
A

0-CWO (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions