Tools And Commands Flashcards
(192 cards)
1
Q
What is PILAR?
A
A Risk Analysis and Management Tool.
PILAR is the software that implements and expands Magerit RA/RM Methodology. It is designed to support the risk management process along long periods, providing incremental analysis as the safeguards improve. Its functionalities include mainly:
Quantitative and qualitative Risk Analysis and Management
Quantitative and qualitative Business Impact Analysis &Continuity of Operations
2
Q
What are Examples of Risk Management Tools?
A
PILAR A1 Tracker Risk Management Studio IsoMetrix Sword Active Risk iTrak Certainty Software Resolver's ERM Software Isolocity Enablon
3
Q
What is Group Policy Management Console (GPMC)?
A
It is a part of Windows Administrative Tools and is a scriptable interface to manage Group Policies.
4
Q
Whate is ManageEngine ServiceDesk Plus?
A
It is a comprehensive ticketing system used in incident management, problem management, change management, and IT project management applications.
5
Q
Name an Open Source Security Information and Event Management System (OSSIM)
A
AlienVault
6
Q
What are examples of Ticketing System Tools?
A
AlienVault osTicket SolarWinds MSP IR-Flow Request Tracker for Incident Response (RTIR) IBM Resilient Incident Response Platform Freshdesk
7
Q
What is buck-security?
A
It’s a collection of security checks for Linux. It allows incident handlers to identify the security status of a system
8
Q
What is Kiwi Syslog Server?
A
A centralized and simplified log message management tool across various network devices and servers. It is used to centrally manage syslog messages, generate real-time alerts based on syslog messages, and perform advanced message filtering and message buffering
9
Q
What is Splunk Light?
A
A tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. This tool will collect data from multiple sources and performs indexing, monitoring, reporting, and alerting. Alerts from Splunk Light can automatically trigger actions to send automated emails, execute remediation scripts, or post to RSS feeds.
10
Q
What are examples of Incident Analysis and Validation Tools?
A
buck-security Kiwi Syslog Server Splunk Light Loggly InsightOps Logz.io Logmatic.io Graylog
11
Q
What is Microsoft Baseline Security Analyzer (MBSA)?
A
A tool designed for IT professionals and helps small-and medium-sized businesses to determine their security state in accordance with Microsoft security recommendations. It lets incident handlers scan local and remote systems for missing security updates as well as common security misconfigurations. MBSA includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows systems. To assess missing security updates, MBSA will only scan for missing security updates, update rollups and service packs available from Microsoft Update.
12
Q
What are examples of tools for detecting missing security patches?
A
Microsoft Baseline Security Analyzer (MBSA) GFI LanGuard Symantec Client Management Suite MaaS360 Patch Analyzer Solarwinds Patch Manager Kaseya Security Patch Management Software Vulnerability Manager Ivanti Endpoint Security Patch Connect Plus Automox Prism Suite
13
Q
What is MagicTree?
A
A report writing tool. MagicTree stores data in a tree structure. This is a natural way of representing the information that is gathered during a network test: a host has ports, which have services, applications, vulnerabilities, and so on.
14
Q
What is KeepNote?
A
A note taking application that works on Windows, Linux, and MacOS X. With KeepNote, you can store your class notes, TODO lists, research notes, journal entries, paper outlines, and so on in a simple notebook hierarchy with rich-text formatting, images, and more. Using full-text search, you can retrieve any note for later reference.
15
Q
What is FTK Imager?
A
A data preview and imaging tool that enables analysis of files and folders on local hard drives, CDs/DVDs, network drives, and examination of the content of forensic images or memory dumps.
16
Q
What is R-Drive Image?
A
A potent utility that provides creation of disk image files for backup or duplication purposes. R-Drive restores the images on the original disks, on any other partitions, or even on a hard drive’s free space. It can be used to restore a system after heavy data loss caused by an operating system crash, virus attack, or hardware failure.
17
Q
What are examples of Data Imaging Tools?
A
FTK Imager R-Drive Image EnCase Forensics Data Acquisition Toolbox RAID Recovery for Windows R-Tool R-Studio F-Response Imager
18
Q
What is HashCalc?
A
A free tool used to compute multiple hashes, checksums, and HMACs for files, text, and hex strings
19
Q
What is MD5 Calculator?
A
A tool used to calculate the MD5 hash value of the selected file.
20
Q
What is HashMyFiles
A
A small utility that is used to calculate the MD5 and SHA1 hashes of one or more files in the system.
21
Q
What is the ‘PsUptime’ command?
A
A Windows command to show the system uptime
22
Q
What is the ‘Net Statistics’ command?
A
A Windows command used to show the system uptime
23
Q
What is the ‘Uptime’ and ‘W’ command?
A
A Linux command used to show the system uptime
24
Q
What is the ‘Netstat -ab’ command used for?
A
It’s a Windows command used to determine all the executable files for running processes.
25
What is ListDLLs?
It's a Windows utility used to determine DLLs loaded into a process.
26
What is Pslist.exe?
It's a Windows utility used to display basic information about the already running processes on a system, including the amount of time each process has been running.
27
What is the 'Top' command used for?
It's a Linux command used to display system summary information as well as a list of processes or threads Linux kernel is currently managing.
28
What is the 'w' command?
It's a Linux command used to display the current processes for each shell of each user.
29
What is the 'ps' command?
It's a Linux command used to display information about the root's currently running processes
30
What is the 'pstree' command?
It's a Linux command used to display the processes on a system in the form of a tree
31
What is 'Psloggedon'?
A Windows applet that displays both the locally logged on users and the users logged on via resources for either the local computer or a remote computer.
32
What is the 'net session' command?
A Windows command that helps to manage server connections. It is used without parameters ans it displays information about all logged in sessions of the local computer.
33
What is the 'logonsessions' command?
A Windows command that lists the currently logged-on sessions and if you specify the -p option it can provide you the information of processes running in each session.
34
What is the 'who' command?
A Linux command used to display the user that is currently logged on locally.
35
What is the 'who am i/who -uH' command?
These are both Linux commands. who am i is used to determine the currently logged on user, whereas who -uH displays the idle times for logged on users.
36
What is the 'who -all/-a' command?
A Linux command that displays all currently logged on users, local and remote
37
What is the 'last' command?
A Linux command that displays a history of logged on users, local and remote
38
What is the 'lastlog' command?
A Linux command that displays the last login times for system accounts, local and remote
39
What is the 'W' command?
A Linux command that displays summaries of system usage, currently logged on users, and logged on user activities
40
What is the 'passwd' file?
A Linux file containing user account information, including one-way encrypted passwords
41
What is the 'nbtstat' command?
A Linux command used to help troubleshoot NetBios resolution problems. When a network is functioning normally, NetBIOS over TCP/IP resolves NetBIOS names to IP Address
nbtstat -c: This option shows the contents of the NetBIOS name cache, which contains NetBIOS name-to-IP address mappings.
nbtstat -n: This displays the names that have been registered locally on the system by NetBIOS applications such as the server and redirector.
nbtstat -r: This command displays the count of all NetBIOS names resolved by broadcast and by querying a WINS server.
nbtstat -S: This option is used to list the current NetBIOS sessions and their statuses.
42
What is the 'Netstat' tool?
It's a Windows tool that helps in collecting information about network connections operative.
netstat -a: Displays all active TCP connections as well as the TCP and UDP ports
netstat -e: Displays ethernet statistics.
netstat -n: Displays active TCP connections.
netstat -o: Displays active TCP connections and includes the PID.
netstat -p: Shows connections for the protocol specified.
netstat -r : Displays the contents of the IP routing table.
43
What is Cyber Triage?
An incident response software which helps incident responders and forensic investigators to determine if a host is compromised through simplified collection and analysis of endpoint data.
44
What is Process Explorer?
A Windows tool which shows the information about the handles and DLLs of the processes, which have been opened or loaded.
45
What are examples of tools used to collection volatile information?
```
PMDump
ProcDump
Process Dumper (PD)
PsList
Tasklist
```
46
What is Forensic Explorer?
A tool used to recover and analyze hidden and system files, deleted files, file and disk slack, and unallocated clusters. Forensic Explorer is used for preservation, analysis, and presentation of electronic evidence.
47
What is Forensic Toolkit (FTK)?
A tool used to deliver cutting edge analysis, decryption, and password cracking.
48
What is Event Log Explorer?
A software solution for monitoring, and analyzing events recorded in security, system, application, and other logs of Microsoft Windows OS.
49
What is OSForensics?
It helps discover relevant forensic data faster with high performance file searches and indexing as well as restores deleted files. It identifies suspicious files and activity with hash matching, drive signature comparisons and looks into emails, memory and binary data.
50
What is Helix3?
An cyber security solution integrated into the network, gives visibility across the entire infrastructure revealing malicious activities such as internet abuse, data sharing and harassment. Allows the user to isolate and respond to incidents or threats quickly through a central administration tool.
51
What is Autopsy?
A digital forensics platform and GUI to The Sleuth Kit and other forensics tools. It helps incident handlers to view file systems, retrieve deleted data, perform timeline analysis and web artifacts during an incident response.
52
What is EnCase Forensics?
A multi-purpose forensic platform. It can collect data from many devices and extract potential evidence. It generates an evidence report. Can assist in acquiring large amounts of evidence quickly.
53
What is Foremost?
A console program to recover files based on their headers, footers, and internal data structures.
54
What are examples of Forensic Analysis tools?
```
Forensic Explorer
Forensic Toolkit (FTK)
Event Log Explorer
OSForensics
Helix3
Autopsy
EnCase Forensics
Foremost
Belkasoft Evidence Center
RegScanner
MultiMon
Process Explorer
Security Task Manager
Memory Viewer
Metadata Assistant
HstEx
XpoLog Log Management
```
55
What is TCP View?
A port monitoring tool. It shows detailed listings of all TCP & UDP endpoints on a system, including the local and remote addresses and the state of TCP connections. It provides subsets of the Netstat program that ships with WIndows.
56
What are examples of Port Monitoring Tools
```
TCP View
CurrPorts
dotcom-monitor
PortExpert
PRTG Network Monitor
Nagios Port Monitor
```
57
What is Process Monitor?
A monitoring tool for Windows that shows real-time file system, registry, and process/thread activity. It combines the legacy Sysinternals utilities, Filemon and Regmon.
58
What are examples of Process Monitoring Tools
```
Process Monitor
Process Explorer
M/Monit
ESET SysInspector
System Explorer
Security Task Manager
HiJackThis
Yet Another (remote) Process Monitor
Process Network Monitor
OpManager
```
59
What is jv16 Power Tools?
A PC system utility that works by cleaning out unneeded files and data, cleaning the Windows registry, automatically fixing system errors, and applying optimizations to a system. Allows users to scan and monitor the Registry.
60
What are examples of Registry Monitoring Tools?
```
jv16 Power Tools
Regshot
Reg Organization
Registry Viewer
RegScanner
Registrar Registry Manager
Active Registry Monitor
MJ Registry Watcher
Buster Sandbox Analyzer
```
61
What is Windows Service Manager (SrvMan)?
A service monitoring tool. You can use SrvMan's CLI to Create services:
srvman.exe add [service name]
[display name] [/type:] [/start:] [/interactive:no] [/overwrite:yes]
Delete Services:
srvman.exe delete
```
Start/Stop/Restart services:
srvman.exe start [/nowait] [/delay:
]
srvman.exe stop [/nowait] [/delay:
]
srvman.exe restart [/delay:]
```
install & start a legacy driver:
srvman.exe run [service name] [/copy:yes]
[/overwrite:no] [/stopafter:]
62
What are examples of Windows Service Monitoring Tools?
```
Windows Service Manager (SrvMan)
Advanced Windows Service Manager
Netwrix Service Monitor
AnVir Task Manager
Service+
Easy Windows Service Manager
Nagios XI
Windows Service Monitor
PC Service Optimizer
SMART Utility
```
63
What is Autoruns for Windows?
A Startup Program Monitoring Tool. It can autostart the location of any startup monitor, display what programs are configured to run during system bootup or login, and show the entries in the order Windows processes them.
64
What are examples of Startup Program Monitoring Tools?
```
Autoruns
WinPatrol
Autorun Organizer
Quick Startup
StartEd Pro
Chameleon Startup Manager
BootRacer
Wintools.net: Startup Manager
EF StartUp Manager
PC Startup Master
CCleaner
Startup Delayer
```
65
What is Loggly?
An Event Logs Monitoring tool. Loggly automatically recognizes common log formats and gives a structured summary of all your parsed logs. It provides real-time monitoring, system behavior, and unusual activity.
66
What are examples of Event Logs Monitoring Tools?
```
Loggly
SolarWinds Log & Event Manager
Netwrix Event Log Manager
LogFusion
Alert Logic Log Manager
EventTracker Log Manager
Process Lasso Pro
Splunk
```
67
What is Mirekusoft?
An Installation Monitoring tool. Mirekusoft automatically monitors what gets placed on your system and allows to unistall it completely.
68
What are examples of Installation Monitoring Tools?
```
Mirekusoft
SysAnalyzer
Advanced Uninstaller PRO
Revo Uninstaller Pro
Comodo Programs Manager
```
69
What is SIGVERIF?
A File and Folder Monitoring Tool. SIGVERIF is a Windows tool that comes with Windows 10/8/7. It searches for unsigned drivers on a system.
Steps to Identify an unsigned driver with SIGVERIF:
o Click Start → Run, type SIGVERIF, and then click OK.
o Click the Advanced button. Click Look for other files that are not digitally signed.
o Navigate to the Windows\System32\drivers folder, and then click OK.
o After Sigverif is finished running its check, it displays a list of all unsigned drivers installed on the computer. One can find the list of all signed and unsigned drivers found by Sigverif in the Sigverif.txt file in the %Windir% folder, typically the Windows folder.
70
What are examples of Files and Folder Monitoring Tools?
```
SIGVERIF
Tripwire File Integrity Manager
Netwrix
Verisys
PA File Sight
CSP File Integrity Checker
NNT Change Tracker
AFIC (Another File Integrity Checker)
Fsum Frontend
OSSEC
IgorWare Hasher
```
71
What is DriverView?
A Device Driver Monitoring Tool. DriverView displays the list of all device drivers currently loaded on the system. Additional information is displayed, such as, load address, description, version, product name, company
72
What are Examples of Device Driver Monitoring Tools?
```
DriverView
Driver Booster
Driver Reviver
Driver Easy
Driver Fusion
Driver Genius
Unknown Device Identifier
Driver Magician
DriverHive
InstalledDriversList
My Drivers
Driver Agent Plus
DriverPack
```
73
What is Capsa Network Analyzer?
A Portable Network Analyzer for both LANs and WLANs. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analysis, in-depth packet decoding, and automatic expert diagnosis.
74
What are Examples of Network Analyzer Tools?
```
Capsa Network Analyzer
Wireshark
Nessus
NetResident
PRTG Network Monitor
GFI LanGuard
NetFort LANGuardian
CapMon
Nagios XI
Total Network Monitor
```
75
What is DNSQuerySniffer?
A network sniffer. DNSQuerySniffer shows the DNS queries sent on your system. For every DNS query, the following information is displayed: host name, port number, query ID, request type, request time, response time, duration, response code, number of records, and the consent of the returned DNS records.
76
What are examples of DNS Monitoring/Resolution Tools?
DNSQuerySniffer
DNSstuff
DNS Lookup Tool
Sonar
77
What is API Monitor?
An API Monitoring Tool. API Monitor allows you to monitor and display Win32 API calls made by applications.
78
What are examples of API Calls Monitoring Tools?
API Monitor
APImetrics
Runscope
AlertSite
79
What is schtasks?
A scheduled task monitoring tool. schtasks used in a CLI, will display a list of all the scheduled tasks on the system.
80
What are examples of Scheduled Task Monitoring Tools?
```
schtasks
Monitoring Task Scheduler Tool (MoTaSh)
ADAudit Plus
CronitorCLI
Solarwinds Windows Scheduled Task Monitor
```
81
What is Wireshark?
A Browser Activity Monitoring Tool. Wireshark captures and intelligently browses the traffic passing through a network.
82
What are examples of Browser Activity Monitoring Tools?
```
Wireshark
Colasoft
OmniPeek
Observer Analyzer
PRTG Network Monitor
Netflow Analyser
```
83
What is HashMyFiles?
A File Fingerprinting tool. HashMyFiles produces a hash value of a file using MD5, SHA1, CRC32, SHA-256, SHA-512, and SHA-384 algorithms. It also provides information about the file.
84
What are examples of File Fingerprinting Tools?
```
HashMyFiles
Hashtab
HashCalc
md5deep
MD5sums
tools4noobs--Online hash calculator
Cryptomathic
```
85
What is VirusTotal?
A free service that analyzes suspicious files and URLs and facilitates the detection of viruses, works, trojans, and so on. It generates a detailed report regarding the file that was marked as suspicious.
86
What are examples of Malware Scanning Tools?
```
VirusTotal
Jotti
Metadefender
Online Scanner
IObit Cloud
ThreatExpert
Malwr
Valkyrie
Dr. Web Online Scanners
UploadMalware.com
ThreatAnalyzer
Payload Security
Anubis
Windows Defender Security Intelligence (WDSI)
Bitdefender Quickscan
```
87
What is BinText?
A string search tool. BinText can extract text from any kind of file and it includes the ability to find plain ASCII text, Unicode text, and Resource strings.
88
What are examples of String Search Tools?
```
BinText
FLOSS
Strings
Free EXE DLL Resource Extract
Hex Workshop
```
89
What is PEiD?
An Identifying Packing/Obfuscation Tool. PEiD can identify signatures associated with over 600 different packers and compilers. It displays the type of packer, entry point, file offset, EP Section, and subsystem used for packing.
90
What is PE Explorer?
A tool used for finding the Portable Executables (PE) Information. PE Explorer lets you open, view, and edit a variety of different 32-bit Windows executable file types.
91
What are examples of Portable Executable (PE) Information Tools?
PE Explorer
Portable Executable Scanner (pescan)
Resource Hacker
PEView
92
What is Dependancy Walker?
A tool used to identify file dependencies. Dependency Walker lists all the dependent modules of an executable file and builds hierarchical tree diagrams.
93
What are examples of File Dependency Tools?
Dependency Walker
Snyk
Hakiri
Retie.js
94
What are examples of Identifying Packing/Obfuscation Tools?
PEiD
UPX
Exeinfo PE
ASPack
95
What is IDA Pro
A Malware Disassembly Tool. IDA Pro is a multiplatform disassembler and debugger that explores binary programs to create maps of their execution.
96
What are examples of Malware Disassembly Tools?
```
IDA Pro
OllyDbg
WinDbg
objdump
ProcDump
KD
CDB
NTSD
```
97
What is Volatility Framework?
A Python-based memory analysis tool that is capable of performing various forensic operations.
Below is an example of an image analysis using Volatility.
basic information: o python vol.py imageinfo -f /root/Desktop/memdump.mem
running process: o python vol.py pslist --profile=Win2008SP1x86 –f /root/Desktop/memdump.mem
analyze the service: o python vol.py svcscan --profile=Win2008SP1x86 –f /root/Desktop/memdump.mem | more
analyze the registry: o python vol.py hivelist --profile=Win2008SP1x86 –f /root/Desktop/memdump.mem
98
What is SSDT View?
A Microsoft Windows OS utility designed to list the most significant aspect of the System Service Descriptor Table (SSDT) including service indexes, service addresses, service names, and the module name which corresponds to the service address.
99
What is RogueKiller?
An anti-malware that is able to detect and remove generic malware and advanced threats like rootkits, rogues and works. It also detects controversial programs (PUPs) as well as possible bad system modifications/corruptions (PUMs)
100
What is CapLoader?
A Windows tool designed to handle large amounts of captured network traffic. It performs indexing of PCAP/PcapNG files and visualizes their contents as a list of TCP and UDP flows.
101
What is PRTG Network Monitor?
A network monitoring tool effectively used to monitor entire network infrastructure.
102
What is ClamWin?
A free open-source antivirus program for Windows.
103
What are examples of Antivirus Tools?
```
ClamWin
Bitdefender Antivirus Plus
Kaspersky Anti-Virus
McAfee Total Protection
Norton AntiVirus
Avast Premier Antivirus
ESET Smart Security
AVG Antivirus Free
Avira Antivirus Pro
```
104
What is Netcraft?
A toolbar that provides updated information about the sites users visit regularly and blocks dangerous sites.
105
What is PhishTank?
A collaborative clearinghouse for data and information about phishing on the internet. It has an API which developers can use to integrate antiphishing data into their applications.
106
What is MxToolbox?
A tool used to make email headers human readable by parsing them according to RFC 822.
107
What are examples of Email Header Analyzing Tools?
```
MxToolbox
gaijin.at
testconnectivity.microsoft.com
ipTRACKERonline.com
toolbox.googleapps.com
whatsmyip.com
```
108
What is Email Dossier?
It's a scanning tool used to check the validity of an email address. It's a part of the CentralOps.net suite of online network utilities.
109
What are examples of tools used to check Email Validity?
```
Email Dossier
verifyemailaddress.io
email-checker.net
emailvalidator.co
glocksoft.com
```
110
What is eMailTrackerPro?
A tool that analyzes email headers and reveals information such as sender's geographical location, IP Address, and so on.
111
What are examples of Email Tracking Tools?
```
eMailTrackerPro
PoliteMail
Yesware
ContactMonkey
Zendio
ReadNotify
DidTheyReadIt
Trace Email - whatsmyipaddress.com
ipaddresslocation.org
Pointofmail
WhoReadMe
GetNotify
G-Lock Analytics
```
112
What is a tool used for Email Log Analysis?
EventLog Analyzer. It provides log management with agent and agentless methods of log collection, custom log parsing, and complete log analysis with reports and alerts.
113
What is Recover My Email?
A mail recovery software that can recover deleted email messages from either Outlook or Outlook Express DBX files.
114
What is Gophish?
An open-source phishing toolkit meant to help incident responders and businesses conduct real-world phishing simulations.
115
What is SPAMfighter?
A spam filter that works instantly by automatically removing the spam and phishing emails from your inbox.
116
What is Gpg4win?
A email security tool used to securely transport email and files with the help of encryption and digital signatures.
117
What are examples of Email Security Tools?
```
Gpg4win
Advanced Threat Protection
SpamTitan
Symantec Email Security.cloud
Barracuda Email Security Gateway
Mimecast Email Security
Comodo Dome Anti-spam
Spambrella
The Email Laundry
GFI MailEssentials
Cisco Email Security
```
118
What are examples of Registry Analysis Tools?
```
jv16 Power Tools
regshot
Reg Organizer
Registry Viewer
RegScanner
```
119
What are examples of Network Analysis Tools?
```
Nmap
Wireshark
TCPView
Netstat
Nbtstat
Tracert
Packet Capture
Real-Time NetFlow Analyzer
ManageEngine NetFlow Analyzer
```
120
What are examples of File System Analysis Tools?
```
PE Explorer
Pescan
PEView
Resource Hacker
WinDirStat
DiskSavvy
MD5sums
md5deep
Hashtab
```
121
What are examples of Malware Analysis Tools?
```
VirusTotal
IDA Pro
Ollydbg
Windbg
Cuckoo Sandbox
Blueliv Sandbox
```
122
What are examples of Process Analysis Tools?
```
Process Monitor
Process Explorer
Tasklist
Monit
ESET SysInspector
System Explorer
```
123
What are examples of Services Analysis Tools?
```
Services.msc
MSConfig
SrvMan
Net start
Task Scheduler
```
124
What are examples of Volatile Memory Analysis Tools?
```
Rekall
Memdump
MemGator
Memoryze
KnTTools
```
125
What are examples of Active Directory Tools?
```
SolarWinds Server & Application Monitor
Adaxes
ADManager Plus
ADAudit Plus
Anturis Active Directory Monitor
```
126
What are examples of Network Analysis Tools?
```
Nmap
Netstat
Wireshark
Tcpdump
MD5sums
md5deep
```
127
What are examples of Network Analysis CLI Tools?
```
Traceroute
ARP
Ifconfig
File system
lsof
dd
df
fdisk
strings
grep
```
128
What are examples of Malware Analysis Tools?
VirusTotal
IDA Pro
Cuckoo Sandbox
129
What are examples of Malware Analysis CLI Tools?
Processes
htop
top
ps
130
What are examples of Volatile Memory Analysis Tools?
Rekall
Memfetch
LiME
Volatilitux
131
What are examples of Session Management CLI Tools?
w/who
rwho
Lastlog
132
What are examples of Vulnerability Analysis Tools?
```
Qualys
Nessus
OpenVAS
AlienVault OSSIM
Nikto
Burp Suite
```
133
What is Suricata?
An engine that's capable of real-time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM), and offline pcap processing.
134
What is ntopng?
A web-based network monitoring application released under GPLv3. ntopng is the next generation version of the original ntop. ntopng has been written in a portable way in order to virtually run on every Unix platform, MacOSX and Windows.
135
What is Wireshark?
A widely used network protocol analyzer. It captures and intelligently browses the traffic passing through a network.
136
What are examples of Suspicious Network Events Detection and Validation Tools?
```
Suricata
ntopng
Wireshark
Colasoft
OmniPeek
Observer Analyzer
PRTG Network Monitor
Netflow Analyzer
```
137
What are examples of ARP Spoofing Detection Tools?
```
Caspa Network Analyzer
ArpON
ARP AntiSpoofer
ARPStraw
shARP
```
138
What is PromqryUI?
A tool used to detect which network interface card is running in promiscuous mode. If a system has network interfaces in promiscuous mode, it may indicate the presence of a network sniffer running on the system.
139
What is Nmap?
A tool used to detect if a target on a local Ethernet has its network card in promiscuous mode.
140
What is Snort?
An open-source network intrusion detection system (IDS), capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis and content searching/matching, and is used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, and OS fingerprinting attempts.
141
What is AIDA64 Extreme?
A tool that monitors the sensors within the server in real-time and helps in analyzing the performance of the server. It helps to track the network resource utilization.
142
What is Kiwi Log Viewer?
A Windows based tool that enables you to monitor log files for changes. It can display changes in real-time and lets you automatically monitor for specific keywords, phrases, or patterns.
143
What is High Orbit Ion Cannon (HOIC)?
A network stress and DOS/DDOS attack application. It's written in BASIC language and it is designed to attack up to 256 target URLs simultaneously. It sends HTTP POST and GET requests at a computer that uses lulz inspired GUIs.
144
What is Low Orbit Ion Cannon (LOIC)?
A network stress testing and DOS attack application. It can also be called a application-based DOS attacker as it mostly targets web applications. LOIC can be used on target sites to flood the server with TCP packets, UDP packets, or HTTP request with the intention of disrupting the service of a particular host.
145
What are Examples of DoS/DDoS Attack Tools?
```
High Orbit Ion Cannon (HOIC)
Low Orbit Ion Cannon (LOIC)
HULK
Metasploit
Nmap
Blackhat Hacking Tools
DAVOSET
Tsunami
R-U-Dead-Yet
UDP Flooder
DLR DoS
Moihack Port-Flooder
DDOSIM
```
146
What is KFSensor?
A Windows based honeypot IDS. It acts as a honeypot designed to attract and detect hackers and worms by simulating vulnerable system services and Trojans.
147
What are Examples of Tools used for dedecting DoS/DDoS Incidents?
KFSensor
SSHHiPot
Artillery
148
What is Anti DDoS Guardian?
A Windows based tool used to protect servers from DDoS attacks. It detects ans stops most DDoS/DoS attacks, including SYN attacks, IP flood, TCP flood, UDP flood, ICMP flood, slow HTTP DDoS attacks, Layer 7 attacks, Application attacks, and Windows RDP brute force password guessing attacks.
149
What is D-Guard Antil-DDoS Firewall?
A tool that provides protection from DDoS attacks for online enterprises, public and media services, essential infrastructure, and internet service providers. In can guard from attacks such as DoS/DDoS, Super DDoS, DrDoS, Fragment attack, SYN flooding, IP Flooding, UDP, mutation UDP, random UDP flooding attack, ICMP, IGMP Flood attack, ARP Spoofing attack, HTTP Proxy attack, CC Flooding attack, CC Proxy attack, CC varieties attack, and zombie cluster CC attack
150
What is Incapsula DDoS Protection?
A DDoS protection tool that quickly mitigates any size attack without getting in the way of legitimate traffic or increasing latency.
151
What are examples of DoS/DDoS Protection Tools?
```
Anti DDoS Guardian
D-Guard Anti-DDoS Firewall
Incapsula DDoS Protection
DDoS GUARD
Cloudflare
DOSarrest's DDoS Protection Service
DefensePro
F5
DD0SDefend
NetFlow Analyzer
Wireshark
NetScalar AppFirewall
Andrisoft Wanguard
```
152
What is dotDefender?
A software-based Web Application Firewall (WAF) that protects your website from malicious attacks such as SQL injection, path traversal, cross-site scripting, and others that result in website defacement.
153
What are examples of Web Application Firewalls (WAF)?
```
dotDefender
ServerDefender VP
IBM Security AppScan
Radware's AppWall
QualysGuard WAF
Barracuda Web Application Firewall
ThreatSentry
ThreatRadar
SecureSphere
ModSecurity
SteelApp Web App Firewall
Trustwave Web Application Firewall
Cyberoam's Web Application Firewall
Kerio Control
```
154
What is AlienVault OSSIM?
An Open-Source Security Information and Event Management (SIEM) tool. It provides a unified platform with capabilities like, Asset Discovery, Vulnerability Assessment, Intrusion Detection, Behavioral Monitoring, SIEM Event Correlation.
155
What are examples of SIEM Solutions?
```
AlienVault
ArcSight ESM
IBM Qradar SIEM
Splunk ES
FortiSIEM
SolarWinds Log and Event Manager
RSA NetWitness Platform
McAfee Enterprise Security Manager
Quest InTrust
TrustWave SIEM Enterprise
NetIQ Sentinel
LogRhythm NextGen SIEM Platform
Eventlog Analyzer
```
156
What is ClamAV?
An Open-Source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. It provides utilities such as a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates.
157
What is OSSEC?
An Open-Source tool to centrally collect and examine security logs from systems, network devices, and applications. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting, and active response. It can also be automated.
158
What is Appache Log Viewer (ALV)?
A tool which lets you monitor, view, and analyze Apache/IIS/nginx logs with more ease.
159
What are examples of Log Analysis Tools?
```
OSSEC
Apache Logs Viewer (ALV)
Loggly
InsightOps
GoAccess
Logz.io
Graylog
Splunk
Logmatic.io
```
160
What is Apility.io?
An anti-abuse API that helps incident responders or security personnel to know if the IP address, domain, or email of a user is blacklisted.
161
What are examples of Whitelisting/Blacklisting Tools?
```
Apility.io
AutoShun
Cisco Umbrella
I-Blocklist
CINS Army List
FireHOL IP Lists
Mejestic Million
Rutgers Blacklisted IPs
Statvoo
Megatron
BotScout
```
162
What is OpenDNS
A content filtering tool that lets you manage the internet experience on and off your network with acceptable use or compliance policies.
163
What are examples of Web Content Filtering Tools?
```
OpenDNS
nCompass
WebTitan
Smoothwall SWG
NetSentron
Symantec Secure Web Gateway
```
164
What is Proxy Switcher?
A web proxy tool. It allows you to surf the internet anonymously without disclosing your IP address.
165
What are examples of Web Proxy Tools?
```
Proxy Switcher
Proxy Workbench
CyberGhost VPN
Tor
Burp Suite
Hotspot Shield
Proxifier
Charles
Fiddler
Protoport Proxy Chain
ProxyCap
CCProxy
Privaxy
SocksChain
```
166
What is ApexSQL Log?
An auditing and recovery tool for SQL server database which reads transaction logs, transaction log backups, detached transaction logs and database backups, and audits, reverts or replays data and object changes that have affected the database, including the ones that have occurred before the product was installed.
167
What is CrowdStrike FalconTM Orchestrator?
An open-source tool used to recover from Web Application incidents. It is built on CrowdStrike's Falcon Connect API.
168
What are examples of Fuzz Testing Tools?
```
WSFuzzer
WebScarab
Burp Suite
AppScan
Peach Fuzzer
```
169
What is Fuzz Testing?
Fuzz Testing or Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.
170
What is Acunetix Web Vulnerability Scanner?
A Web Application security testing tool that checks web applications for SQL injections, cross-site scripting, and so on.
171
What is Watcher Web Security Tool?
A plugin for the Fiddler HTTP proxy that passively audits a web application to find security bugs and compliance issues automatically.
172
What is Netsparker?
A web application security testing tool that finds and reports web application vulnerabilities such as SQL injection and Cross-site Scripting (XSS).
173
What are examples of Web Application Security Tools?
```
Acunetix
Watcher Web Security Tool
Netsparker
N-Stalker Web Application Security Scanner
OWASP Zap
Arachni
Vega
Nessus
Skipfish
WebReaver
WSSA - Web Site Security Audit
Syhunt Hybrid
IronWASP
Wapiti
WebWatchBot
Secunia PSI
KeepNI
Exploit-Me
x5s
HconSTF
PunkScan
```
174
What is Loggly?
A Cloud-based Log Analysis Tool. It automatically recognizes common log formats and gives a structured summary of all the parsed logs. It provides real-time log monitoring, system behavior, and unusual activity.
175
What are examples of Cloud-based Log Analysis Tools?
```
Loggly
Sumo Logic
Splunk Cloud
Papertrail
Logz.io
Timber
Logentries
Semantext Cloud
```
176
What is Tripwire?
A MITC attack detection tool. It can be used to monitor user and network activity, changes in files, registry entries, and so on. The real-time monitoring can assist in the detection of Man-In-The-Cloud (MITC) attacks.
177
What is CloudPassage Halo?
A software-defined security (SDSec) platform. It was built to protect private clouds, public IaaS, and hybrid/multi-cloud infrastructure.
178
What are examples of Cloud Security Tools?
```
CloudPassage Halo
Qualys Cloud Platform
Azure Security Center
Nessus Enterprise for AWS
Symantec Cloud Workload Protection
Alert Logic
Deep Security
SecludIT
Panda Cloud Office Protection
Data Security Cloud
Cloud Application Control
Intuit Data Protection Services
```
179
How can Wireshark be utilized when responding to Insider Threats?
It can be used to analyze and detect suspicious activity across the organizational network. An Incident handler can enable filters on network traffic and detect if an employee within the organization has initiated a Telnet connection.
Similarly, it can capture and be used to analyze network traffic using FTP protocol.
180
What is Nuix Adaptive Security?
A tool for detecting data exfiltration. An incident handler can setup rules to monitor the network and the number of events and activities associated with user accounts within the organization.
181
Database Consistency Checker (DBCC) Commands
DBCC act as Database console commands for SQL Server to check database consistency. The DBCC LOG command allows incident handlers to view and retrieve transaction log files for specific databases.
Syntax: DBCC LOG(, )
The output parameter specifies the level of information an incident handler wants to retrieve. It includes the following levels:
o 0 = minimal information of each operation such as the Current LSN, Operation, and Transaction ID
o 1 = slightly more info than 0, such as Flag Bits and Previous LSN
o 2 = detailed information, including (AllocUnitId, page id, slot id, etc.)
o 3 = full information about each operation
o 4 = full information on each operation along with the hex dump of current transaction row
182
What is ObserveIT?
An Insider Threat Detection Tool, used to quickly identify and eliminate insider threats. It's an insider threat management solution that provides organizations with "eyes on the endpoint" and the ability to continuously monitor user behavior. Alerts can be sent out regarding activities that put the organization at risk.
183
What is DataRobot?
An automated machine learning platform for detecting insider threats. It combines predictive modelling expertise, best practices of data science, and experience to deliver accurate, actionable predictions with full transparency and rapid deployment.
184
What is Ekran System?
An Insider Threat Detection tool that allows incident handlers to monitor, detect and analyze user-based insider threats.
185
What are examples of Insider Threat Detection Tools?
```
ObserveIT
DataRobot
Ekran System
SS8 Insider Threat Detection (ITD)
CyberArk
Netwrix Auditor
InsightDR
Splunk UBA
CognitoTM
Forcepoint UEBA
Securonix UEBA
Leidos' Arena ITITM
Veriato Recon
```
186
What is the purpose of SIEM solutions regarding insider threats?
To provide the ability to build custom queries, generate alerts, retrieve data from multiple data sources, and enhance the potential analytical capability to prevent, detect, and respond to various insider threats.
187
What is the purpose of Data Loss Prevention tools with regards to insider threats?
DPL tools scan network traffic to find exfiltration of sensitive data and alert the administrators.
188
What are examples of Data Loss Prevention (DLP) tools?
```
Symantec Data Loss Prevention
SecureTrust Data Loss Prevention
McAfee Total Protection
Check Point Data Loss Prevention
Digital Guardian Endpoint DLP
Clearswift's Adaptive DLP
Trend MicroTM Integrated DLP
Sophos SafeGuard Enterprise Encryption
WatchGuard Data Loss Prevention
```
189
What are UBA/UEBA tools utilized for?
User Behavior Analytics (UBA) and User Entity Behavior Analytics tools collect user activity details and use artificial intelligence and machine learning algorithms to perform user behavior analysis to prevent and detect insider threats before the fraud is perpetrated.
190
What are examples of UBA/UEBA tools?
```
Exabeam Advanced Analytics
LogRhythm UEBA
Dtex Systems
Interset
Gurucul Risk Analytics (GRA)
Securonix UEBA
ZoneFox
```
191
What is the purpose of activity monitoring with regards to insider threats?
Activity monitoring tools record all the user activity on the organizational networks, systems, and other IT resources. The tools can record the user's keystrokes, capture screenshots, monitor internet usage, monitor software usage and track various other user activities on the organizational network.
192
What are examples of Activity Monitoring tools?
```
ActivTrak
SoftActivity Monitor
EKRAN Employee Monitoring Software
Spyrix Personal Monitor
StaffCop Standard
Hubstaff Employee Monitoring Software
iMonitor EAM
Employee Desktop Live Viewer
Veriato Investigator
Personal Inspector
REFOG Personal Monitor
Screenshot Monitor
Power Spy
NetVizor
SentryPC
```
