6 - Ethical Hacking

Question 1

Threat modelling

Answer 1

Thinking how an adversary would attack a system

Question 2

White box Testing

Answer 2

Full info shared with testers. Confirms efficacy of internal assessment

Question 3

BlackBox texting

Answer 3

No info shared with testers about internals.

Identifies ways to access internal IT assets

Question 4

Attack steps

Answer 4

• Reconaissance
• Scanning
• Gaining Access
• Maintaining Access
• Covering Tracks

Question 5

Passive Recon

Answer 5

GAther info without any engagement with victim

Question 6

Active Recon

Answer 6

• Engage with target to gather info

Question 7

Maltego

Answer 7

Open source intel and graphical link analysis tool

Question 8

Protection against reconaissance

Answer 8

• Training, Polices, config
• Firewall
• IDS and Net monitoring
• Disable ‘banner display’
• Limit information made public

Question 9

Scanning

Answer 9

Find entry points and obtain a network map w/ vulnerabilities etc

Question 10

Scanning example info

Answer 10

• If alive
• Open ports
• protocols
• services
• OS ver
  …

Question 11

Scanning techniques

Answer 11

• ping/ping sweep
• banner grabbing
• web based dir enumeration
• firewall enumeration & fingerprinting
• DNS enumeration

Question 12

Ping/ping sweep

Answer 12

FInd out if a machine is alive (sweep = scanning several)

Sweeps can be blocked

Question 13

Banner Grabbing

Answer 13

Provides details of OS and running apps on a server on a log in message

Question 14

Firewall enumeration

Answer 14

Used to find what is allowed and what is denied

Question 15

Firewalk

Answer 15

A network auditing tool that detects misconfigurations

Question 16

NIDS

Answer 16

Network Intrusion Detection System
Detect scans for particular firewall ports

Question 17

DNS Enumeration

Answer 17

Locating all DNS servers and records.

For admins this helps maintain control of location of physical servers within a network

Hackers can try to “poison” DNS records to go to them

Question 18

Port scanning mechanic using TCP/UDP

Answer 18

Send TCP or UDP to all ports and see responses

Question 19

Port scan uses

Answer 19

• Hackers use to determine existance of hosts
• Security Pros: Determine rogue servers and close uneccessary ports

Question 20

Gaining Access

Answer 20

Exploiting one or more vulnerabilities

Question 21

Main vulnerabilities

Answer 21

• Bad config
• Assets used incorrectly
• Software/Hardware/Network
• Humans
• Physical environment
• Organisation

Question 22

Attack Surface

Answer 22

A network might include: services and apps, auth, management sys, remote access

Web app: inputs, queries HTTP components, functions

Question 23

Access Vector

Answer 23

How the hacker uses a attack surface to access.

Local: physical access
Remote: Remote Procedure Call for example

Question 24

Privilege Escalation

Answer 24

Taking advantage of flaws to grant elevated access to system/network

Question 25

Vertical Privilege Escalation

Answer 25

Lower privilege user/app gains ability to access higher priv users or apps

Question 26

Horizontal Privilege Escalation

Answer 26

Notmal user gains abilities reserved for other normal users

Question 27

Preventing privilege escalation

Answer 27

- Updates - Run apps without admin when possible - Run host based IDS on key servers

Question 28

Maintaining access

Answer 28

Installing a backdoor to get back in

Question 29

Rootkit

Answer 29

Installed at kernel level and conceals its existence from users and the system

Question 30

Pentest Challenges

Answer 30

- Time, cost resources - Scope - Authorisation/Legal - Protection/confidentiality of results - Methodology choice - Communication - Reporting