Offensive Security

What is the first step of every attack in cybersecurity?

General information gathering.

What is footprinting in the context of cyber attacks?

The process of getting the size and scope of the target organization before launching attacks.

What is Open Source Intelligence (OSINT)?

The term that describes identifying information about your target using freely available sources.

What types of intelligence can be gathered through people?

Information about companies can be gathered from social networking sites like LinkedIn and Facebook.

Why is Open-Source Intelligence useful?

It allows for locating information without directly tipping off the target and helps identify potential attack surfaces.

What is the purpose of the whois utility?

To query databases that store information about address blocks and registered contacts.

What is the role of Regional Internet Registries (RIRs)?

To manage and allocate IP address blocks and provide contact information for organizations.

What does the acronym DNS stand for?

Domain Name System.

What are the main services provided by DNS?

Hostname to IP address translation, host aliasing, and mail server aliasing.

What is a caching mechanism in the DNS context?

Once a name server learns a mapping, it caches it to reduce lookup times.

What is Google Hacking?

Using specific keywords and search operators to narrow search results for information gathering.

How can web browsing help in reconnaissance?

Browsing can reveal technology used on the server through HTTP headers and source code.

What is p0f used for in passive reconnaissance?

To watch network traffic and provide details about the network passing by.

What is an authoritative DNS server?

A server that provides authoritative hostname to IP address mappings for an organization.

What are some uses of Shodan?

Shodan is a search engine for IoT devices and can track device types, vendors, and capabilities.

What are the five major RIRs mentioned?

ARIN, RIPE, AfriNIC, LATNIC, and APNIC.

What does DNSSEC provide for the Domain Name System?

Security for the DNS function, ensuring authentication and message integrity.

What does TTL stand for in DNS caching?

Time to Live.

What is the significance of the Google Hacking Database?

It is a resource for finding keywords that can help narrow down specific search results.

What is the function of Netcraft in cybersecurity?

To provide hosting history and details about web servers.

XMAS scan

A type of network scan that sends packets with the FIN, URG, and PSH flags set to probe for open ports on a target.

SYN

A type of TCP packet used to initiate a connection between two devices in a network. It is part of the TCP three-way handshake process.

RST

Packet that closed ports respond to a NULL scan withto indicate that the connection is rejected or that the port is closed.

ACK scan

A type of network scan that sends TCP packets with the ACK flag set to determine the state of ports on a target, often used to map firewall rules.

If an attacker decides to implement a less obvious port-scan, or stealth attack, what technique would be appropriate to make their activities more difficult to detect?

limit/slow their scan speeds

When using a port-scanner, what procedure can be conducted to identify which IP addresses belong to active hosts?

ping sweep

What network security tool, usually included with Kali Linux, allows a user to ping multiple IP addresses?

Fping

Hping

An advanced port-scanning tool hat can allow a security tester to bypass filtering devices by injecting crafted or otherwise modified IP-packets into a networkto test network security and detect vulnerabilities.

Script

Describes a text file containing multiple commands that would usually be entered manually at the command prompt