L25: Analyze, Report, Automate

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/26

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

27 Terms

1
New cards

Goal of network mapping

Discover and interpret the layout of a given system

2
New cards

Stateful firewall

Keep track of the network connections

3
New cards

Stateless firewall

Examine packets individually without considering their context within a conversation

4
New cards

How to test firewalls

Simulate various traffic types, Look for holes, Use tools (hping3, nmap, curl, telnet, netcat)

5
New cards

Tunneling

Wrap the traffic inside protocols that the firewall allows

6
New cards

Port knocking

Use a specific sequence of connections to try to trigger rule changes in the firewall

7
New cards

Source spoofing

Test how the firewall responds to spoofed traffic

8
New cards

Payload obfuscation

Determine whether the firewall is inspecting the packet payloads or just the headers

9
New cards

Wireless enumeration

Discover nearby SSIDs, Capture handshakes for WPA cracking, Monitor channel usage

10
New cards

Non-switched traffic

All frames sent to every port

11
New cards

Switched traffic

Learns MAC address per port and only forwards frames to that destination

12
New cards

Promiscuous mode

NIC processes all ethernet frames it sees, not just those addressed to its MAC address

13
New cards

Monitor mode

NIC captures all raw 802.11 frames on a given channel (beacons, probe requests, handshakes, etc)

14
New cards

Virtual Local Area Network (VLAN)

Switches use VLAN tagging (tag with ID) to determine where the packet belongs

15
New cards

MITRE ATT&CK

For technique mapping

16
New cards

NIST CSF

For broad risk management cycles

17
New cards

Strategic threat intelligence

High-level trends

18
New cards

Tactical threat intelligence

IoCs, attacker tools

19
New cards

Operational threat intelligence

Active campaigns

20
New cards

Technical threat intelligence

Raw data like exploit code

21
New cards

Executive reports

high-level, non-technical risk-focused summaries and business impact

22
New cards

Technical reports

precise language (tool versions, commands), steps to reproduce, severity, remediation instructions

23
New cards

Fields of a ticket

Summary, description, severity, labels, status, assignee, due date

24
New cards

Lifecycle of a ticket

  1. Open

  2. In progress

  3. Resolved

  4. Closed

25
New cards

Questions to prepare a clear-cut retest strategy

  1. Who executes?

  2. What will it affect?

  3. How will it happen?

26
New cards

What is DevSecOps?

Embed security into every phase of SDLC

27
New cards

philosophies of DevSecOps

Security is everyone’s responsibility, Security flaws should be addressed earlier