Podcast
Questions and Answers
What type of information about the victim's network topology can adversaries gather for targeting purposes?
What type of information about the victim's network topology can adversaries gather for targeting purposes?
Which tool can be used for vulnerability scans on the victim's network?
Which tool can be used for vulnerability scans on the victim's network?
How can adversaries utilize gathered IP addresses during targeting?
How can adversaries utilize gathered IP addresses during targeting?
What kind of information might public IP addresses reveal about a victim?
What kind of information might public IP addresses reveal about a victim?
Signup and view all the answers
Which aspect of network topology might adversaries focus on for gathering information?
Which aspect of network topology might adversaries focus on for gathering information?
Signup and view all the answers
Which tool can be used to discover IP addresses in a network?
Which tool can be used to discover IP addresses in a network?
Signup and view all the answers
What type of reconnaissance involves adversaries probing victim infrastructure via network traffic?
What type of reconnaissance involves adversaries probing victim infrastructure via network traffic?
Signup and view all the answers
Which phase of the adversary lifecycle involves finding weak points and preparing for actions like sending phishing attempts?
Which phase of the adversary lifecycle involves finding weak points and preparing for actions like sending phishing attempts?
Signup and view all the answers
Which form of reconnaissance does not involve direct interaction with the victim infrastructure?
Which form of reconnaissance does not involve direct interaction with the victim infrastructure?
Signup and view all the answers
What is the primary purpose of active reconnaissance scans by adversaries?
What is the primary purpose of active reconnaissance scans by adversaries?
Signup and view all the answers
How do hackers typically leverage information gathered during reconnaissance for post-compromise objectives?
How do hackers typically leverage information gathered during reconnaissance for post-compromise objectives?
Signup and view all the answers
What is the goal of adversaries using public DBs or websites providing OSINT services during the reconnaissance phase?
What is the goal of adversaries using public DBs or websites providing OSINT services during the reconnaissance phase?
Signup and view all the answers
What is the main difference between active and passive reconnaissance scans?
What is the main difference between active and passive reconnaissance scans?
Signup and view all the answers
What is the purpose of scanning IP blocks during network reconnaissance?
What is the purpose of scanning IP blocks during network reconnaissance?
Signup and view all the answers
What is the goal of wordlist scanning during network reconnaissance?
What is the goal of wordlist scanning during network reconnaissance?
Signup and view all the answers
Why do adversaries scan victims for vulnerabilities during reconnaissance?
Why do adversaries scan victims for vulnerabilities during reconnaissance?
Signup and view all the answers
How do adversaries typically check for vulnerabilities in a target host/application?
How do adversaries typically check for vulnerabilities in a target host/application?
Signup and view all the answers
What distinguishes wordlist scanning from brute force attacks during reconnaissance?
What distinguishes wordlist scanning from brute force attacks during reconnaissance?
Signup and view all the answers
Study Notes
Reconnaissance and Active Scanning
- Adversaries use active reconnaissance scans to gather information about victims during targeting
- Active scans involve probing victim infrastructure via network traffic, unlike passive scans
- Scanning IP blocks can help adversaries gather information about victims, including IP addresses allocated to organizations by block or range
Vulnerability Scanning
- Adversaries use vulnerability scans to identify potential vulnerabilities in victims' systems
- Scans check if target host/application configurations (e.g., software and version) align with specific exploits
- Tools like OpenVAs, Nessus, and Metasploit can be used for vulnerability scans
Wordlist Scanning
- Adversaries use wordlist scanning to identify content and infrastructure using brute-forcing and crawling techniques
- Wordlists may contain generic, commonly used names and file extensions or terms specific to software
- Gathered information can be used to plan and execute Initial Access, scope and prioritize post-compromise objectives, or drive further Reconnaissance efforts
Network Information Gathering
- Adversaries gather information about network topology, including physical and logical arrangements of external-facing and internal network environments
- Information gathered may include network devices (gateways, routers, etc.) and other infrastructure details
- Tools like nmap can be used to gather network information, including IP addresses
IP Address Gathering
- Adversaries gather information about victims' IP addresses, including allocated IP addresses and usage details
- IP addresses can reveal information about organizational size, physical location, Internet service provider, and publicly-facing infrastructure hosting
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Learn about how adversaries leverage gathered information in various phases of the adversary lifecycle, including planning Initial Access and post-compromise objectives. Explore active reconnaissance scanning techniques and the use of gathered information in driving further Reconnaissance efforts.
