Podcast Beta
Questions and Answers
What is the primary purpose of the cyber kill chain methodology?
Which of the following activities is involved in the reconnaissance phase of the cyber kill chain?
During the weaponization phase, what is typically created?
Which of the following best describes the delivery phase of the cyber kill chain?
Signup and view all the answers
Which technique is NOT typically used during the reconnaissance phase?
Signup and view all the answers
What is a common activity during the weaponization phase?
Signup and view all the answers
How does the cyber kill chain help security professionals?
Signup and view all the answers
Which of the following actions would NOT be part of preparing a cyber attack?
Signup and view all the answers
What is a characteristic feature of a computer virus?
Signup and view all the answers
Which of the following is NOT a purpose of creating viruses?
Signup and view all the answers
What is the first stage in the virus lifecycle?
Signup and view all the answers
What indication might suggest that a virus has compromised a system?
Signup and view all the answers
How do viruses typically spread to other systems?
Signup and view all the answers
Which of the following actions activates a virus within a target system?
Signup and view all the answers
What would NOT typically be a symptom of a virus attack on a computer?
Signup and view all the answers
What is one potential motive for a hacker to create a virus?
Signup and view all the answers
What is the recommended security setting level for your Internet browser to protect against spyware?
Signup and view all the answers
Which of the following is a valid reason to avoid opening emails from unknown senders?
Signup and view all the answers
What is one effective way to enhance the security level of your computer?
Signup and view all the answers
Why is it important to regularly update virus definition files?
Signup and view all the answers
What should you do before downloading software from a website?
Signup and view all the answers
When using peer-to-peer file-swapping software, what precaution should be taken?
Signup and view all the answers
What action is advisable to take if you identify vulnerabilities in your operating system?
Signup and view all the answers
When is it safe to perform web surfing and download files?
Signup and view all the answers
Which of the following is a common way a virus can be created?
Signup and view all the answers
What is ransomware primarily designed to do?
Signup and view all the answers
Which of the following is NOT a type of virus mentioned?
Signup and view all the answers
What distinguishes computer worms from viruses?
Signup and view all the answers
Which of the following is a responsibility of antivirus applications?
Signup and view all the answers
Which ransomware mentioned primarily attacks victims through email campaigns?
Signup and view all the answers
What type of virus is known to modify its own code to avoid detection?
Signup and view all the answers
What is a common characteristic of malicious online ads?
Signup and view all the answers
Which of the following best describes an encryption virus?
Signup and view all the answers
What is a potential consequence of connecting to untrusted networks?
Signup and view all the answers
What is the primary purpose of ethical hacking in an organization?
Signup and view all the answers
Which of the following skills are considered non-technical for an ethical hacker?
Signup and view all the answers
Which Google advanced search operator restricts results to documents that contain all the search keywords in the title?
Signup and view all the answers
What limitation is associated with hiring an ethical hacker?
Signup and view all the answers
Which tool would be used for extracting information about live hosts and open ports on a network?
Signup and view all the answers
Which of the following is NOT a type of scanning tool?
Signup and view all the answers
What is a primary function of reconnaissance in ethical hacking?
Signup and view all the answers
Which ethical hacking tool assists in extracting NetBIOS statistics?
Signup and view all the answers
What does ethical hacking primarily aim to improve in an organization?
Signup and view all the answers
Which of the following represents a benefit of using Google hacking in reconnaissance?
Signup and view all the answers
What is the primary focus of the 'Scanning' phase in ethical hacking?
Signup and view all the answers
Which of the following operators can be used to restrict search results to a specific website's domain?
Signup and view all the answers
Which of the following is a characteristic of technical skills required for ethical hackers?
Signup and view all the answers
What should organizations do to make the most out of hiring an ethical hacker?
Signup and view all the answers
Study Notes
Cyber Kill Chain Methodology
- The Cyber Kill Chain methodology is used to identify and prevent malicious intrusion activities.
- It helps security professionals to understand the adversary's tactics, techniques, and procedures beforehand.
Reconnaissance
- It gathers data on the target to probe for weak points.
- Activities include:
- Gathering information about the target organization through the internet or social engineering.
- Performing analysis of online activities and publicly available information.
- Gathering information from social networking sites and web services.
- Obtaining information about websites visited.
- Monitoring and analyzing the target organization’s website.
- Performing Whois, DNS, and network footprinting.
- Performing scanning to identify open ports and services.
Weaponization
- Creates a deliverable malicious payload using an exploit and a backdoor.
- Activities include:
- Identifying appropriate malware payload based on the analysis.
- Creating a new malware payload or selecting, reusing, and modifying available malware payloads based on the identified vulnerability.
- Creating a phishing email campaign.
- Leveraging exploit kits and botnets.
Delivery
- Sends weaponized bundle to the victim using email, USB, etc.
- The Gaining Access and Maintaining Access, as well as the Reconnaissance and Covering Tracks phases of the kill chain may be noticeable by the target organization.
Ethical Hacking Scope
- It is a crucial component of risk assessment, auditing, counter fraud, and information systems security best practices.
- It is used to identify risks and highlight remedial actions.
- It reduces Information and Communication Technology (ICT) costs by resolving vulnerabilities.
Ethical Hacking Limitations
- Without knowing what is being searched for and why, hiring an outside vendor to hack systems will not prove beneficial.
- An ethical hacker can only help an organization to better understand its security system; it is up to the organization to place the right safeguards on the network.
Skills of an Ethical Hacker
- Technical skills require in-depth knowledge of major operating environments, such as Windows, Unix, Linux, and Macintosh.
- Technical skills require in-depth knowledge of networking concepts, technologies, and related hardware and software.
- Technical skills require an expert understanding of technical domains.
- Technical skills require knowledge of security areas and related issues.
- Technical skills require high technical knowledge of how to launch sophisticated attacks.
Non-Technical Skills of an Ethical Hacker
- The ability to quickly learn and adapt new technologies.
- A strong work ethic and good problem-solving and communication skills.
- Commitment to an organization’s security policies.
- An awareness of local standards and laws.
Reconnaissance Using Advanced Google Hacking Techniques
- Google hacking refers to the use of advanced Google search operators for creating complex search queries to extract sensitive or hidden information that helps attackers find vulnerable targets.
Popular Google Advanced Search Operators
- [cache:] Displays the web pages stored in the Google cache.
- [link:] Lists web pages that have links to the specified web page.
- [related:] Lists web pages that are similar to the specified web page.
- [info:] Presents some information that Google has about a particular web page.
- [site:] Restricts the results to those websites in the given domain.
- [allintitle:] Restricts the results to those websites containing all the search keywords in the title.
- [intitle:] Restricts the results to documents containing the search keyword in the title.
- [allinurl:] Restricts the results to those containing all the search keywords in the URL.
- [inurl:] Restricts the results to documents containing the search keyword in the URL.
- [location:] Finds information for a specific location.
Reconnaissance Tools
- Web Data Extractor: Extracts targeted contact data (email, phone, and fax) from the website, extracts the URL and meta tags (title, description, keyword) for website promotion.
- Whois Lookup: Provides information about a domain name.
Scanning Tools
- Nmap: Extracts information such as live hosts on the network, open ports, services (application name and version), types of packet filters/ firewalls, as well as operating systems and versions used.
- MegaPing: Comprehensive Security Scanner, Port scanner (TCP and UDP ports), IP scanner, NetBIOS scanner, and Share Scanner.
- Unicornscan: Identifies the OS of the target machine by observing the TTL values in the scan result.
- Hping2/Hping3: Uses ICMP echo requests to determine if a host is online.
- NetScanTools Pro: Scans networks for open ports, vulnerable services, and other security risks.
- SolarWinds Port Scanner: Scans networks for open ports and vulnerable services.
- PRTG Network Monitor: Monitors network devices and applications to detect problems, and provides real-time network performance data.
- OmniPeek Network Protocol Analyzer: Captures and analyzes network traffic to identify security threats, troubleshoot network problems, and optimize network performance.
Enumeration Tools
- Nbtstat Utility: Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local and remote computers, and the NetBIOS name cache.
- NetBIOS Enumerator: Enumerates details, such as NetBIOS names, Usernames, Domain names, and MAC addresses, for a given range of IP addresses.
-
Other NetBIOS Enumeration Tools
- Global Network Inventory
- Advanced IP Scanner
- Hyena
- Nsauditor Network Security Auditor
Threat and Threat Sources
- A threat is any potential danger that could exploit a vulnerability and harm an information system or organization.
- A threat source is the origin of a threat.
What is a Virus?
- A virus is a self-replicating program that produces its own copy by attaching itself to another program, computer boot sector, or document.
- Viruses are transmitted through:
- File downloads.
- Infected disk/flash drives.
- Email attachments.
Characteristics of Viruses
- Infect other programs.
- Transform themselves.
- Encrypt themselves.
- Alter data.
- Corrupt files and programs.
- Self-replicate.
Purpose of Creating Viruses
- Inflict damage on competitors.
- Realize financial benefits.
- Vandalize intellectual property.
- Play pranks.
- Conduct Research.
- Engage in cyber-terrorism.
- Distribute political messages.
- Damage networks or computers.
- Gain remote access to a victim's computer.
Indications of Virus Attack
- Processes require more resources and time, resulting in degraded performance.
- Computer beeps with no display.
- Drive label changes and OS does not load.
- Constant antivirus alerts.
- Computer freezes frequently or encounters an error such as BSOD.
- Files and folders are missing.
- Suspicious hard drive activity.
- Browser window "freezes".
Stages of Virus Lifecycle
- Design: Development of virus code using programming languages or construction kits.
- Replication: The virus replicates for a period within the target system and then spreads itself.
- Launch: The virus is activated when the user performs specific actions such as running an infected program.
- Detection: The virus is identified as a threat infecting the target system.
- Incorporation: Antivirus software developers assimilate defenses against the virus.
- Execution of the damage routine: Users install antivirus updates and eliminate the virus threats.
How does a Computer Get Infected by Viruses?
- Accepting files and downloads without checking the source.
- Opening infected emails and file attachments.
- Installing pirated software.
- Not updating and not installing new versions of plug-ins.
- Not running the latest antivirus application.
- Clicking malicious online ads.
- Using portable media.
- Connecting to untrusted networks.
Types of Viruses
- System or Boot Sector Virus.
- File and Multipartite Virus.
- Macro and Cluster Virus.
- Stealth/Tunneling Virus.
- Encryption Virus.
- Sparse Infector Virus.
- Polymorphic Virus.
- Metamorphic Virus.
- Overwriting File or Cavity Virus.
- Companion/Camouflage Virus.
- Shell and File Extension Virus.
- FAT and Logic Bomb Virus.
- Web Scripting Virus.
- Email and Armored Virus.
- Add-on and Intrusive Virus.
- Direct Action or Transient Virus.
- Terminate & Stay Resident Virus.
Creating a Virus
- Writing a Virus Program: Programmers may create custom viruses with unique traits.
-
Virus Maker Tools:
- DELmE's Batch Virus Maker.
- Bhavesh Virus Maker SKW.
- Deadly Virus Maker.
- SonicBat Batch Virus Maker.
- TeraBIT Virus Maker.
- Andreinick05's Batch Virus Maker.
Ransomware
- A type of malware that restricts access to the computer system's files and folders.
- Demands an online ransom payment to the malware creator(s) to remove the restrictions.
Popular Ransomware Families
- Dharma: Attacks victims through email campaigns; victims are asked to contact attackers via a provided email address and pay in bitcoins for the decryption service.
- eCh0raix
- SamSam
- WannaCry
- Petya and NotPetya
- GandCrab
- MegaCortex
- LockerGoga
- NamPoHyu
- Ryuk
- Cryptgh0st
Ransomware Families
- Cerber
- CTB-Locker
- Sodinokibi
- BitPaymer
- CryptXXX
- Cryptorbit ransomware
- Crypto Locker Ransomware
- Crypto Defense Ransomware
- Crypto Wall Ransomware
Computer Worms
- Malicious programs that independently replicate, execute, and spread across the network connections.
- Consume available computing resources without human interaction.
- Attackers use worm payloads to install backdoors in infected computers.
-
Examples:
- Monero: A cryptocurrency miner that uses the victim's computer to mine cryptocurrency for the attacker.
- Bondat: A worm that uses a vulnerability in Microsoft Windows to spread and steal sensitive data.
- Beapy: A worm used to steal passwords, credit card information, and other sensitive data.
How is a Worm Different from a Virus?
- Viruses: Need a host program to replicate and spread.
- Worms: Replicate autonomously and spread through network connections.
- Viruses: Do not typically spread across networks.
- Worms: Can spread rapidly across networks.
- Viruses: Usually requires user action to activate.
- Worms: Can exploit system vulnerabilities and spread without requiring user action.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Test your knowledge on the Cyber Kill Chain methodology, essential for understanding and preventing malicious intrusions. Explore critical phases such as reconnaissance and weaponization to see how each step contributes to cybersecurity strategies.