Cybersecurity Chapter 7: Remote Targeting Part One

Questions and Answers

What is the primary focus of Phase III: Remote Targeting?

• Developing complex passwords
• Identifying and targeting wireless systems (correct)
• Enhancing software firewall protections
• Improving physical security measures

Which of the following actions is NOT part of the wireless phases of targeting?

• Wireless reconnaissance
• Attacking wireless clients
• Attacking wireless access points
• Phishing via social media (correct)

What is a recommended approach if no wireless networks can be compromised?

• Focus attention on physical intrusions
• Immediately abandon the operation
• Target the wireless clients associated with those networks (correct)
• Shift focus to improving software security

Which wireless technology is considered less common today but still used?

802.11a (A)

When selecting a wireless network card, which of the following features is considered important?

Connection type (B)

Which of the following statements accurately describes the 802.11a standard?

It operates in the 5 GHz range. (D)

What is one potential vulnerability of newer wireless technologies?

They may be vulnerable to spoofed management traffic. (C)

What is the primary benefit of having a high-quality antenna in a wireless card?

It improves both transmission and reception of RF signals. (B)

What distinguishes a directional antenna from an omnidirectional antenna?

Directional antennas are also known as Yagi antennas. (B)

Which microcomputer is mentioned as an excellent low-priced option for various tasks?

Raspberry Pi (A), Guru Plug (C)

What is the primary disadvantage of using a longer antenna cable compared to a longer USB cable when setting up an external wireless card?

It leads to increased signal loss. (B)

Which of the following is true regarding the power output of wireless radios?

The legal power output varies based on the country and connection type. (A)

What command can be used to view the current settings and power output of a wireless card?

iwconfig (C)

When configuring a wireless card, what must be considered regarding the chipset?

It impacts both supported channels and features of the card. (B)

What is the maximum power output of radios in the United States for non-point-to-multipoint links?

30 dBm (B)

The most common wireless technologies currently in use include 802.11a and 802.11g.

False (B)

Wireless reconnaissance involves identifying target wireless networks and their vulnerabilities.

True (A)

Compromising a system at a target employee's home can be a method to gain access to their work computer.

True (A)

A directional antenna is typically used for point-to-point connections between clients and access points.

True (A)

The PCMCIA card type is considered a more flexible option than USB connections for wireless adapters.

False (B)

To maintain anonymity, APT hackers aim to compromise wireless systems only after identifying potential target employees.

True (A)

The output power of wireless radios is legally the same in all countries without any limitations.

False (B)

Increasing the length of the cable between an antenna and a wireless radio results in less signal loss.

False (B)

The maximum output power for radio transmissions in the United States can reach up to 50 dBm with a higher gain antenna.

False (B)

The chipset of a wireless card has no influence on the channels and features that the card supports.

False (B)

The 802.11a standard operates in the 2.4 GHz range.

False (B)

Directional antennas are also known as Yagi antennas.

True (A)

Unencrypted traffic in newer wireless technologies is immune to sniffing.

False (B)

Omnidirectional antennas radiate signals in a specific direction.

False (B)

The gain provided by an antenna is measured in decibels isotropic (dBI).

True (A)

Flashcards

Remote Targeting

Identifying and targeting wireless systems to maintain anonymity and compromise target employees.

Wireless Reconnaissance

Identifying target wireless networks and clients for potential compromise.

Spear Phishing

Targeting specific employees and their relationships by exploiting online public resources.

Wireless Client Attack

Attacking wireless devices to access the target organization's network from the target's personal device.

Wireless Standards

Different wireless technologies (e.g., 802.11b/g/n) that can be targeted for vulnerabilities.

802.11a standard frequency range

The 802.11a wireless standard operates in the 5 GHz frequency range.

Wireless antenna gain unit

Antenna gain is measured in dBi (decibels isotropic).

Directional antenna type

A directional antenna, sometimes called a Yagi-Uda antenna or simply a Yagi antenna, focuses signals in a specific direction.

Omnidirectional antenna

An omnidirectional antenna radiates signals equally in all directions.

Wireless antenna benefit

A wireless antenna improves both transmission and reception of radio frequency (RF) signals.

Directional Antenna

An antenna that focuses radio waves in a specific direction, used for point-to-point connections.

Wireless Card Antenna Types

External wireless cards often come with small, omnidirectional antennas (rubber ducky).

Antenna Cable Loss

Longer antenna cables lead to more signal loss, so using a longer USB cable is preferred if necessary.

Wireless Card Power

Wireless card power output is measured in dBm (decibels-milliwatts) or watts, increasing transmission, but not reception, strength.

Wireless Card Power Limits

Country-specific regulations limit the power output of wireless devices (e.g., 30 dBm in the US).

Remote Presence Reconnaissance

Gathering information about employees who work remotely for a target organization, including their home addresses, office locations, and even places they frequent.

Social Spear Phishing Through Family

Targeting an employee's family members with social engineering techniques to gain access to their email accounts or other personal information.

Wireless Attack Phases

A structured approach to attacking wireless systems, starting with reconnaissance, then targeting access points, and finally targeting wireless clients.

Wireless Card Features

Key considerations when selecting a wireless network card for hacking, including supported wireless standards, antenna types, connection type, and power output.

What frequency does 802.11a use?

The 802.11a standard operates in the 5 GHz frequency range.

What's the benefit of an external antenna?

A wireless antenna improves both transmission and reception of radiofrequency (RF) signals.

Why use an omnidirectional antenna for attacks?

Omnidirectional antennas are more appropriate when we don't know where our target is.

Antenna Connection Type

The type of connector used to attach an external antenna to a wireless card. Most cards come with a small, omnidirectional antenna.

What is Wireless Card Power Measured In?

The power output of a wireless card is measured in dBm (decibels-milliwatts) or watts.

Wireless Card Power Output Limit

The maximum power output of a wireless card is limited by regulations. This varies by country.

Wireless Card Chipset

The chipset in a wireless card determines its features and supported channels. Choosing the right chipset is crucial.

Study Notes

Chapter 7: Phase III: Remote Targeting - Part One

• Remote targeting is the core of this phase, allowing attackers to maintain anonymity while targeting wireless systems.
• Wireless systems are ubiquitous, enabling attackers to remain anonymous.
• Initial reconnaissance involves determining if there are any relationships between target employees that would enable spearphishing.

Remote Targeting Introduction

• Identifying and targeting wireless systems is the central focus.
• Maintaining important criteria for advanced persistent threats (APTs) is achieved through targeting wireless systems.
• Wireless reconnaissance is the next step, aiming to compromise any identified wireless networks after target relationships are evaluated.
• Compromised wireless networks are exploited by targeting key vulnerabilities.
• If wireless network compromise fails, wireless client services become the target.

Remote Presence Reconnaissance

• Gathering detailed information on targeted employees and the target organization is crucial.
• This involves examining remote worker policies available through public resources.
• Locating employee home addresses using online services like Spokeo and Intelinus is a common practice
• Employee office locations and lunch locations are also valuable.

Social Spear Phishing

• Social engineering plays a critical role.
• Attacking target employee family members is a method to gather more information.
• Email accounts of family members can provide crucial information about the targeted employee.
• Compromising target employee home systems allows for pivoting to directly attack their computers.

Wireless Phases

• Wireless systems and vulnerabilities are targeted in a specific order.

• Wireless reconnaissance is prioritized.

• Compromising wireless access points is the next step.

• Wireless clients are the final target.

• Time constraints (e.g., 45 minutes in a coffee shop) must be considered.

• Wireless clients become a target even if the wireless network itself is not vulnerable.

Remote Edge Access Points

• Remote access points (APs) receive configuration from a central wireless controller at a headquarters.
• VPNs (Virtual Private Networks) are likely part of the communication system.
• This diagram illustrates the configuration.

APT Wireless Tools

• Beyond a laptop and wireless network card, various tools are necessary.

• Specific features of wireless network cards are important, including supported standards, antenna types, and connection types..

• Laptop capabilities, and power/chipset should be considered.

Wireless Technologies

• USB connection is valued because of its flexibility for positioning adapter and antenna.

• The typical PCMCIA card type for laptops is listed as a common option.

• Important wireless technologies like 802.11b/g/n, 802.11a are mentioned as critical considerations.

• Newer technologies may not use WEP (Wired Equivalent Privacy), but still often use other protocols.

Raspberry Pi Microcomputer

• Low-cost microcomputers (like the Raspberry Pi) can be used.
• These machines are suited for tasks requiring various features and tools.
• The cost is relatively inexpensive, under $150.

Wireless Antennas

• Antenna quality and the ability to use external antennas are crucial decisions for wireless cards.

• A wireless antenna improves both transmit and receive radiofrequency signals.

• The gain of an antenna is measured in dBi (decibels isotropic).

• Directional antennas (Yagi-Uda antennas) are targeted to a specific area, while omni-directional antennas transmit in all directions.

• The longer the cable connecting the antenna to the wireless radio, the more signal loss will occur.

Power

• Power, measured in dBm or watts, affects the transmission strength. Not the receiving strength.

• Power limitations and restrictions related to specific countries are different.

• A maximum output power of 30 dBm (1 watt) in some US cases is listed.

• Adding a 6-dBi-gain antenna can improve performance.

Chipset

• Choosing a card and chipset is vital to supporting specific channels and features.
• Various Linux drivers support different radio chips (e.g., PRISM, Atheros, MadWifi, Mac802.11).
• Employ commands like "iw list" to view card capabilities.
• Ideally, the driver should handle passive and monitor modes.

Wireless Reconnaissance

• Discovering network topology, clients, and remote workers is necessary
• Active reconnaissance is difficult because many activities are observable and detectable.

Internet Wireless Reconnaissance

• A preliminary stage in wireless reconnaissance should identify basic aspects like wired and wireless capabilities, guest wireless, and access points.

Active Wireless Recon

• Before identifying the most effective wireless attack, determine the best access points to target.

• Two-step process: finding access points and then specific client devices of interest.

• Understanding existence and capabilities of wireless networks is a priority.

• Beacon frames are used to periodically announce network information.

• Data rates and timing are examples of this information.

Active Wireless Recon Tools

• Kismet, Airodump, and Android apps are primary tools for active reconnaissance.
• Kismet is popular for encompassing wireless enumeration, particularly suitable for war driving.
• Airodump is useful for information gathering about networks and client devices.

Active Wireless Recon, Kali Linux

• In Kali Linux, Kismet is pre-installed and ready to use.

• Using terminal command "kismet" triggers the graphical application.

• Kismet uses a client-server model, allowing remote capture sources if necessary, but primarily utilizes local sources.

• Airodump is part of the aircrack suite and can be used for reconnaissance.

• airodump-ng -w out mon0 is a command example to start listening on interface mon0 and save to the file out.

Active Wireless Recon, Android Apps

• Using different Android apps for recon—like "wardrive" or "WiGLE Wifi Wardriving"—is recommended.
• These apps display locations of wireless access points on a map, leveraging GPS features.
• "War Driving" is used when a building and physical access is unavailable.

Description

Explore Chapter 7 of your cybersecurity text, focusing on the critical phase of remote targeting. Learn how attackers maintain anonymity while exploiting wireless systems and the importance of reconnaissance in identifying target relationships. Dive into methodologies for compromising wireless networks and the tactics used when initial attempts fail.