Cybersecurity Chapter 7: Remote Targeting Part One

Questions and Answers

What is the primary focus of Phase III: Remote Targeting?

Developing complex passwords

Identifying and targeting wireless systems (correct)

Enhancing software firewall protections

Improving physical security measures

Which of the following actions is NOT part of the wireless phases of targeting?

Wireless reconnaissance

Attacking wireless clients

Attacking wireless access points

Phishing via social media (correct)

What is a recommended approach if no wireless networks can be compromised?

Focus attention on physical intrusions

Immediately abandon the operation

Target the wireless clients associated with those networks (correct)

Shift focus to improving software security

Which wireless technology is considered less common today but still used?

802.11a

When selecting a wireless network card, which of the following features is considered important?

Connection type

Which of the following statements accurately describes the 802.11a standard?

It operates in the 5 GHz range.

What is one potential vulnerability of newer wireless technologies?

They may be vulnerable to spoofed management traffic.

What is the primary benefit of having a high-quality antenna in a wireless card?

It improves both transmission and reception of RF signals.

What distinguishes a directional antenna from an omnidirectional antenna?

Directional antennas are also known as Yagi antennas.

Which microcomputer is mentioned as an excellent low-priced option for various tasks?

Raspberry Pi

What is the primary disadvantage of using a longer antenna cable compared to a longer USB cable when setting up an external wireless card?

It leads to increased signal loss.

Which of the following is true regarding the power output of wireless radios?

The legal power output varies based on the country and connection type.

What command can be used to view the current settings and power output of a wireless card?

iwconfig

When configuring a wireless card, what must be considered regarding the chipset?

It impacts both supported channels and features of the card.

What is the maximum power output of radios in the United States for non-point-to-multipoint links?

30 dBm

The most common wireless technologies currently in use include 802.11a and 802.11g.

False

Wireless reconnaissance involves identifying target wireless networks and their vulnerabilities.

True

Compromising a system at a target employee's home can be a method to gain access to their work computer.

True

A directional antenna is typically used for point-to-point connections between clients and access points.

True

The PCMCIA card type is considered a more flexible option than USB connections for wireless adapters.

False

To maintain anonymity, APT hackers aim to compromise wireless systems only after identifying potential target employees.

True

The output power of wireless radios is legally the same in all countries without any limitations.

False

Increasing the length of the cable between an antenna and a wireless radio results in less signal loss.

False

The maximum output power for radio transmissions in the United States can reach up to 50 dBm with a higher gain antenna.

False

The chipset of a wireless card has no influence on the channels and features that the card supports.

False

The 802.11a standard operates in the 2.4 GHz range.

False

Directional antennas are also known as Yagi antennas.

True

Unencrypted traffic in newer wireless technologies is immune to sniffing.

False

Omnidirectional antennas radiate signals in a specific direction.

False

The gain provided by an antenna is measured in decibels isotropic (dBI).

True

Study Notes

Chapter 7: Phase III: Remote Targeting - Part One

• Remote targeting is the core of this phase, allowing attackers to maintain anonymity while targeting wireless systems.
• Wireless systems are ubiquitous, enabling attackers to remain anonymous.
• Initial reconnaissance involves determining if there are any relationships between target employees that would enable spearphishing.

Remote Targeting Introduction

• Identifying and targeting wireless systems is the central focus.
• Maintaining important criteria for advanced persistent threats (APTs) is achieved through targeting wireless systems.
• Wireless reconnaissance is the next step, aiming to compromise any identified wireless networks after target relationships are evaluated.
• Compromised wireless networks are exploited by targeting key vulnerabilities.
• If wireless network compromise fails, wireless client services become the target.

Remote Presence Reconnaissance

• Gathering detailed information on targeted employees and the target organization is crucial.
• This involves examining remote worker policies available through public resources.
• Locating employee home addresses using online services like Spokeo and Intelinus is a common practice
• Employee office locations and lunch locations are also valuable.

Social Spear Phishing

• Social engineering plays a critical role.
• Attacking target employee family members is a method to gather more information.
• Email accounts of family members can provide crucial information about the targeted employee.
• Compromising target employee home systems allows for pivoting to directly attack their computers.

Wireless Phases

• Wireless systems and vulnerabilities are targeted in a specific order.

• Wireless reconnaissance is prioritized.

• Compromising wireless access points is the next step.

• Wireless clients are the final target.

• Time constraints (e.g., 45 minutes in a coffee shop) must be considered.

• Wireless clients become a target even if the wireless network itself is not vulnerable.

Remote Edge Access Points

• Remote access points (APs) receive configuration from a central wireless controller at a headquarters.
• VPNs (Virtual Private Networks) are likely part of the communication system.
• This diagram illustrates the configuration.

APT Wireless Tools

• Beyond a laptop and wireless network card, various tools are necessary.

• Specific features of wireless network cards are important, including supported standards, antenna types, and connection types..

• Laptop capabilities, and power/chipset should be considered.

Wireless Technologies

• USB connection is valued because of its flexibility for positioning adapter and antenna.

• The typical PCMCIA card type for laptops is listed as a common option.

• Important wireless technologies like 802.11b/g/n, 802.11a are mentioned as critical considerations.

• Newer technologies may not use WEP (Wired Equivalent Privacy), but still often use other protocols.

Raspberry Pi Microcomputer

• Low-cost microcomputers (like the Raspberry Pi) can be used.
• These machines are suited for tasks requiring various features and tools.
• The cost is relatively inexpensive, under $150.

Wireless Antennas

• Antenna quality and the ability to use external antennas are crucial decisions for wireless cards.

• A wireless antenna improves both transmit and receive radiofrequency signals.

• The gain of an antenna is measured in dBi (decibels isotropic).

• Directional antennas (Yagi-Uda antennas) are targeted to a specific area, while omni-directional antennas transmit in all directions.

• The longer the cable connecting the antenna to the wireless radio, the more signal loss will occur.

Power

• Power, measured in dBm or watts, affects the transmission strength. Not the receiving strength.

• Power limitations and restrictions related to specific countries are different.

• A maximum output power of 30 dBm (1 watt) in some US cases is listed.

• Adding a 6-dBi-gain antenna can improve performance.

Chipset

• Choosing a card and chipset is vital to supporting specific channels and features.
• Various Linux drivers support different radio chips (e.g., PRISM, Atheros, MadWifi, Mac802.11).
• Employ commands like "iw list" to view card capabilities.
• Ideally, the driver should handle passive and monitor modes.

Wireless Reconnaissance

• Discovering network topology, clients, and remote workers is necessary
• Active reconnaissance is difficult because many activities are observable and detectable.

Internet Wireless Reconnaissance

• A preliminary stage in wireless reconnaissance should identify basic aspects like wired and wireless capabilities, guest wireless, and access points.

Active Wireless Recon

• Before identifying the most effective wireless attack, determine the best access points to target.

• Two-step process: finding access points and then specific client devices of interest.

• Understanding existence and capabilities of wireless networks is a priority.

• Beacon frames are used to periodically announce network information.

• Data rates and timing are examples of this information.

Active Wireless Recon Tools

• Kismet, Airodump, and Android apps are primary tools for active reconnaissance.
• Kismet is popular for encompassing wireless enumeration, particularly suitable for war driving.
• Airodump is useful for information gathering about networks and client devices.

Active Wireless Recon, Kali Linux

• In Kali Linux, Kismet is pre-installed and ready to use.

• Using terminal command "kismet" triggers the graphical application.

• Kismet uses a client-server model, allowing remote capture sources if necessary, but primarily utilizes local sources.

• Airodump is part of the aircrack suite and can be used for reconnaissance.

• airodump-ng -w out mon0 is a command example to start listening on interface mon0 and save to the file out.

Active Wireless Recon, Android Apps

• Using different Android apps for recon—like "wardrive" or "WiGLE Wifi Wardriving"—is recommended.
• These apps display locations of wireless access points on a map, leveraging GPS features.
• "War Driving" is used when a building and physical access is unavailable.

Description

Explore Chapter 7 of your cybersecurity text, focusing on the critical phase of remote targeting. Learn how attackers maintain anonymity while exploiting wireless systems and the importance of reconnaissance in identifying target relationships. Dive into methodologies for compromising wireless networks and the tactics used when initial attempts fail.