Cybersecurity Chapter 7: Remote Targeting

Questions and Answers

What is the initial step in the wireless targeting process?

Compromising wireless client services

Attacking wireless access points

Identifying potential vulnerable clients

Wireless reconnaissance (correct)

Which of the following is NOT a focus during remote presence reconnaissance?

Social media accounts of employees (correct)

Home address of targeted employees

Target organization’s policy on remote workers

Office location

What method can provide information from emails of the targeted employee?

Spear phishing employee’s colleagues

Directly phoning the employee

Targeting employee’s family members (correct)

Monitoring the employee's internet usage

Which wireless technologies are specifically important to target according to the content?

802.11b/g/n and 802.11a

What features are important to consider when choosing a wireless network card?

Antenna supported and power

What is the primary purpose of a directional antenna?

To facilitate point-to-point communication between two access points

What is the recommended method to reduce signal loss when a longer distance is required?

Use a longer USB cable instead of a longer antenna cable

Which unit measures the power output of a wireless card?

Decibels-milliwatts (dBm) or watts

What is the maximum output power for radios in the United States?

30 dBm

What is a potential effect of changing the region setting on the wireless card?

It alters the maximum transmission power allowed

Which command is used to check the current power setting of a wireless card?

$ iwconfig wlan0

Which factor influences the channels and features a wireless card can support?

The card and chipset selection

In which frequency range does the 802.11a standard operate?

5 GHz

What is the potential risk even in newer wireless technologies that might not use WEP?

They might be vulnerable to spoofed management traffic.

Which of the following is a key feature of a wireless antenna?

It improves both transmission and reception of RF signals.

What is the typical price range for microcomputers like the Raspberry Pi?

$50 to $150

Which type of antenna radiates signals in all directions?

Omnidirectional antenna

What is gain from an antenna measured in?

Decibels isotropic (dBI)

What are Yagi antennas also known as?

Directional antennas

What is a characteristic of omnidirectional antennas when performing malicious access point attacks?

They are the choice when the target location is unknown.

Wireless systems allow hackers to preserve their anonymity.

True

An attack should always start with compromising wireless clients before wireless networks.

False

USB wireless cards can connect to a wider variety of devices than PCMCIA cards.

True

The most common modern wireless technologies operate on the 5 GHz spectrum.

False

Targeting employees' family members can be a tactic used in social spear phishing.

True

A directional antenna is mainly used for point-to-point connections.

True

Power output of wireless cards can only be measured in watts.

False

Longer antenna cables have less signal loss compared to shorter cables.

False

The maximum output power for radios in the United States is 30 dBm.

True

Changing the region setting on a wireless card cannot affect its power output.

False

Using a 6-dBi-gain antenna can increase the effective output power.

True

The chipset of a wireless card does not influence the channels it can use.

False

The 802.11a standard operates in the 2.4 GHz range.

False

All wireless technologies are immune to sniffing of unencrypted traffic.

False

Antennas improve both the transmission and reception of RF signals.

True

Omnidirectional antennas radiate signals in a single direction.

False

A Raspberry Pi can cost as low as $500.

False

Directional antennas are also referred to as Yagi antennas.

True

The gain provided by an antenna is measured in dB.

False

Devices supporting external antennas offer limited advantages.

False

Wireless reconnaissance is the first step in targeting wireless systems and vulnerabilities.

True

A USB wireless card is restricted to connecting only to laptops.

False

802.11a is the most commonly used wireless technology today.

False

Targeting family members of employees can be an effective strategy in social spear phishing.

True

The characteristics of a wireless card do not impact its performance in different wireless spectrums.

False

The maximum output power of a wireless card in the United States is 20 dBm.

False

A directional antenna is typically used for point-to-multipoint connections.

False

Using a longer antenna cable tends to increase signal loss.

True

Power output of a wireless card can be influenced by the region setting of the card.

True

An external wireless card will usually come with a high-gain directional antenna.

False

Legal power limits for wireless transmissions vary by country.

True

The gain from an antenna is typically measured in milliwatts.

False

Wired Equivalent Privacy (WEP) protocol is commonly used in modern wireless technologies.

False

Omnidirectional antennas are used when the target's location is unknown.

True

A Raspberry Pi microcomputer can cost as much as $500.

False

The gain from an antenna is measured in decibels pseudo-isotropic (dBPI).

False

Directional antennas are also called Yagi antennas.

True

Wireless antennas can only improve the transmission of radiofrequency (RF) signals, but not reception.

False

A wireless card that supports external antennas offers greater flexibility and performance.

True

What is a significant characteristic of the 802.11a standard?

Operates in the 5 GHz range

What is the main advantage of using a directional antenna?

Provides higher gain in a specific direction

Which of the following best describes a potential vulnerability in newer wireless technologies?

They may still be susceptible to spoofed management traffic

What is a common price range for good quality microcomputers such as the Raspberry Pi?

$50 - $150

What does dBi measure in relation to antennas?

Gain of an antenna

Which type of antenna is generally preferred for malicious access point attacks?

Omnidirectional antenna

What is a disadvantage of using a longer cable from the antenna to the wireless radio?

It increases signal loss.

How is the effective output power of a wireless radio typically increased?

By adding a 6-dBi-gain antenna.

What advantage does an external antenna provide for a wireless card?

Enhances both transmission and reception

Which command is used to change the region setting of a wireless card?

$ iw reg set NX

Which of the following options correctly identifies a characteristic of omnidirectional antennas?

They radiate signals in all directions.

What does the power output of a wireless card typically indicate?

The transmission strength.

What is the primary limitation on the power output of radios in different countries?

Legal regulations unique to each country.

What aspect of a wireless card influences the channels it can access?

The chipset of the wireless card.

What does the abbreviation dBm stand for in the context of wireless power output?

Decibel milliwatts

What is the primary goal during the wireless reconnaissance phase?

To identify target wireless networks and potential vulnerabilities.

Which wireless standards should be prioritized when targeting wireless technologies?

802.11b/g/n and 802.11a.

In the context of remote worker reconnaissance, which type of employee information is NOT relevant to gather?

Purchasing history from the employee’s personal accounts.

What is a significant reason for targeting employees' family members in social spear phishing?

They can provide indirect information through their communications.

What should be a primary consideration when selecting a compatible wireless network card?

Types of devices it can connect to and antenna features.

The primary focus during the wireless reconnaissance phase is to compromise wireless client services first.

False

Using online services like Spokeo is an ineffective method for gathering information about targeted employees' home addresses.

False

The most popular wireless technologies today include 802.11b/g/n, while 802.11a is considered obsolete.

False

An omnidirectional antenna radiates signals equally in all directions.

True

The chipset type of a wireless card plays no role in determining the wireless standards it supports.

False

All modern wireless technologies are designed to completely eliminate the risk of unencrypted traffic sniffing.

False

Low-priced microcomputers can typically cost more than $150.

False

Directional antennas can improve both transmission and reception of RF signals.

True

Omnidirectional antennas are primarily used for targeted point-to-point communication.

False

The gain provided by a wireless antenna is measured in decibels isotropic (dBI).

True

All wireless antennas are designed to operate exclusively with internal connections.

False

The regions setting of a wireless card can potentially allow for increased transmission strength beyond legal limits.

False

Yagi antennas are a type of omnidirectional antenna.

False

A directional antenna can effectively transmit signals in multiple directions.

False

Using a longer USB cable instead of a longer antenna cable can help minimize signal loss.

True

The maximum power output of a radio in the United States is primarily influenced by the type of antenna being used.

False

Omnidirectional antennas typically provide higher gain compared to directional antennas.

False

The iwconfig command can be used to check the current channel settings of a wireless card.

False

Increased cable length from an antenna to a wireless radio always results in decreased signal strength.

True

What is a critical step if initial attempts to compromise wireless networks are unsuccessful?

Target wireless client services

What type of information is important to gather during remote presence reconnaissance?

Publicly available information on target employees

Which wireless technology operates primarily on the 2.4 GHz spectrum?

802.11n

What is a consideration when selecting a wireless network card?

The need for wireless standards support

In which order should attacks on wireless systems be performed for maximum effectiveness?

Reconnaissance, attack access points, then clients

What is the typical gain of an antenna that can increase the effective output power when added to a wireless radio?

6 dBi

Which command sequence allows a user to change the transmission power on a wireless card to the maximum value in New Zealand?

$ ifconfig wlan0 down; $ iw reg set NZ; $ ifconfig wlan0 up; $ iwconfig wlan0 txpower 30

Which country has a maximum output power limit for wireless radios unique to it, typically measured in dBm?

United States

The power output of a wireless card does NOT affect which of the following aspects?

Receiving strength of signals

What is the primary drawback of using a longer antenna cable rather than a longer USB cable for wireless connections?

Greater signal loss

In the context of wireless cards, increasing the region setting to New Zealand may allow for what change?

Only an increase in transmission power

What aspect does the chipset of a wireless card significantly determine?

Supported channels and features

What is a primary advantage of using a directional antenna over an omnidirectional antenna?

It provides more focused signal transmission.

Which factor is NOT important when considering a wireless network card’s antenna?

The aesthetic design of the antenna.

What is a potential security vulnerability in modern wireless technologies that do not implement WEP?

They may still experience vulnerabilities to spoofed traffic.

What is a common feature of a Raspberry Pi microcomputer?

It supports a wide range of wireless protocols.

What does 'gain' of an antenna typically refer to?

The increase in signal strength measured in dBI.

Which type of antenna is most suitable when the target's location is unknown?

Omnidirectional antenna.

In which price range do microcomputers such as the Raspberry Pi typically fall?

$50 to $150.

What is a characteristic of unencrypted traffic in newer wireless technologies?

It can be easily intercepted.

Study Notes

Chapter 7: Phase III: Remote Targeting

• Phase III of remote targeting focuses on identifying and targeting wireless systems.
• This phase is crucial for maintaining anonymity criteria for Advanced Persistent Threats (APTs).
• Wireless systems are ubiquitous, enabling stealth and anonymity.
• Initial reconnaissance involves determining employee relationships for spear phishing attempts.

Wireless Reconnaissance

• Following the initial reconnaissance phase, wireless reconnaissance is the next step.
• The goal is to compromise identified wireless networks by targeting key vulnerabilities.
• If initial attempts to compromise the network fail, wireless client services become the target.

Remote Presence Reconnaissance

• Gathering information about targeted employees, especially remote ones, is vital.
• This includes data from public resources, such as company policy on remote workers, home addresses (using online tools like Spokeo and Intelinus), office locations, and even lunch locations.

Social Spear Phishing

• Social engineering plays a role in this phase.
• Targeting employee family members can yield valuable information from emails.
• Compromising home systems can provide a pivotal point for attacking the employee's computer directly.

Wireless Phases

• Wireless systems are targeted in a specific order:
  • Wireless reconnaissance
  • Attack wireless access points
  • Attack wireless clients
• Time constraints (e.g., 45 minutes in a coffee shop) may exist.
• Even if the wireless network isn't vulnerable, clients at the location can still be targeted.

Remote Edge Access Points

• Remote access points (APs) receive configuration from a central wireless controller.
• This centralized control is a key part of the target infrastructure.
• Visualization: Illustrative diagram of headquarters, VPN, and remote office, connections between them, and the AP

APT Wireless Tools

• Beyond basic laptop and wireless network cards, specialized tools are beneficial.
• Wireless network cards with specific features are important considerations.
  • Wireless standards supported
  • Antenna supported
  • Connection type
  • Power
  • Chipset type

Wireless Technologies

• Choosing the correct device connection type (e.g., PCMCIA, USB) is significant.
• A few common options, such as Alfa and PRISM cards, facilitate connections and placement.
• The 802.11b/g/n standards are important.
• Newer technologies might have different WEP implementations.
• Wireless spectrums should be targeted (e.g., 2.4 GHz, 5 GHz).

Raspberry Pi Microcomputer

• Low-cost microcomputers like the Raspberry Pi are suitable for this phase.
• They offer features facilitating critical tools.

Wireless Antennas

• Antenna quality and the ability to use external antennas are crucial.
• External antennas enhance both transmission and reception
• Different antenna types exist (directional and omnidirectional)
• Directional antennas are useful for specific targets.
• Omnidirectional antennas offer broader coverage.

Connection Type

• "Rubber ducky" antennas are common, typically small with low gain.
• Longer cables can introduce transmission loss.
• Using USB cables rather than longer antenna cables may improve connections.

Power

• Maximum power output (e.g., dBm or watts) is limited based on legal country regulations.
• Power output should match the wireless networking hardware requirements.
• Kali commands provide information about power regulations.
• Adapting to regional power profiles is essential for success.

Chipset

• Chipset and card specifications dictate available channels and features.
• Popular Linux drivers (e.g., PRISM) support diverse applications.
• Use the command (iw list) to check the card's capabilities.
• Ensuring drivers support passive and monitor modes is important.

Wireless Reconnaissance (Active)

• Active wireless reconnaissance is performed to identify access points and networks.
• Specific tools (Kismet, Airodump) are used for network enumeration.
• This may require physical presence or proximity.
• Beacon frames provide information about SSIDs and data rates, for example.
• Important tools can include Android apps for mapping (such as wardrive or WiGLE WiFi Wardriving).

Internet Wireless Reconnaissance

• Basic information about wireless technologies is a starting point.
• Includes WiFi, guest wireless, guest access, and guest internet, for instance.

Active Wireless Recon Techniques

• This phase involves two steps:

  • Identifying and mapping access points/networks
  • Identifying client devices.

• Using tools in the Aircrack-ng suite is common.

• Finding BSSID (basic service set identifiers) is important.

• Tools include Kismet, Airodump, and Android applications for mapping wireless networks.

• War driving is an active reconnaissance technique used when traditional methods are unsuitable or prohibited.

Description

Explore Phase III of remote targeting in cybersecurity with a focus on identifying and compromising wireless systems. This chapter outlines essential reconnaissance techniques, including employee profiling and the use of public resources. Understand the significance of maintaining anonymity in Advanced Persistent Threats (APTs).