Cybersecurity Information Gathering Techniques

Questions and Answers

What is the main goal of using anonymous identities, such as [email protected], in Whois database records?

To make the website appear more trustworthy to users

To prevent hackers from easily finding the website owner's contact information (correct)

To completely hide the identity of the website owner

To comply with privacy regulations

What tool is commonly used for banner grabbing, a technique employed to gather information about services running on open ports?

Netcat

Angry IP Scanner

Superscan

Nmap (correct)

What is the purpose of a ping sweep during target scanning?

To enumerate open ports on target hosts

To identify specific vulnerabilities in target systems

To discover hosts that are active and responding to network traffic (correct)

To determine the operating system running on target systems

What is a recommended countermeasure for preventing passive information gathering from public sources?

Reviewing publicly available information about the organization (B)

What is a primary difference between passive and active information gathering?

Passive information gathering is undetectable, while active information gathering may be detected by the target. (B)

Which of these is NOT a potential point of entry for an attacker or pentester?

Cloud storage (C)

How can an organization mitigate the potential for information disclosure through archives like the Wayback Machine?

Implementing a strict policy for data deletion and disposal (C)

Which of these is NOT a category of tools used for target scanning?

Vulnerability Assessment (C)

Which of these IS NOT a factor that makes the concept of threats ambiguous?

Threats are often static and unchanging, meaning they are easy to define. (D)

According to the content, what are the three core components of a security problem?

Threats, Vulnerabilities, and Assets (D)

Which of these is NOT a reason mentioned in the content for the necessity of understanding threats?

To ensure complete protection against all possible threats (C)

What is the primary function of the Microsoft Security Development Lifecycle (SDL) Threat Modeling Tool?

To identify potential security threats in software development (D)

Which of these is NOT a challenge faced by using the MS SDL Threat Modeling Tool?

The tool is not compatible with all software development methodologies (C)

What is the primary focus of the Week 3 Lab Activities on Active Information Gathering?

Using Nmap for Target Scanning (B)

Which of these is NOT a component of a security problem, as defined in the content?

Countermeasures (C)

Based on the content, what is the primary purpose of 'Threat Modelling'?

To identify and analyze potential security threats to a system or application. (A)

Which of the following is NOT a common piece of information revealed by a service banner?

User Name (D)

Which tool is often referred to as the 'Swiss Army Knife of networking' due to its versatility?

Netcat (B)

Which of the following tools is primarily used for passive network traffic analysis?

Wireshark (C)

Which of the following commands demonstrates the use of Nmap for banner grabbing?

nmap -sV 192.168.1.1 (B)

Which of the following is NOT a type of OSINT information gathering, as described in the content?

Interactive Information Gathering (C)

What is the primary purpose of intelligence gathering in a penetration testing framework?

To gather as much information as possible about the target to be used in later phases of the penetration test. (B)

Which of the following is NOT a step in the Penetration Testing Framework described in the content?

Security Auditing (D)

What is the MAIN goal of Semi-Passive information gathering?

To avoid detection by the target while gathering information. (C)

What is a key limitation of Passive Information Gathering?

It may provide outdated or inaccurate information. (B)

Which of the following is a characteristic of Active information gathering?

It uses network-level port scans to gather information. (D)

What is the main distinction between Passive and Semi-Passive information gathering?

Passive information gathering relies on archived information, while Semi-Passive information gathering involves querying published name servers. (C)

According to the content, what is the role of information gathering in a penetration testing framework?

To gather enough information for the subsequent steps in the penetration testing process. (D)

What is the purpose of running your own scans against your network?

To identify potential vulnerabilities that might be exploited by attackers (D)

Which of these actions is NOT a recommended countermeasure against active information gathering?

Deploying a firewall only on the perimeter of the network (B)

What is the primary purpose of 'Threat Modelling' in the Penetration Testing Framework?

To understand the potential threats and their impact on the system (D)

What is the main difference between 'full disclosure' and 'responsible disclosure' of vulnerabilities?

Full disclosure immediately releases information to the public, while responsible disclosure allows the vendor time to fix the issue before public release. (D)

Which of these is NOT a common characteristic used to define a 'threat' in the context of cybersecurity?

The specific vulnerability exploited by the threat actor (C)

Which of the following statements BEST reflects the purpose of 'log analysis' in cybersecurity?

To identify patterns of malicious activity indicative of an attack (B)

What is the primary purpose of 'pre-engagement interactions' in a penetration testing framework?

To establish clear communication and expectations with the client (A)

According to the provided content, what is one of the main reasons why removing banners can be considered a countermeasure against active information gathering?

Banners can reveal information about the operating system and software versions being used, which attackers use to identify vulnerabilities. (A)

Flashcards

Active Information Gathering

Collecting data from a target using direct interaction, often involving probing tools.

Passive Information Gathering

Gathering data without alerting or interacting directly with the target, utilizing only existing information.

Semi-Passive Information Gathering

Querying public information while mimicking normal internet traffic to avoid detection.

OSINT

Open Source Intelligence; publicly available information collected for intel purposes.

Vulnerability Analysis

Identifying weaknesses in a target's systems that can be exploited.

Threat Modelling

Assessing potential threats to a system and developing mitigation strategies.

Target Scanning

The process of identifying active devices and open ports on a target for further assessment.

Banner Grabbing

Extracting information presented by services running on open ports to identify versions and potential vulnerabilities.

Postmortem Attribution

Investigation after an event to trace activities but without identifying individuals.

Countermeasures Against Passive Gathering

Strategies to prevent unauthorized info collection from public sources.

Nmap

Network mapping tool used to discover hosts and services on a network.

Metadata Review

Checking data attributes before publishing to prevent information leakage.

Service Information

The reliable data obtained about a service, including its name, version, and operating system.

Netcat (nc)

A versatile tool for connecting to ports and reading banners, often called the Swiss Army Knife of networking.

Protocols with Banners

Protocols that typically return banners when connected, such as HTTP, FTP, and SMTP.

Threat

An entity that wants to cause harm to you or something you care about.

Vulnerability

A weakness in a system that can be exploited by threats.

Asset

A valuable resource or component that needs protection from threats.

Potential for Harm

The likelihood or capacity for an asset to be harmed by a threat.

Hazardous Events

Occurrences that can lead to harm or damage to assets.

Interpreting Threat Models

The process where different engineers may evaluate and understand threats in diverse ways.

Microsoft SDL

A structured approach by Microsoft for integrating security in software development.

Threat Modelling Techniques

Strategies used to identify and assess potential threats in software and systems.

Network Segregation

Dividing a network into smaller sections to enhance security and reduce risks.

Intrusion Detection Systems

Tools that monitor network traffic for suspicious activity and potential threats.

Log Analysis

Reviewing logs from network and applications to identify unusual patterns or incidents.

Abnormal Behavior

Activity that deviates from the norm and may indicate potential security issues.

Responsible Disclosure

Reporting vulnerabilities to the responsible party without public escalation until they respond.

Threat Agent

An individual or entity intending to cause harm to a system.

Adverse Action

Any action taken by a threat agent that can cause harm to an asset.

Vulnerability Disclosure Types

Ways of sharing vulnerabilities: no, limited, full, and responsible disclosure.

Study Notes

Ethical Hacking and Penetration Testing - Lecture 3

• Lecture Topic: Target Scanning (Active Information Gathering) and Threat Modelling
• Course: Ethical Hacking and Penetration Testing
• Outline: The lecture covers OSINT Types Recap, Active Information Gathering, Target Scanning and Tools, Banner Grabbing and Tools, Threats Overview, and Threat Modelling. A penetration testing framework is also presented
• Penetration Testing Framework: The framework includes pre-engagement interactions, information gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting
• Information Gathering (Step 2): Information gathering is performing reconnaissance against a target to gather as much information as possible. This information is used later in the penetration testing process. The more information during this phase, the more vectors of attack you may employ later.
• OSINT Forms Recap: Passive, semi-passive, and active information gathering. Active information gathering is the focus of this week's lecture
• Passive Information Gathering: This involves gathering information without interacting with the target, utilizing archived or stored information. Examples include Google searches. It can be difficult to perform as there should be no traffic to the target.
• Semi-Passive Information Gathering: This aims to profile the target like normal internet traffic by querying published name servers and examining metadata in published documents, avoiding active scanning for hidden content.
• Active Information Gathering: This involves detecting suspicious or malicious behavior by mapping network infrastructure, actively scanning open services, and searching for unpublished directories, files, and servers.
• Target Scanning: This involves trying various methods to find how systems announce themselves. Key parts include host discovery, port scanning, and operating system discovery. Identifying points of entry like server-side, client-side, web applications, and wireless are also important.
• Scanners: Tools used in target scanning include Nmap (GUI is Zenmap), Netcat, Superscan (at Foundstone), Angry IP scanner. Various scan types like Ping Sweep, TCP Port Scan, UDP Port Scan, and Operating System Discovery are mentioned. Nmap example shows how it scans for ports and services on a target.
• Banner Grabbing: A technique to gather information about a computer system's services running on open ports. This is done by connecting and reading the service's banner or message. Banner information provides service and software details.
• Banner Grabbing Tools: Telnet, Netcat (nc), and Nmap are examples. Netcat is a versatile tool used for networking tasks for system administrators and security professionals for reading and writing on TCP/UDP connections. Nmap offers scripts for banner grabbing.
• Countermeasures:
• Against Active Information Gathering: network segregation, disabling unnecessary services, firewalls, and intrusion systems. Removing banners and tracking network traffic are important for stopping information leakage
• Against Passive Information Gathering: reviewing public sources of information, checking for metadata before publication, using anonymous identities, reviewing whois database records, and considering private domain registrations. Keeping track of archives via tools like WayBack Machine, and implementing data lifecycle and elimination policies (trace the data deletion process) are important.
• Threat Modeling (Step 3): Understanding the threats, vulnerabilities, and assets is crucial. This modeling helps identify weaknesses.
• Threat Categories: The different types of attackers (petty criminals, organized crime, law enforcement) must be considered, along with vulnerabilities (i.e. missing encryption, software defects). Assets are critical (secrets, system integrity, and hardware value)
• Threat Modelling Approaches: Attacker-centric, Software-centric, and Asset-centric approaches can help identify vulnerabilities
• MS SDL Threat Modelling: This method involves describing the system, creating a checklist, and assessing impact to find countermeasures. It proposes tools (e.g. a Microsoft tool) for threat modeling. There are clear steps for following and a visual model of a web shop example
• Challenges: Interpreting threat models across different engineers can be challenging

Summary of Key Terms

• OSINT: Open-Source Intelligence
• Nmap: Network Mapper (a port scanning tool)
• Netcat: (nc) Networking tool
• SDL: Security Development Lifecycle (as applied to security)

Description

Test your knowledge on various cybersecurity practices and concepts related to information gathering techniques. This quiz covers anonymous identities in Whois records, banner grabbing tools, and the differences between passive and active information gathering. Challenge yourself with questions on security threats and mitigation strategies.