Domain Names and DNS Concepts

Questions and Answers

What is the purpose of a WHOIS record?

To provide a mapping of domain names to IP addresses

To store the legal owner's information of a domain (correct)

To check the availability of a domain name

To protect against phishing attacks

Which part of a domain name is the Top-Level Domain (TLD)?

The central portion of the domain name

The leftmost segment of the domain name

The prefix of the domain name

The rightmost segment of the domain name (correct)

What role do name servers play in DNS?

They maintain the WHOIS record of a domain

They secure the domain from attacks

They provide the IP address for a domain to a browser (correct)

They define the TLD of a domain name

What does DNSSEC help prevent?

Cache poisoning and man-in-the-middle (MITM) attacks

Which of the following statements is incorrect about domain names?

SLD is the rightmost portion of the domain name

What is the primary function of the Domain Name System (DNS)?

To translate domain names into IP addresses

Which of these is an example of a Second-Level Domain (SLD)?

singaporetech

What information is primarily contained in TLD Zone Files?

IP address mappings for domain names

Which of the following records provides the list of mail exchange servers?

MX record

Which statement best describes a registrant in terms of domain names?

The legal owner of the domain name

What does the SOA record represent in DNS?

Zone administration information

What tool can be used interactively to query internet name servers?

nslookup

Which of the following is NOT a function of DNS Data View?

Decrypt user passwords

Which service provides information about domain name ownership and contact details?

Netcraft

What type of DNS record gives the alias for a domain name?

CNAME record

What kind of information was believed to be leaked during the ICANN hack?

Harmless user preferences

What is the primary purpose of using Google hacking techniques according to best practices?

To identify your own security problems

Which of the following is NOT a recommended defense against Google hacking?

Ensuring sensitive information is removed completely

What does the term 'doxing' refer to?

Gathering or deducing information about a person online

What function does the robots.txt file serve?

It instructs well-behaved crawlers not to index certain pages

Which of the following is a common misconception about removing sensitive information from the web?

The removal ensures complete privacy

What is the primary tactic used in pretexting attacks?

Building a false sense of trust

What distinguishes baiting from phishing attacks?

The use of physical media to distribute malware

In what scenario does tailgating occur?

An unauthorized user follows an employee into a restricted area

What is a key characteristic of the quid pro quo technique?

Offering a service in exchange for information

What makes a hacker skilled at social engineering effective?

Ability to manipulate human weaknesses

How do proficient attackers often gather information for a hack?

Spending time developing connections with insiders

What is the primary purpose of a Google dork?

To find information not readily available on websites

Which method is noted as most successful for social engineering attacks?

Phone calls to employees posing as legitimate requests

Which situation is NOT likely to influence a social engineer's success?

Working in isolation without any prior relationship

Which of the following is an example of using a Google hacking technique?

Using ext:txt inurl:passwd

What does the Google Hacking Database (GHDB) provide?

A repository of advanced search queries and results

Which advanced search string might find text files containing passwords?

ext:txt inurl:password

What does the term 'bypass' in the context of logins refer to?

Accessing protected accounts without valid credentials

What could 'intitle:index.of.accounts' be used to search for?

Directories that list account information

Why is Google cache utilized?

To retrieve older versions of web pages

What file type can be targeted while searching for potentially sensitive account records?

CSV files

Study Notes

Whois

• Provides info about domain name registrant
• The registrant is the legal owner of the domain

Domain Names

• A domain is a logical region of the Internet.
• Domain names consist of one or more parts separated by periods, eg. “singaporetech.edu.sg”.
• Top-Level Domain (TLD) name – rightmost portion of the domain name, eg. “.sg”
• A Second-Level Domain (SLD) – next portion of a domain name (right to left), eg. “.org”.

Domain Name System (DNS)

• Each computer is assigned a unique IP address.
• A hostname is an alias for the IP address, e.g. “SIT-NB-X220-456”.
• When entering a domain name into a browser, name servers provide the IP address of the domain web server to the browser.

DNSSEC

• Domain Name System Security Extensions
• Prevents cache poisoning and man-in-the-middle (MITM) attacks

ICANN

• Internet Corporation for Assigned Names and Numbers
• In 2011, unauthorized persons gained access to usernames, email addresses, and encrypted passwords for profile accounts on ICANN.org website.
• Leaked info included harmless information such as user preferences, public biographies, interests, newsletters, and subscriptions.

Reconnaissance Techniques and Tools

• DNS Data View: Extracts DNS records (MX, NS, A, SOA)
• nslookup (also try dig): Queries internet name servers interactively. Translates domain name to IP address or vice versa.

Netcraft

- Provides internet security and data mining services.
- Can be used to footprint a website.
- Provides: Domain name owner, E-mail addresses, Name servers, Names and contact info of admin, technical staff.

BuiltWith

• Provides information about the technology used to build a website, such as programming languages, frameworks, and libraries.

Social Engineering Attacks

• Attacks that exploit human psychology to manipulate and trick victims into divulging sensitive information or granting unauthorized access.
• Types of attacks:
  • Pretexting: attacker creates a false sense of trust e.g., sympathy, appeal to empathy.
  • Baiting: Enticement used to obtain login credentials e.g., free game download.
  • Quid Pro Quo: Promise of a benefit in exchange for a service.
  • Tailgating (Piggybacking): Attackers follow authorized individuals into restricted areas without proper authentication.

Social Engineering Skills

• Hackers must be able to use charm and influence to manipulate.
• They must be able to build up insider knowledge and trust relationships.
• Attackers may spend days to complete a hack:
  • Learning internal company lingo and culture.
  • Developing connections with key people - security personnel and IT system support staff.

Techniques and Tools for Social Engineering Attacks

• Calls to employees:
  • Call help desk as a new employee for help with a particular task.
  • Angry manager calls lower-level system admin because password has suddenly stopped working.
  • System admin calls employee to fix her account...passwd filetype:txt (no space after :).

Google Hacking

• Uses advanced Google search operators to find sensitive or hidden information that is not readily available on a website.
• Google Dorking:
  • Info retrieved not for public.
  • Info available because not adequately secured.
• Google Hacking Database (GHDB):
  • https://www.exploit-db.com/
  • https://www.exploit-db.com/google-hacking-database/

Google Hacking Examples

• Example 1: "Some logins can be bypassed with SQLI"
• Example 2: "What is ext?"
• Example 3: "ext:txt inurl:passwd, ext:txt inurl:password, ext:csv inurl:passwd, ext:xlsx inurl:password"
• Example 4: "intitle:index.of.accounts"
• Example 5: Google Cache - https://webcache.googleusercontent.com/search?q=cache:h_HPg1aUUX4J:https://www.straitstimes.com/&cd=2&hl=en&ct=clnk&gl=sg

Google Cache

• Why use it:
  • Signatures (forgery)
  • Financial information

Shodan

• Search engine for Internet-connected devices.
• https://www.shodan.io/

Defences Against Google Hacking

• Use Google hacking techniques to uncover your own security problems.
• Proper configuration for web-based devices:
  • Use strong authentication not defaults.
• Have a good corporate security policy: e.g., policy for asset protection.
• Educate users about best practices.
• Use robots.txt so Web pages not indexed, but this can also signal sensitive data to attackers.

Spam

• Unsolicited bulk emails (e.g., phishing, malware)

Doxing

• Gathering or deducing information about someone using internet sources.
• “Document Tracing”
• Info could include name, age, email, address, telephone number, photographs etc.
• Used for different reasons e.g., who hacked my camera?, is person X masquerading as person Y?

Description

Test your knowledge on domain names, their components, and the Domain Name System (DNS). This quiz covers topics such as Whois information, top-level domains, and DNS security measures like DNSSEC. Dive into the fundamentals of how domains work in the internet ecosystem.