18 Questions
What type of information about victim hosts can adversaries gather using asset scanners?
Administrative data and hardware details
How do adversaries create custom, target-specific wordlists for attacks?
By gathering data from various reconnaissance techniques
What is a common use of an asset scanner by APTs?
To identify vulnerabilities on victim hosts
What could be indicative of added defensive protections on victim hosts?
Dedicated encryption hardware like TPM
In the context of reconnaissance, what does OSINT stand for?
Open-Source Intelligence
What kind of details regarding victim hosts may adversaries gather using asset scanners?
/24 and /32 IP ranges
What type of information about installed software may be indicative of added defensive protections?
Information about the presence of additional components like antivirus and SIEMs
How can information about host firmware be used during targeting by adversaries?
To infer more details about hosts in the environment
Which of the following is NOT a detail that adversaries might gather about client configurations?
Employee names and email addresses
What type of information about a victim's identity can adversaries potentially use during targeting?
Sensitive details like credentials
How might knowledge of specific host firmware versions help adversaries in reconnaissance activities?
To infer details about the host's configuration and patch level
In the context of reconnaissance techniques, what role does information about installed software play?
Identifying potential vulnerabilities in the network
What does the JA3 value help in identifying?
Client's TLS client software
Which network security aspect do JARM and JA3S fingerprinting techniques help in enhancing?
Network traffic analysis
What is the focus of zoomeye.org as mentioned in the text?
Identifying and indexing Internet-connected devices and services
How do filters on zoomeye.org help users in their search?
Limit search results to specific criteria like country and IP
What type of information does www.spyse.com provide details on?
Domains, IP addresses, technologies used, open ports
Which purpose can Spiderfoot serve according to the text?
Asset scanning for security purposes
Study Notes
Adversarial Reconnaissance Techniques
- Adversaries create custom wordlists using gathered data to target victims
- Techniques include:
- Gathering victim org information
- Searching victim-owned websites
Host Information Gathering
- Adversaries gather information about victim hosts, including:
- Administrative data (name, assigned IP, functionality, etc.)
- Configuration details (operating system, language, etc.)
- Gathering information about hardware infrastructure, including:
- Types and versions of hardware components
- Presence of additional components (card/biometric readers, dedicated encryption hardware, etc.)
- Gathering information about installed software, including:
- Types and versions on specific hosts
- Presence of additional components (antivirus, SIEMs, Microsoft securities, etc.)
- Gathering information about firmware, including:
- Type and versions on specific hosts
- Inferred information about hosts in the environment (configuration, purpose, age/patch level, etc.)
Client Configurations and Identity Information
- Adversaries gather information about client configurations, including:
- Operating system and version
- Virtualization and architecture
- Language and time zone
- Gathering information about victim identities, including:
- Personal data (employee names, email addresses, etc.)
- Sensitive details such as credentials
TLS Fingerprinting
- JA3 value analysis can identify TLS client software, library, or specific version used
- JARM and JA3S fingerprinting techniques provide insights into TLS connections, helping to:
- Identify anomalies
- Detect potential malicious activity
- Enhance network security and threat intelligence
OSINT Tools
- Zoomeye.org: a search engine and scanning tool for identifying and indexing Internet-connected devices and services
- Offers filters for narrowing search results (country, device type, port, service running, IP, etc.)
- Spyse.com: provides details on domains, IP addresses, technologies used, open ports, and SSL/TLS info
- Censys.io: provides details on certificates, protocols, and other relevant information
- Spiderfoot: an OSINT tool for gathering information (used for both offensive and defensive security)
Explore the details about installed software types, versions, and additional components like antivirus or SIEMs, as well as information about host firmware that can be exploited during cyber attacks.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free