Recent

  • Show all results for ""
quiz image
By @raving_inner_city_lunatic

Information Gathering on Installed Software and Host Firmware

FastGrowingSloth avatar
FastGrowingSloth
·
·
Download

Start Quiz

Study Flashcards

18 Questions

What type of information about victim hosts can adversaries gather using asset scanners?

Administrative data and hardware details

How do adversaries create custom, target-specific wordlists for attacks?

By gathering data from various reconnaissance techniques

What is a common use of an asset scanner by APTs?

To identify vulnerabilities on victim hosts

What could be indicative of added defensive protections on victim hosts?

Dedicated encryption hardware like TPM

In the context of reconnaissance, what does OSINT stand for?

Open-Source Intelligence

What kind of details regarding victim hosts may adversaries gather using asset scanners?

/24 and /32 IP ranges

What type of information about installed software may be indicative of added defensive protections?

Information about the presence of additional components like antivirus and SIEMs

How can information about host firmware be used during targeting by adversaries?

To infer more details about hosts in the environment

Which of the following is NOT a detail that adversaries might gather about client configurations?

Employee names and email addresses

What type of information about a victim's identity can adversaries potentially use during targeting?

Sensitive details like credentials

How might knowledge of specific host firmware versions help adversaries in reconnaissance activities?

To infer details about the host's configuration and patch level

In the context of reconnaissance techniques, what role does information about installed software play?

Identifying potential vulnerabilities in the network

What does the JA3 value help in identifying?

Client's TLS client software

Which network security aspect do JARM and JA3S fingerprinting techniques help in enhancing?

Network traffic analysis

What is the focus of zoomeye.org as mentioned in the text?

Identifying and indexing Internet-connected devices and services

How do filters on zoomeye.org help users in their search?

Limit search results to specific criteria like country and IP

What type of information does www.spyse.com provide details on?

Domains, IP addresses, technologies used, open ports

Which purpose can Spiderfoot serve according to the text?

Asset scanning for security purposes

Study Notes

Adversarial Reconnaissance Techniques

  • Adversaries create custom wordlists using gathered data to target victims
  • Techniques include:
  • Gathering victim org information
  • Searching victim-owned websites

Host Information Gathering

  • Adversaries gather information about victim hosts, including:
  • Administrative data (name, assigned IP, functionality, etc.)
  • Configuration details (operating system, language, etc.)
  • Gathering information about hardware infrastructure, including:
  • Types and versions of hardware components
  • Presence of additional components (card/biometric readers, dedicated encryption hardware, etc.)
  • Gathering information about installed software, including:
  • Types and versions on specific hosts
  • Presence of additional components (antivirus, SIEMs, Microsoft securities, etc.)
  • Gathering information about firmware, including:
  • Type and versions on specific hosts
  • Inferred information about hosts in the environment (configuration, purpose, age/patch level, etc.)

Client Configurations and Identity Information

  • Adversaries gather information about client configurations, including:
  • Operating system and version
  • Virtualization and architecture
  • Language and time zone
  • Gathering information about victim identities, including:
  • Personal data (employee names, email addresses, etc.)
  • Sensitive details such as credentials

TLS Fingerprinting

  • JA3 value analysis can identify TLS client software, library, or specific version used
  • JARM and JA3S fingerprinting techniques provide insights into TLS connections, helping to:
  • Identify anomalies
  • Detect potential malicious activity
  • Enhance network security and threat intelligence

OSINT Tools

  • Zoomeye.org: a search engine and scanning tool for identifying and indexing Internet-connected devices and services
  • Offers filters for narrowing search results (country, device type, port, service running, IP, etc.)
  • Spyse.com: provides details on domains, IP addresses, technologies used, open ports, and SSL/TLS info
  • Censys.io: provides details on certificates, protocols, and other relevant information
  • Spiderfoot: an OSINT tool for gathering information (used for both offensive and defensive security)

Explore the details about installed software types, versions, and additional components like antivirus or SIEMs, as well as information about host firmware that can be exploited during cyber attacks.

Make Your Own Quizzes and Flashcards

Convert your notes into interactive study material.

Get started for free

More Quizzes Like This

Gathering Relevant Information Quiz
3 questions

Gathering Relevant Information Quiz

BeneficialJoy avatar
BeneficialJoy
Information Gathering Question
3 questions

Information Gathering Question

EventfulOrphism avatar
EventfulOrphism
Information Gathering & FO Card
14 questions

Information Gathering & FO Card

ConfidentTaylor avatar
ConfidentTaylor
Systems Analysis and Design: Information Gathering through Unobtrusive Methods
30 questions

Systems Analysis and Design: Information Gathering through Unobtrusive...

ProtectiveGothicArt avatar
ProtectiveGothicArt
Use Quizgecko on...
Browser
Open
Browser
Browser