NMAP/PACKET ANALYSIS
In what scenario would you receive an "ICMP unreachable" response when performing port scans?
UDP Connect & the port is closed
What are the three primary modes of SNORT?
- Sniffer mode
-Packet Logger Mode
-Network Intrusion Detection Mode
An IDS is typically deployed where on the network?
behind the firewall on the edge of the network.
THIS is a device or program that is (generally) compromised/controlled by a hacker or external entity to perform any instruction provided.
Bot
Using the UTC time of day (01:23:45. 67890123) format, what time was the 1994th packet of the PCAP Scan_222.pcap sent?
13:56:54.247816
What type of symmetric encryption does CryptCat utilize?
Twofish (uses one 256-bit key)
List IN ORDER the rule header of a SNORT rules.
[ACTION] [PROTOCOL] [SOURCE IP] [SOURCE PORT] -> [DEST IP] [DEST PORT]
Name 3 types of internet security protocols that operate from layers 4 and up on the OSI model.
SSL, TLS, SSH
Government Sponsored Organizations, Nation State, Companies Performing Intellectual Property theft are all examples of what classification of hackers?
Advanced Persistent Threat (APT)
In your Practical_Hashes_03 file you downloaded, there are multiple files sourced from one machine. find the filenames of the collision among them.
300.47.jpeg, 300.150.jpeg
What type of exploit is represented in this photo:
Connect back (reverse shell)
What are the two measurements do we use to identify latency?
Round Trip Time (RTT)
Time to first byte (TTFB)
What firewall topology is the most common for home networks?
Classic FIrewall Architecture
What phases of the malware life cycle did we discuss in class?
Dormant, Propagation, Triggering, Execution
What is the SID of the SNORT rules that will alert you with a message that says "FTP large SYST command" ?
1625
In IPv6 THIS is the process by which a host configures its own IP address based on it's MAC address.
SLAAC (Stateless Address Autoconfiguration)
Instead of using ARP, IPv6 utilizes what protocol?
Neighbor Discovery Protocol (NDP)
What bit encryption is used with Common Access Cards?
2048
DAILY DOUBLE!!!!
Name the three branches of the military that have never had an insider threat (at least to our knowledge)
Create a SNORT rule that will alert you when anyone from the 10.125.80.0/24 network attempts to connect using SNMP ports on your internal network. You want the alert to say "Not so simple mail" with the sid being the first local rule on your system. This will be the 4th revision.
alert tcp 10.125.80.0/24 any -> $HOME_NET [161,162] (msg:"Not so simple mail"; sid:1000000; rev:4;)
THIS IS A RACE!!
Two members of the team must create a NetCat connection and successfully send "Hello, World" from one member of the team to the other.
500 points for you!
THIS IS A RACE!!!
In the default snort configurations you downloaded, what ports are associated with the variable SHELLCODE_PORTS?
!80
When going into work, you must be wanded by the security team, badge in and put in your pin to enter the door. Once at your work station, your computer activity is logged and monitored. All of these components play a part in what?
Defense in Depth
What are the 4 different types of threats we discussed in the Mobile Tech lesson?
Mobile Application Security Threats
Web-Based Mobile Security Threats
Mobile Network Security Threats
Mobile Physical Device Security Threats
Open