Exam Review

Learn about attacks and mitigations

Recon tools

• OSINT
• Talos and others

MITM

• MITM - what is it?
• MITM - what is the best way to protect against MITM? Encryption
• Tools - ARPSPOOF, DNSSPOOF, Bettercap, sslstrip

Brute Force

• BruteForce - what is it?
• BruteForce - what is the best way to protect against MITM?
• tools - John, Hashcat, rar2john, hydra, medusa, CUPP
• remediation - longer password, complex password, password rotation, MFA

Network scanning

• Tools - nmap, masscan, zenmap
• What flag can be use to identify OS in a nmap scan?
• remediation - network hardening, SEIM, IPS, IDS

Social Engineering

• Tools - SET, ngrok, self-extractive-archieve (SFX)
• remediation - user training

Searching for vulnerabilities

• tools - searchsploit, search from metasploit, google explit DB, exploit-db
• EternalBlue - SMB exploit

Trojan maker

• msfvenom

Local PE vs Remote PE

• Goal: PE
• Enterprise Admin, NT authority, root user, sudo
• remediation - BIOS password, disk encryption
• Is BIOS password full proof? can else can be done to protect against BIOS vulnerabilities?

Web application security

• HTTP METHODS - GET, POST
• Tools - Burp Proxy, ZAP
• Request/Response Headers
• Response codes - 2xx, 3xx, 4xx, 5xx
• Burp Modules - ex - Intruder for brute force attack
• Server side technologies - PHP, JAVA, Python, ASP etc
• Client side technologies - HTML, CSS, JavaScript
• Database Technologies - MySQL, MSSQL, Oracle DB, PostGreSQL

XSS

• Types - reflected, stored, DOM based
• Commonly cookies are stolen to extract session ids.
• remediation - HTMLentities, input validation, HTTP headers

LFI / RFI

• types

SQL Injection

• Data exfiltration
• Types - error based, out of band, blind, time based
• remediation - Parameterized query
• Common commands: SELECT, UPDATE, ORDER BY, WHERE, UNION

Laws and Regulations

• GDPR
• ISO 27001
• NIST 800 53
• HIPPS
• PCI DSS

Hashing and encryption

• Common Hash types
• common encryption types