Download CompTIA Cybersecurity Analyst (CySA+) and more Exams Computer Security in PDF only on Docsity!
CompTIA Cybersecurity Analyst (CySA+)
FTP port(s) - TCP 20, 21 Telnet port(s) - TCP 23 TFTP port(s) - UDP 69 POP3 port(s) - TCP 110 IMAP port(s) - TCP 143 LDAP port(s) - TCP and UDP 389 SQL server port(s) - TCP 1433 Oracle database port(s) - TCP 1521 H.323 call signaling port(s) - TCP 1720 PPTP port(s) - TCP 1723 Most common Network Access Control (NAC) standard - 802.1x Defense Deception - Attempts to lure attackers to specific targets such as honeypots and DNS sinkholing. Dynamic analysis - Sandboxed, automated analysis of behaviour on virtual system and network. What it does. Static analysis - Analysis of the source or decompiled code. How it does it. Most common method of reverse engineering for hardware - Dynamic analysis.
Port range of well-known ports - 0- Port range of registered ports - 1024- Cisco event logging levels - Level, Name, Example 0, Emergencies, Failure causing shutdown 1, Alerts, Temperature exceeded 2, Critical, Software failure 3, Errors, Interface down 4, Warning, Configuration change 5, Notifications, Line protocol up/down 6, Information, ACL violation 7, Debugging, Debugging messages Linux logs path - /var/log/ Command to initiate DNS zone transfer - dig axfr @dns-server domain.name Social engineering tools -
- Social Engineering Toolkit (SET)
- Creepy
- Metasploit
- theHarvester Ways to mitigate passive recon -
- Control the information you release.
- Blacklist systems.
- Use CAPTCHAs.
- Set rate limits.
- Avoid publishing zone files.
- Educate users.
- Use vulnerability scanning.
- Use IDPS and SIEM. Security Content Automation Protocol (SCAP) - Enables automated vulnerability management, measurement, and policy compliance "` OR 1=1;" - An SQL injection attack Cross-Site Request Forgery (CSRF / XSRF) - Forces authenticated user to execute server-side actions. Cross-Site Scripting (XSS) -
- The Sleuth Kit (TSK) Equipment needed for field digital forensics -
- Write blockers
- Cables and adapters
- Digital camera
- Label maker
- Documentation and checklists
- SIM ejector Software for imaging storage media -
- EnCase Imager
- dd Software used for analysis -
- EnCase
- SIFT
- CAINE
- Autopsy Hashing algorithms for digital forensics - MD5 and SHA1/SHA Software for memory dumping -
- LiME (Linux)
- DumpIt (Windows)
- WinDbg (Windows)
- Volatility Framework (Windows, Linux, macOS)
- EnCase
- FTK Software for password recovery -
- Cain and Able
- Advanced Office Password Breaker
- ElcomSoft's Distributed Password Recovery
- Zip2John Digital forensics certifications -
- CGE: Certified Computer Examiner
- CFCE: Certified Forensic Computer Examiner
- CHFI: Computer Hacking Forensic Investigator
- GCFA: GIAC Certified Forensic Investigator
- GCFE: GIAC Certified Forensic Examiner
- CSFA: Cybersecurity Forensic Analyst
- ACE: AccessData Certified Examiner (FTK)
- EnCE: EnCase Certified Examiner
- DMC: Digital Media Collector
- DFE: Digital Forensic Examiner Order of Volatility -
- Registers and caches.
- Routing tables, ARP cache, process table, kernel statistics, memory, etc.
- Temporary file systems
- Disk
- Remote logging and monitoring data that is relevant to the system in question. For example, web site data, file server, data, etc.
- Physical configuration, network topology
- Backups / archival media. Good for trends and low volatility but takes time. Linux commands to kill process -
- killall -9 Kerberos port(s) - TCP and UDP 88 nmap switch for ping scan - -sn nmap switch for intense scan - -A nmap switch for identifying OS - -O nmap switch for scanning all ports - -p- nmap switch for identifying service - -sV nmap command for mass host discovery - "nmap -sP " SNMP agent port(s) - UDP 161 (unencrypted), TLS 10161 (encrypted) SNMP manager port(s) - UDP 162 (unencrypted), TLS 10162 (encrypted). L2TP port(s) - TCP 1701 IPsec port(s) - UDP 500, 4500
SCAP: CVE -
Common Vulnerabilities and Exposures (CVE). For security-related software flaws. SCAP: CVSS - Common Vulnerability Scoring System (CVSS). For severity of software flaws. SCAP: XCCDF - Extensible Configuration Checklist Description Format (XCCDF). For checklists and reporting results. SCAP: OVAL - Open Vulnerability and Assessment Language (OVAL). For low-level testing procedures. netstat -a - Show active connections netstat -0 - Show PIDs for connections netstat -e - Show Ethernet statistics on sent and received data netstat -r - Show routing table Fault injections - Tests error handlings parts of code Mutation testing - Tests whether small changes would cause failures Security regression testing - Ensures that changes don't create new problems Software for vulnerability scanning web applications -
- Acunetix WVS
- Archni
- Burp Suite
- IBM's AppScan
- HP's WebInspect
- Netsparker
- QualsGuard's Web Application Scanner
- W3AF
