Volume 2

Which TCP flag indicates that a connection should be torn down abruptly?

Responses?

Six control bits describe the packet's role in the connection:

SYN: Synchronize

ACK: Acknowledgment

FIN: End a connection

RST: Tear down a connection

URG: Urgent data are included

PSH: Data should be pushed through the TCP stack

Which of the following is a challenge of working with OSINT data?

Responses?

The primary problem with OSINT data collection is the number of unique data sources, each providing disparate data from varied search criteria. Many OSINT data services are free, but some require registration prior to use. Other OSINT data services require payment, sometimes charged as a price per search, a subscription model, a one-time cost, or one of many other variations.

What is the following Google search designed to do?

wireless site:somecompany.net

The site: directive allows an attacker to search for pages on just a single site or domain, narrowing down and focusing the search. The search "wireless site:somecompany.net" produces a search result for the term "wireless" limited to the site somecompany.net.

When interrogating a DNS server to discover information about the target domain, what tool can be used in controlling the output of DNS queries with more granularity?

The two primary tools to interrogate DNS servers are nslookup and Dig. Nslookup is available by default on Windows systems and some UNIX platforms. Dig is arguably a more powerful tool since you can control the output of DNS queries with more granularity than with nslookup. Windows users can install the BIND software that includes Dig, allowing you to run Dig on Windows systems as well.

DeepBlueCLI is an open-source framework that automatically parses Windows event logs. What log does DeepBlueCLI parse when you run it with no arguments?

.\DeepBlue.ps1

When at a PowerShell prompt as an Administrator and run .\DeepBlue.ps1 without any arguments, the security log will be read.

When performing reconnaissance, what data is collected before sending any packets to the target?

Before sending the first packet to a target, a modern attacker will harvest open-source intelligence (OSINT) information. OSINT refers to the cumulative data available about a target online, whether that is a target organization, target person, or other entity.

Which tool can detect attacks by analyzing offline Windows event log files?

DeepBlueCLI can detect multiple attacks, including several Metasploit exploits, Mimikatz, PowerShell Empire, password guessing, and password spraying. It can be used to analyze offline log files as well as event logs on the local system or a system on the Windows domain network.