False Positive vs False Negative

 False Positive / False Negative

A false positive "reports" there is an issue when there is not a problem. 

Example: you run a vulnerability scan and it says that you are missing Apache updates for your web server. When you talk to the website admin he informs you that he has no Apache web servers, only Windows IIS. 

A false negative should have caught the problem but missed it completely. An example: you know that your system is missing updates but when you perform the vulnerability it says all the updates are there.

In both cases, you need to tune your system.

Vulnerability scanners, IPSs, & IDSs are all prone to both false positives & false negatives.

Blockchain

 Blockchain Usages

Blockchain is a decentralized method for transactional records protected via encryption.

Each record is called a block and is hashed.

The hash for a previous block is added to the hash for the next block in the chain. 

If a transaction is recorded incorrectly it cannot be deleted, the correct values need to be added as a new transaction.

Cryptocurrency transactions can be reviewed in a public ledger.

Blockchain can be used for different applications, providing integrity:

• Financial transactions
• Voting machines
• Notarization
• Identity and access management
• Data storage

Tokenization

 Credit Cards - Tokenization

Tokenization is used with an easy credit card reordering process. One such method is the vendor storing the credit card information (not in plaintext) for monthly or yearly subscriptions. 

This process can replace part or all of the original data. The token is located on a token server.

Tokenization is a security technique that replaces sensitive data with a non-sensitive substitute, called a token. Tokens are unique identifiers that link to the original data, but cannot be deciphered to access the original information.

Tokenization is used in many areas, including:

Payment processing

Tokenization protects credit card numbers and bank account numbers by replacing them with tokens. This removes the connection between the transaction and the sensitive data, making it safer to transmit data over wireless networks.

Speech recognition

Voice-activated assistants like Siri or Alexa use tokenization to process spoken words. When you ask a question or give a command, your spoken words are converted into text, which is then tokenized.

Commodities

Tokenization can be used to bring ownership of commodities like oil, gold, or agricultural products into onchain tokens. This makes the market for these assets more liquid and accessible.

Tokenization is also known as "masking" or "obfuscation".

 Attack Frameworks

MITRE ATT&CK (MITRE Adversarial Tactics, Techniques, and Common Knowledge)

This provides a database of known TTPs (Tactics, Techniques, and Procedures). 

Here is a link to the website: MITRE ATT&CK

Each individual technique is assigned a unique ID. 

The tactics are categorized as persistence, command & control, and initial access.

The Diamond Model of Intrusion Analysis

This is used to analyze an intrusion based on four core features:

• Victim
• Capability
• Infrastructure
• Adversary

Cyber Kill Chain Attack Framework

This is a white paper put out by Lockheed Martin.

This shows the order of the stages of an attack.

1. Reconnaissance - this stage where the attacker chooses the methods to use for the attack. The attacker collects information about the target's computer systems, supply chain, and employees.

2. Weaponization - The attacker chooses what exploit and payload code to use for the attack. 

3. Delivery - the attack vector to transmit the attack code to the target, an email attachment, or a USB drive.

4. Exploitation - trick a user into running the code by clicking on an attachment or drive-by-download.

5. Installation - this stage is for persistence

6. Command and Control (C2) - this stage is where the attacker can install additional tools

7. Actions on Objectives - this stage is where data exfiltration would take place.

Directory Traversal Attack

 Directory Traversal Attack Examples

http://www.sample.com/../../../etc/passwd

http://www.sample.com%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd

http://www.sample.com%2f..%2f..%2f..%2fetc%2fpasswd

http://www.sample.com2f..2f..2f..2fetc2fpasswd

C:\Users\JohnDoe\AppData\Local\Microsoft\Office

Some of these examples used percent-encoding. 

%2E is a period "."

%2F is a "/"

 METADATA

Metadata is data about data, such as the information about things that you used on your mobile device like taking a picture. The date and time, and the GPS location.

• GPS Tagging
• Photographs
• Video 

Files on your PC, smartphone, laptop, tablet, etc. Multiple attributes are recorded and attached to these files. If the person creating the document backdates the date on the document, you can see the date it was made.

• Date and time created
• When it was modified
• When it was accessed

Metadata is recorded when you make a phone call or send a text.

• Incoming and outgoing phone numbers are involved.
• The date and time of the class.
• The duration of the calls.
• SMS text time

Protecting Passwords Against Offline Attacks

 Offline Password Attacks & Preventive Measures

Rainbow table attack

The best protection against this type of attack is to add salt (random data) to the password before hashing

Brute Force & Dictionary

The best method for slowing down the attacker from discovering the password is to use key stretching. This method uses thousands of rounds of hashing. This does not make the key stronger, but the attacker has to do a lot of processing to check each possible key to find the correct one. There are 2 methods on the exam:

PBKDF2 & bcrypt

Port Numbers to know for the exam

 Port Numbers - Associated Protocol

Port Number                                   Protocol

21        TCP                                      FTP (File Transfer Protocol)

22        TCP                                      SCP  (Secure Copy Protocol)

22        TCP                                      SFTP (Secure File Transfer Protocol) 

23        TCP                                      Telnet

22        TCP                                      SSH (Secure Shell)

53        TCP / UDP                            DNS (Domain Name System)

67        UDP                                     DHCP (Dynamic Host Configuration Protocol - server) 

68        UDP                                     DHCP (Dynamic Host Configuration Protocol - client)    

69        UDP / TCP                           TFTP (Trivial File Transfer Protocol)

80        TCP                                      HTTP (Hypertext Transfer Protocol)

135      TCP /UDP                            RPC (Remote Procedure Call)

139      TCP                                      NetBIOS (MS file sharing port - legacy)

143      TCP                                      IMAP (Internet Message Access Protocol)

161      UDP                                     SNMP (Simple Network Management Protocol)

443      TCP                                     HTTPS (Hypertext Transfer Protocol Secure)

445      TCP                                     SMB (Server Message Block)

1812    UDP                                     RADIUS (Remote Authentication Dial-in User Service)

3389    TCP                                     RDP (Remote Desktop Protocol)

Brute Force, Dictionary, Spraying Attacks

 Password Discovery Methods

All of these attacks covered in the section are online attacks. 

BRUTE-FORCE:

• Uses an exhaustive list trying to guess the passwords.
• Password guessing programs used for brute force attacks can check anywhere from 10,000 to 1 billion passwords per second. 
• Brute force attacks are run against a single username with multiple password guesses.

EXAMPLE:
cbgto1gpy

cbgto2gpy

cbgto3gpy

cbgto4gpy

cbgto5gpy

cbgto6gpy

The sixth character changes in this example when the program has completed all possible combinations with the 6th character and it has not discovered the password, then the 5th character will change to the letter "p" and will continue the process. 

DICTIONARY:

• A dictionary attack will go through common words out of the dictionary and does not use complexity.
• Dictionary attacks are run against a single username with multiple password guesses. This is also an automated program.

SPRAYING ATTACK:

• A spraying attack is one password, normally simple or commonly used against multiple accounts (2 or more usernames). 
• The attacker waits a period such as 30 minutes or longer. 
• This is done to bypass account lockout. 
• Most account lockouts reset the failed login counter back to "0" at that point.

There are two primary ways to prevent brute-force or dictionary attacks:

• Account lockout after 3 to 5 failed login attempts
• The other is to use MFA (Multi-Factor Authentication)

Access Protocol by Network Type

 Kerberos, RADIUS, & SAML

Kerberos

• Inside a network such as an office
• Domain environment

RADIUS (AAA)

• VPNs
• Wireless (Enterprise mode)
• Keywords: AAA, PKI, 802.1x

SAML (Security Assertion Markup Language)

• Accessing a third-party website, web domain, webpage, CSP
• Uses federation for authentication
• Provides SSO (Single Sign-on)
• Uses username & password from a popular website such as Google as the identity provider

Pass the Hash Attack

 PtH (Pass the Hash Attack)

Pass the Hash Attack is used by attackers & penetration testers. With this, they can achieve lateral movement or pivot to other systems in the network.

You do not have to crack the password as the hash is the password.

A couple of ways to prevent this attack is to use group policy to prevent the caching of administrator passwords.

The other is to use the password-salting method. That way even if the admin uses the same local password for each system the hashes will be completely different.

SSL Stripping Attack & Prevention

 SSL Stripping - SSL/TLS Downgrade

This type of attack can be called either of the above names. Pay attention to the question. The question may have stated the user went to his financial organization's website, https://www.bank.com. But when you look at the logs the user actually went to http://www.bank.com. 

HTTPS would have used port 443, whereas HTTP will use port 80. That could be another hint as to the attack being SSL Stripping or SSL/TLS downgrade attack that has taken place.

The ways of preventing these attacks (has to be configured on the server):

• HSTS (HTTP Strict Transport Security)
• HTTP security header

CVE & CVSS the differences

 CVE and CVSS

CVE (Common Vulnerabilities and Exposures)

CVE deals with the platform itself that has a known vulnerability.

Operating System

Applications

Hardware such as a switch, router, firewall, etc.

IoT (Internet of Things)

CVSS (Common Vulnerability Scoring System)

This lets us know how criticality of the vulnerability.

This is a calculated value based on several elements

Percent Encoding and the Attacks they are Associated

 PERCENT ENCODING

Character            Percent Encoding        Attack

space                   %20                              SQLi

'                            %27                              SQLi

Examples: 

%27%20or%20%27

'%20or%20"

.                            %2E                            Directory Traversal

/                            %2F                            Directory Traversal

Examples:

%2E%2E%2F%2E%2E%2F

..%2E..%2E

..2F..2F

<                           %3C                           XSS (Cross-site Scripting)

>                           %3E                           XSS (Cross-site Scripting)

<script>

Also, look for .js at the end of a URL

New Blog for CompTIA Network+ (Link)

 

Below is the link for the blog for CompTIA Network+. This is a work in progress and we will attempt to add posts daily.

These posts will be mainly exam-driven material. There will also be real-world videos on how to use certain tools.

CompTIA Network+ Exam Prep Blog Link

CompTIA Security+ SY0-701 Acronyms Video

 CompTIA Security+ SY0-701 Acronyms

CompTIA Security+ SY0-701 Acronyms Flashcards

Acronyms needed to know for the SY0-701 exam

CompTIA Security+ SY0 701 Acronym Flashcards » Create A Flashcard @ProProfs