The “Phase 2: Scanning” portion of the lab instructions were very confusing as they give commands to research and test but this portion of the lab has no interconnectivity to the internet. After much wasted time and talking to the lab assistances, it was noted that the students weren’t supposed to test in this environment but it was just information only and bringing up the help file. To offset and further understand this, the student set up a separate lab environment using Virtual Box with a Kali iso. All the main commands were tested with some different variation of options on a number of sites; advancedmissiongroup.com (the students own personal IP address but with no website), largobooks.com, and umuc.edu. Figure 10 demonstrates the …show more content…
The only thing better than gaining access to a system and keeping it is the ability to do it covertly or without anyone knowing what you did. In speaking with covert officers from the CIA who break into many kinds of locks and security, I found that lock picking is not the preferred method because you have to pick the lock open and then pick the lock closed again. Their mission is to work covertly and if someone knows they were there, it is a failed mission. According to the CEH prep exam book, “Hackers are much like other criminals in that they would like to be sure to remove all evidence of their activities. This might include using rootkits or other tools to cover their tracks. Other hackers might hunt down log files and attempt to alter or erase them” (Gregg, 2006). Covering tracks is maintaining a security awareness by sniffing internal systems for new counter measures could be an ongoing process to stay ahead of security. Appendix B Results. The second part of this lab is the actual exercise where the student will use the penetration testing tools and perform more active reconnaissance, and demonstrate gaining access through exploits found. Again, all step by step instructions can be found in Appendix B. The following are a summary and specific results that are called out in the lab. Part 1 is mainly set up and getting used to a tool called “httrack” to scrap or duplicate a known website we are using
When the pH is not at its optimum, the differing pH's will disrupt the bonding between the R groups of the amino acid causing its structure and the shape of the activation site to change
3. Which application is used for Step #2 in the hacking process to perform a vulnerability assessment scan?
The mole is a convenient unit for analyzing chemical reactions. Avogadro’s number is equal to the mole. The mass of a mole of any compound or element is the mass in grams that corresponds to the molecular formula, also known as the atomic mass. In this experiment, you will observe the reaction of iron nails with a solution of copper (II) chloride and determine the number of moles involved in the reaction. You will determine the number of moles of copper produced in the reaction of iron and copper (II) chloride, determine the number of moles of iron used up in the reaction of iron and copper (II) chloride, determine the ratio of moles of iron to moles of copper, and determine the number of atoms and formula units involved in
During the reconnaissance step of the attack, describe what task Zenmap GUI performs to do passive OS fingerprinting.
This lab provided a virtual environment that simulated a corporate WAN network. Having a similar network environment at the organization I am currently employed at, I have some experience with vulnerability scanning. I do not have much experience using the nmap utility however, so I was interested to get some experience by completing the tasks within this lab. I didn’t experience many challenges following the steps in the lab itself. I was able to launch the environment successfully and perform the steps without any issue. As with any new environment, it took me a little time to figure out the layout of the simulation and how it functioned. After reading the documentation and spending about ten minutes clicking through the different areas, I felt comfortable and began the steps of the lab.
Provide your observations and findings for the tasks in the labs. For example your observations regarding the network packets sent by Cain for ARP poison and denial of service attacks that made the tasks for the lab possible.
The oxidation number of an atom of any free element is ZERO. Means to say there is only one kind of atom present, no charge.
Discuss approaches to a penetration test and vulnerability scan in terms of black box, white box and gray box tests.
The penetration tools provided in this document allow us to review our network from a security standpoint. This paper focused predominantly on phase two of a penetration test, the exploitation phase; however, a successful penetration test typically starts with the reconnaissance phase. In this phase, the tester attempts to gain as much information about the target company and its network as possible. He or she will test the physical infrastructure (how do people gain access to the building?) and other organizational aspects of the company to find a weakness and a way to get in. Also during this portion of the test, the penetration tester will use tools such as NMAP, whois.com, and other resources to obtain information regarding the network
a) Tap and drag over the area of the graph where the resting heart rate is displayed to select the data.
10. There are four phases of penetration testing, according to NIST. They are planning, discovery, attack, and reporting. In the planning phase, rules are identified, management approval is finalized, and testing goals are set. The discovery phase starts the actual testing. Techniques commonly used in the discovery phase include port scanning, DNS interrogation, whois queries, search of the target organizations web servers, search of the LDAP, packet capture, NetBIOS enumeration, and Banner grabbing. While vulnerability scanners only check that a vulnerability may exist, the attack phase of a penetration test exploits the vulnerability, confirming its existence. The reporting phase occurs simultaneously with the other three phases of the penetration test.
Use the article assigned to you to answer the assigned questions. Upload the answers BEFORE the start of lab on the due date!
2. (5 pts) List and explain the names and affiliations of the various characters/stakeholders in this story – I’m looking for us to use the story to map out the complexities that are generally associated with solving public health puzzles – the stakeholders you list and explain here should apply to many of the cases we consider going forward.
This deals with doing your homework. Researching your target is the most important part of an attack. Once your target has been pick out, probing for possible vulnerabilities within their network is performed. With the use of common tools found on the internet like DNS and ICMP, Standard and customized SNMP tools, Port scanners and port mappers, and Security probes to exploit a potential target.
This report contains an overview of the testing process and issues that were found, details of the testing process, results found, the risks associated with the vulnerability and recommendations for rectifying the vulnerability. The results of the test can be of assistance to Ernst & Young when making decisions regarding information security.