CompTIA Security+ 501 CompTIA Security+ SY0-501 Instructor: Ron Woerner, CISSP, CISM CompTIA Security+ Domain 2 – Technologies & Tools 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization Cybrary Instructor: Ron Woerner 1 CompTIA Security+ 501 2.2 Security Assessment Tools ● Protocol analyzer ● Data sanitization tools ● Network scanners ● Steganography tools ● Vulnerability scanner ● Honeypot ● Exploitation frameworks ● Backup utilities ● Configuration ● Banner grabbing compliance scanner ● Passive vs. active ● Command line tools Protocol Analyzers ● Aka Packet Sniffers ● Gathering packet-level information on a network ● Examples: Wireshark TCPDump Cybrary Instructor: Ron Woerner 2 CompTIA Security+ 501 Wireshark Network scanners / mappers ● Knowing what’s on your network ● Network enumeration Cybrary Instructor: Ron Woerner 3 CompTIA Security+ 501 Network scanners Network scanners Nmap / ZenMap Cybrary Instructor: Ron Woerner 4 CompTIA Security+ 501 Network scanners Fing (iOS & Android) Vulnerability scanner ● Software utility that scans a range of IP addresses and tests for the presence of known vulnerabilities in software configuration and accessible services ● Relies upon a database of known vulnerabilities Cybrary Instructor: Ron Woerner 5 CompTIA Security+ 501 Vulnerability Scanners Examples: ● Nessus (Tenable) ● OpenVAS: Linux ● Nexpose Community Edition: Scan web applications, databases, and virtual environments, ● Qualys FreeScan: Checks for hidden malware and SSL issues, among other network vulnerabilities OWASP ZAP ● ZAP - Zed Application Proxy ● Discovers security vulnerabilities in web applications Cybrary Instructor: Ron Woerner 6 CompTIA Security+ 501 Exploitation Frameworks ● Platforms used for penetration testing and risk assessments ● Frameworks contains a set of exploits for known vulnerabilities ● Examples: Metasploit, Canvas, and Core Impact ● Browser Exploitation Framework (BeEF) – pen testing tool for exploiting web vulnerabilities Kali Linux • Kali Linux is a Debian-derived Linux distribution, designed for digital forensics and penetration testing. • Kali Linux is preinstalled with numerous penetration-testing programs. • Kali Linux can be run from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits. 14 Cybrary Instructor: Ron Woerner 7 CompTIA Security+ 501 Social Engineering Toolkit (SET) Cybrary Instructor: Ron Woerner 8 CompTIA Security+ 501 Wireless Scanners ● Gather information about Wi-Fi networks ● Detect access points (rogue or valid) ● Break encryption keys Examples: ● Aerodump ● Kismet/KisMAC ● Netstumbler ● Vistumber ● inSSIDer Cybrary Instructor: Ron Woerner 9 CompTIA Security+ 501 Configuration compliance ● Microsoft Baseline Security Analyzer (MBSA): A software vulnerability scanner to analyze targeted Microsoft systems, to detect whether software security patches or baseline configuration settings are missing ● Center for Internet Security (CIS) ● Nessus (Also vulnerability scanning) Banner Grabbing ● A technique to identify operating systems, applications and services on a system ● Narrows vulnerability searches ● Netcat ○ Free download for Windows and Linux ○ Read & Write TCP & UDP network connections ○ Run from the command line Cybrary Instructor: Ron Woerner 10 CompTIA Security+ 501 Password Crackers ● Used to disclose passwords and assess password strength ● Online password-cracking tools enable you to type in the hash and get the password returned in plain text ● Examples: ○ Brutus ○ Cain and Able ○ John the Ripper ○ THC Hydra Honeypots / Honeynets Use: ● Systems or networks exposed to capture malicious activity ● Gather investigation evidence ● Study attack strategies Separated from any business network http://www.honeyd.org/ Cybrary Instructor: Ron Woerner 11 CompTIA Security+ 501 Steganography ● Means “hidden writing” – hiding messages, often in other media, so that unintended recipients are not even aware of any message ● Approaches: ○ Least significant bit insertion ○ Masking and filtering ○ Algorithms and transformations ● Common steganography tools include: ○ OpenPuff ○ Camouflage ○ Steghide ○ rSteg Data Sanitization Tools ● Sanitization – the process of removing contents from a device or media ● Examples: ○ DBAN ○ BCWipe ○ Cryptographic erase (CE) Cybrary Instructor: Ron Woerner 12 CompTIA Security+ 501 Command Line Tools ● man ● ping ● netstat ● tracert ● nslookup/dig ● arp ● ipconfig/ip/ifconfig ● tcpdump ● nmap ● netcat Command Line Tools SysInternals Suite • Autoruns • Process Explorer Video: Mark Russinovich, Malware Hunting Ron Woerner, 2017 Cybrary Instructor: Ron Woerner 13 CompTIA Security+ 501 Exam Preparation Also known as packet sniffers, these tools help you troubleshoot network issues by gathering packet-level information across the network? A. Vulnerability scanners B. Exploitation frameworks C. Configuration compliance D. Protocol analyzers Exam Preparation Alex is conduct forensics of a phishing email. She knows the IP address of the originating email server. What command would show Alex the compete path to that IP address? A. ping B. tracert C. netstat D. nslookup Cybrary Instructor: Ron Woerner 14 CompTIA Security+ 501 Security+ Lab Guide In this exercise, you will learn how to use the following tools: • Nmap / ZenMap • Wireshark Security+ Lab Guide In this exercise, you will learn how to use the following password cracking tools: • Cain & Abel • PWDump • LMHash • Detecting Rootkits Cybrary Instructor: Ron Woerner 15 CompTIA Security+ 501 Security+ Lab Guide CompTIA Security+ Domain 2 – Technologies & Tools 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization Cybrary Instructor: Ron Woerner 16.