PowerShell 003 - Piping, Variables and a few Commands

Piping, Variables and a few Commands

            Piping | (above the enter key) - Used to "pipe" (continue/extend) one cmdlet into another


                        Start-Process 'C:\[Path]\[file.exe]'

            Starts a process at the specified file location



                        Get-Process [Name] | Stop-Process

            Gets a specified process and stops it.



                        Run "cmd.exe /c \"start compmgmt.msc\""

            Will run a command in cmd.exe, runs what is between “[cmd]”



                        $hn = hostname

                        Get-WmiObject -Class Win32_Product -ComputerName $hn | select name

            $hn is variable set as the current device hostname, the next line will pull a list of installed applications piped | into a filter to only show by name.

Network+ 002 - 1.1 Encapsulation Concepts

1.0 Networking Fundamentals

        1.1 Encapsulation Concepts 

        Data Encapsulation and Decapsulation

                Ethernet Header - The Ethernet Header contains destination and source MAC addresses, the EtherType field and an optional tag.

                IP Header - The IP Header contains information about IP version, source IP address, destination IP address, time-to-live, etc.

IPv4, IPv6



TCP Header, UDP Header



                TCP Flags - Bits contained in a TCP Header that indicate various states during a TCP conversation.

                        SYN (Synchronize) - Used to initiate a connection.

                        ACK (Acknowledgement) - Used to confirm initiation requests, tear down requests, and to confirm data packets have been received.

                        RST (Reset) - Indicates the connection might be down or a service is not accepting the requests.

                        FIN (Finish) - Indicates the connection is ending, being torn down.

                        PSH (Push) - Indicates the data should be passed directly to the application instead of buffering.

                        URG (Urgent) - Indicates the data should be processed immediately when received.

                Payload - The data

                Maximum Transmission Unit (MTU) - The largest size a data unit can be communicated over a network.

Network+ 001 - 1.1 OSI Model

1.0 Networking Fundamentals

        1.1 Open Systems Interconnection (OSI) Model

                OSI Model
                        Abstract model used to help describe and conceptualize networking.


                        Layer 1 - Physical
                                Physical connections, electronic signals and mechanisms.
                                        Examples: Ethernet PHY, WiFi, USB, SATA


                        Layer 2 - Data Link
                                Transfers data (Frames) between network objects.
                                        Examples: Ethernet, MAC Address, IEEE 802.2, IEEE 802.11, Token Ring, Frame Relay


                        Layer 3 - Network
                                Packet forwarding, routing.
                                        Examples: IPv4, IPv6, RIP (Routing Information Protocol), OSPF (Open Shortest Path First), IPsec (VPN Routing)


                        Layer 4 - Transport
                                End-to-end communication services, connection-oriented communication, reliability, data flow control, multiplexing (multiple signals combined into one to share scarce resources)
                                        Examples: TCP (Transmission Control), UDP (User Datagram), RDP (Remote Desktop), FCP (Fiber Channel), ATP (Autonomous Transport)


                        Layer 5 - Session
                                Mechanisms for opening, closing, and managing a session between application processes.
                                        Examples: ISO-SP, NetBIOS (basic LAN comms), PAP (Password Authentication), SMPP (Short Message Peer-to-Peer), SCP (Secure Copy)


                        Layer 6 - Presentation
                                Data translator for the network.
                                        Examples: ICA (Independent Computing Architecture/Citrix), AFP (Apple Filing), LPP (Lightweight Presentation), PAD (Packet Assembler/Disassembler)


                        Layer 7 - Application
                                User facing layer.
                                        Examples: DNS (Domain Name System), FTP (File Transfer), HTTP (Hypertext Transfer), HTTPS (Secure), DHCP (Dynamic Host Configuration), SNMP (Simple Network Management)

        Mnemonic to help remember the layers, in reverse order, 7->1

                 All-7 People-6 Seem-5 To-4 Need-3 Data-2 Processing-1

Security+ 002 - 1.2 Type of Attacks

1.0 Attacks, Threats, and Vulnerabilities

    1.2 Type of Attacks

                Malware

                Ransomware - Malware that will lock down/encrypt a system and extort the victim often for money.

                Trojans - Malware that conceals itself as harmless software.

                Worms - Malware that is able to replicate itself through a network automatically.

                Potentially Unwanted Programs (PUPs) - Software the user does not want, often paired with software the user does want.

                Fileless Virus - Scripted malware stored entirely in memory.

                Command and Control - Attacker has established remote access to a victim host and is able to control the system or pull data.

                Bots - Automated malware

                Crypto Malware - Malware that turns the victim system into a cryptocoin mining rig.

                Logic Bombs - Malware programmed to trigger on a specific event, often left behind by a disgruntled former employee.

                Spyware - Malware used to gather data from the victim.

                Keyloggers - Malware used to record the victim’s keystrokes.

                Remote Access Trojan (RAT) - Malware that gives the attacker remote admin access to a victim’s system.

                Rootkit - Malware that is embedded into the OS, can be hard to detect/remove.

                Backdoor - Covert way to bypass the normal authentication process.


                Password Attacks

                Spraying - Brute force attack that uses a list of usernames and default passwords to try to access accounts.

                Dictionary - Brute force attack that uses common dictionary words to try to access accounts.

                Brute Force - Attempting to authenticate an account repeatedly with the hopes of guessing the password

                    Offline - Uses hashed data to try to brute force a password without risk of discovery.

                    Online - Brute force attack that is often set to slow drip attempts to try to stay under the radar.

                Rainbow Table - A precomputed table used for hashing, typically used in conjunction with cracking a password.

                Plaintext/Unencrypted - Passwords stored as is without hashing or encryption.


                Physical Attacks

                Malicious USB Cable - Malicious cable that performs an unexpected, unwanted function. Can be GPS tracker, audio eavesdropping , data exfiltration, ect.

                Malicious Flash Drive - USB flash drive pre-programmed with unexpected, unwanted function. Can be used to inject malware or scripts.

                Card Cloning - A thief makes a copy of a card in order to use it/steal from the victim.

                Skimming - A false card reader used to steal card info.


                Adversarial Artificial Intelligence
                    Technique that attempts to exploit Machine learning systems using model information/vulnerabilities. Four common goals are evasion, poisoning, model stealing (extraction), and inference.

                Tainted Training Data - Feeding ML/AI known bad data.

                Security of ML/AI Algorithms - Securing algorithms against attacks.

                Supply Chain Attacks - Attack vector that uses a trusted 3rd party as an access point.

                Cloud-based vs. On-premises attacks

                    Cloud - Centralized within the cloud, lower cost, allows use of what cloud security providers have, lower cost

                    On-prem - Complete control over data, higher cost

                Cryptographic Attacks

                Birthday - Attacker exploits a hash that matches what should be a unique hash.

                Collision - Hash Collision is when different data shares a hash that should be unique.

                Downgrade - Exploit vulnerabilities to have machines use easier to crack encryption methods.

Network+ 000 - Intro

            Network+ N10-008

            Exam Objectives


                        1.0 Networking Fundamentals

                        2.0 Network Implementations

                        3.0 Network Operations

                        4.0 Network Security

                        5.0 Network Troubleshooting


            CompTIA Link

            Study Resource - Professor Messer Network+ playlist

Security+ 001 - 1.1 Types of Social Engineering Technique

1.0 Attacks, Threats, and Vulnerabilities

    1.1 Types of Social Engineering Technique

                Phishing - Email used to trick a victim into providing data/credentials.

                Smishing - Phishing using text messages/sms instead of email.

                Vishing - Phishing over the phone/VoIP.

                Spam - Unsolicited email/Junk mail.

                Spam over Instant Message (SPIM) - Unsolicited messages in a chat app or sms.

                Spear Phishing - Target phishing, often personalized to the victim.

                Dumpster Diving - Attacker collects data from garbage/disposed of info.

                Shoulder Surfing - Attacker collects data by looking at victim’s display.

                Pharming - Redirecting website traffic to fake/disguised site, can be done through DNS or by web host files being replaced.

                Tailgating - Attacker follows somebody past a secure door to bypass required credentials.

                Eliciting Information - Attacker collects data by persuading victim to provide it.

                Whaling - Spear Phishing targeted at a high profile victim.

                Prepending - Malicious code added to the beginning of a trusted source.

                Identity Fraud - Attacker impersonates someone to get access/data.

                Invoice Scams - Fake invoice sent to collect money/data.

                Credential Harvesting - Tricking a victim to provide credentials.

                Reconnaissance - Collecting info about a target often before an attack.

                Watering Hole Attack - Attacker uses 3rd party sites often used by victim as a vector.

                Typosquatting - Using similar or purposely misspelled words to trick Victim into fake site.

                Pretexting - Attacker invents a scenario to trick the victim into providing data/access.

                Influence Campaign - Marketing/propaganda, can be covert or overt.

                Hybrid Warfare - Non-traditional state-sponsored attack, cyber, economic, political, ect.

                Social Media - Using Social Media as communications and mass media manipulations.

                Principles (reasons for effectiveness - Social engineering principles/techniques

                        Authority - Often used with impersonation, used to get the victim to do something.

                        Intimidation - Attacker attempts to bully the victim into doing something.

                        Consensus - Attacker manipulates group-think to trick a victim to agree to something.

                        Scarcity - Attacker fakes limited resources to get the victim to act without thinking.

                        Familiarity - Attacker builds a rapport with victim prior to attack.

                        Trust - Attacker builds a trusting relationship with victim prior to attack.

                        Urgency - Attacker uses limited time to pressure victim into acting.

Security+ 000 - Intro

 

             Security+ SYO-601

            Exam Objectives

                        1.0 Attacks, Threats, and Vulnerabilities

                        2.0 Architecture and Design

                        3.0 Implementation

                        4.0 Operations and Incident Response

                        5.0 Governance, Risk, and Compliance

 

            CompTIA Link


            Study Resource - Professor Messer Security+ playlist

PowerShell 002 - Backwards Compatible

Powershell can run commands from cmd, bash, and other similar command line programs. Below are a few useful basic commands from cmd.



                        ping [Hostname or IP Address]


            Tests connection between you and target device, can be used to find the IP of a hostname.



                        nslookup [IP Address]

            Used to reverse look up a hostname by using an IP address. Running nslookup on a gateway address can lead to interesting data.



                        shutdown -f -r -t 0

            Force restarts the computer now. Shutdown: shutdowns the device; -f: Force; -r: restart; -t: How many seconds to wait, default is 30 seconds.



                        gpupdate /force

            Reapplies all policy settings. Run as admin, reboot after for best results.



                        sfc /scannow

            Will scan all windows system files and fix any corrupted system files.



                        net user [username] /domain

            Provides data about a user’s network account.

PowerShell 001 - Get-Help, Getting Started

PowerShell runs at a command-line level, it uses verb-noun command structure. It can connect remotely to a networked device and gather data or run processes/services.



                        Get-Command *

            Returns every command the device can run currently.



                        Get-Command *[keyword]*

            Returns every command the device can run that contains the keyword.



                        Get-Help [Verb]-[Noun]

            Provides info on any given command, entries can be updated with "Update-Help"

                        [Verb]-[Noun] | Get-Member

            Returns Verb-Noun command properties

 

                        GAL (Get-Alias)

            Returns all alias commands