Saturday, February 29, 2020

Blog 6

This chapter was about enumeration.

  • Enumeration is gathering of information about a system to learn about its configurations, software, and services.
  • You can gather information such as usernames, group names, machine names, routing tables, network shares, and applications.
  • You can do brute force directory attacks, where your software will continue to run possibilities for usernames and passwords until something works.
  • Linux Enumeration
    • User accounts are stored in the /etc/passwd file. Passwords are stored as hashes in the /etc/shadow file. 
    • finger -s will obtain login names, real names, terminal names, write statuses, idle times, login times, office locations, and office phone numbers for all users.
  • Superscan is for Windows systems and does a really good job of enumerating. 
  • You can perform enumeration with nmap.
  • SoftPerfect network scanner can be used to get information about devices on a network.

Enumeration Countermeasures

  • SNMP countermeasures include monitoring traffic on SNMP ports.  Another way is to turn off the SNMP service. If you keep the service, update to the latest version and change default passwords.
  • DNS countermeasures include using DNS zone restriction to ensure a server only provides copies of zone files to specific servers. 
  • SMTP countermeasures include ignoring messages to unknown recipients instead of sending back error messages. Also configure your server to block open SMTP relaying.
  • Securing LDAP by reviewing and implementing security settings and services available with your server software.
  • ls -d is the command to use to get domain information that includes all the hosts on the domain. For example, ls -d google.com will show you all the hosts in that domain.

Article

This article was about data that was stolen from an AI company. Many of the customers are law enforcement agencies. The data stolen was its entire list of customers, the number of searches the customers made, and how many accounts the customers had set up. The company said they patched the flaw that led to this breach, but they wouldn't disclose what the flaw was. The company didn't seem to care too much, reportedly "shrugging and saying that data breaches happen". They did not find the person who hacked the company.

 https://www.cnet.com/news/clearview-ai-had-entire-client-list-stolen-in-data-breach/#
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)