tcptrace

Script Kiddies

Explanation: Script Kiddies: These hackers have limited or no training and know how to use only basictechniques or tools. Even then they may not understand any or all of what they are doing.

white hat

Explanation:
A white hat (or a white hat hacker) is an ethical computer hacker, or a computer security
expert, who focuses on penetration testing and in other testing methodologies that ensures
the safety of an organization’s information systems. Ethical hacking may be a term meant
to imply a broader category than simply penetration testing. Contrasted with black hat, a
malicious hacker, the name comes from Western films, where heroic and antagonistic
cowboys might traditionally wear a white and a black hat respectively. While a white hat
hacker hacks under good intentions with permission, and a black hat hacker, most
frequently unauthorized, has malicious intent, there’s a 3rd kind referred to as a gray hat
hacker who hacks with good intentions but sometimes without permission.White hat
hackers can also add teams called “sneakers and/or hacker clubs”,red teams, or tiger
teams.While penetration testing concentrates on attacking software and computer systems
from the beginning – scanning ports, examining known defects in protocols and
applications running on the system and patch installations, as an example – ethical hacking
may include other things. A full-blown ethical hack might include emailing staff to invite
password details, searching through executive’s dustbins and typically breaking and
entering, without the knowledge and consent of the targets. Only the owners, CEOs and
Board Members (stake holders) who asked for such a censoring of this magnitude are
aware. to undertake to duplicate a number of the destructive techniques a true attack might
employ, ethical hackers may arrange for cloned test systems, or organize a hack late in the
dark while systems are less critical. In most up-to-date cases these hacks perpetuate for
the long-term con (days, if not weeks, of long-term human infiltration into an organization).
Some examples include leaving USB/flash key drives with hidden auto-start software
during a public area as if someone lost the tiny drive and an unsuspecting employee found
it and took it.Some other methods of completing these include:• DoS attacks• Social engineering tactics• Reverse engineering• Network security• Disk and memory forensics•
Vulnerability research• Security scanners such as:– W3af– Nessus– Burp
suite• Frameworks such as:– Metasploit• Training PlatformsThese methods identify and
exploit known security vulnerabilities and plan to evade security to realize entry into
secured areas. they’re ready to do that by hiding software and system ‘back-doors’ which
will be used as a link to information or access that a non-ethical hacker, also referred to as
‘black-hat’ or ‘grey-hat’, might want to succeed in

File-less malware

Netsh

web-Stat

Explanation: Increase your web site’s performance and grow! Add Web-Stat to your site
(it’s free!) and watch individuals act together with your pages in real time.
Learn how individuals realize your web site. Get details concerning every visitor’s path
through your web site and track pages that flip browsers into consumers.
One-click install. observe locations, in operation systems, browsers and screen sizes and
obtain alerts for new guests and conversions

L0phtcrack

John the Ripper

arp ping scan

Explanation:
One of the most common Nmap usage scenarios is scanning an Ethernet LAN. Most LANs,
especially those that use the private address range granted by RFC 1918, do not always
use the overwhelming majority of IP addresses. When Nmap attempts to send a raw IP
packet, such as an ICMP echo request, the OS must determine a destination hardware
(ARP) address, such as the target IP, so that the Ethernet frame can be properly
addressed. .. This is required to issue a series of ARP requests. This is best illustrated by
an example where a ping scan is attempted against an Area Ethernet host. The –send-ip
option tells Nmap to send IP-level packets (rather than raw Ethernet), even on area
networks. The Wireshark output of the three ARP requests and their timing have been
pasted into the session.
Raw IP ping scan example for offline targetsThis example took quite a couple of seconds to
finish because the (Linux) OS sent three ARP requests at 1 second intervals before
abandoning the host. Waiting for a few seconds is excessive, as long as the ARP response
usually arrives within a few milliseconds. Reducing this timeout period is not a priority for
OS vendors, as the overwhelming majority of packets are sent to the host that actually
exists. Nmap, on the other hand, needs to send packets to 16 million IP s given a target
like 10.0.0.0/8. Many targets are pinged in parallel, but waiting 2 seconds each is very
delayed.
There is another problem with raw IP ping scans on the LAN. If the destination host turns
out to be unresponsive, as in the previous example, the source host usually adds an
incomplete entry for that destination IP to the kernel ARP table. ARP tablespaces are finite
and some operating systems become unresponsive when full. If Nmap is used in rawIP
mode (–send-ip), Nmap may have to wait a few minutes for the ARP cache entry to expire
before continuing host discovery.
ARP scans solve both problems by giving Nmap the highest priority. Nmap issues raw ARP
requests and handles retransmissions and timeout periods in its sole discretion. The
system ARP cache is bypassed. The example shows the difference. This ARP scan takes
just over a tenth of the time it takes for an equivalent IP.
In example b, neither the -PR option nor the -send-eth option has any effect. This is often
because ARP has a default scan type on the Area Ethernet network when scanning
Ethernet hosts that Nmap discovers. This includes traditional wired Ethernet as 802.11
wireless networks. As mentioned above, ARP scanning is not only more efficient, but also
more accurate. Hosts frequently block IP-based ping packets, but usually cannot block
ARP requests or responses and communicate over the network.Nmap uses ARP instead of
all targets on equivalent targets, even if different ping types (such as -PE and -PS) are
specified. LAN.. If you do not need to attempt an ARP scan at all, specify –send-ip as
shown in Example a “Raw IP Ping Scan for Offline Targets”.
If you give Nmap control to send raw Ethernet frames, Nmap can also adjust the source
MAC address. If you have the only PowerBook in your security conference room and a
large ARP scan is initiated from an Apple-registered MAC address, your head may turn to
you. Use the –spoof-mac option to spoof the MAC address as described in the MAC
Address Spoofing section.

False

Weaponization

Explanation: Weaponization
The adversary analyzes the data collected in the previous stage to identify the
vulnerabilities and techniques that can exploit and gain unauthorized access to the
target organization. Based on the vulnerabilities identified during analysis, the
adversary
selects or creates a tailored deliverable malicious payload (remote-access malware
weapon) using an exploit and a backdoor to send it to the victim. An adversary may
target specific network devices, operating systems, endpoint devices, or even
individuals within the organization to carry out their attack. For example, the
adversary
may send a phishing email to an employee of the target organization, which may
include a malicious attachment such as a virus or worm that, when downloaded,
installs a backdoor on the system that allows remote access to the adversary. The
following are the activities of the adversary: o Identifying appropriate malware
payload based on the analysis o Creating a new malware payload or selecting,
reusing, modifying the available malware payloads based on the identified
vulnerability
o Creating a phishing email campaign o Leveraging exploit kits and botnets
https://en.wikipedia.org/wiki/Kill_chain
The Cyber Kill Chain consists of 7 steps: Reconnaissance, weaponization, delivery,
exploitation, installation, command and control, and finally, actions on objectives. Below
you can find detailed information on each.
1. Reconnaissance: In this step, the attacker/intruder chooses their target. Then they
conduct in-depth research on this target to identify its vulnerabilities that can be exploited.
2. Weaponization: In this step, the intruder creates a malware weapon like a virus, worm,
or such to exploit the target's vulnerabilities. Depending on the target and the purpose of
the attacker, this malware can exploit new, undetected vulnerabilities (also known as the
zero-day exploits) or focus on a combination of different vulnerabilities.
3. Delivery: This step involves transmitting the weapon to the target. The intruder/attacker
can employ different USB drives, e-mail attachments, and websites for this purpose.
4. Exploitation: In this step, the malware starts the action. The program code of the
malware is triggered to exploit the target’s vulnerability/vulnerabilities.
5. Installation: In this step, the malware installs an access point for the intruder/attacker.
This access point is also known as the backdoor.
6. Command and Control: The malware gives the intruder/attacker access to the
network/system.
7. Actions on Objective: Once the attacker/intruder gains persistent access, they finally
take action to fulfill their purposes, such as encryption for ransom, data exfiltration, or even
data destruction.