You are conducting penetration testing and trying to identify vulnerable user accounts and shared resources on a host located in the perimeter network. Which of the following best describes the action you are taking?
A. Reconnaissance
B. Fingerprinting
C. Enumeration
D. Port scanning
Monthly Archives: January 2021
CISSP PRACTICE QUESTIONS – 20210131
Your organization hired an external security team to conduct penetration testing to assess the security and privacy controls in organizational information systems. Which of the following is the penetration team least concerned in terms of the penetration test?
A. Thoroughly document all activities performed during the test.
B. Produce results indicating the risk exposure for exploited and validated vulnerabilities.
C. Validate existing security and privacy controls.
D. Provide actionable results with information about possible remediation measures.
Privacy Frameworks, Standards, and Regulations
OECD
- http://oecdprivacy.org
- OECD work on privacy
- OECD Privacy Framework
- Ch1 Annex: Guidelines governing the protection of privacy and transborder flows of personal data
ISO
- ISO 29100 Privacy Framework
- ISO 29134 PIA
- ISO 27701 PIMS
EU
- GDPR: https://gdpr-info.eu
- UK: BS 10012
Wire Transfer Pls, Amazon!
Amazon, pls give authors from Taiwan wire transfer. I don’t like the check float. 😅
CISSP PRACTICE QUESTIONS – 20210130
Your organization is planning for penetration testing to assess the security and privacy controls in organizational information systems. Which of the following is not the best timing to conduct penetration testing?
A. Before any newly developed system is authorized for operation
B. When legacy systems were undergoing a major upgrade.
C. After important changes are made to the environment in which the system operates.
D. When a well-known type of attack, rated as high risk, is retained in the risk register.
Detecting Virtual Machines
VMware is a proprietary, closed-source, reduced privilege guest virtual machine emulator. It supports guest-to-host and host-to-guest communication. Since it relies on the underlying hardware for execution of instructions, it must relocate sensitive data structures, such as the Interrupt Descriptor Table and the Global Descriptor Table. VMware also makes use of the Local Descriptor Table which is not otherwise used by Windows. Thus, a simple detection method for VMware is to check for a non-zero Local Descriptor Table (LDT) base on Windows.
RedPill
The more common method for detecting VMware is to check the value of the Interrupt Descriptor Table, using the “RedPill” method. For the “RedPill” method, if the value of the Interrupt Descriptor Table base exceeds a certain value, a virtual machine emulator is assumed to be present. However, as the LDT paper shows, this method is unreliable on machines with multiple CPUs.
Scooby Doo
The “Scooby Doo” method uses the same basic idea as the RedPill method but it compares the Interrupt Descriptor Table base value to specific hard-coded values in order to identify VMware specifically. While the Scooby Doo method is less likely to trigger false positives, compared to the RedPill method, there is still the chance that some false positives will occur.
Source: Peter Ferrie
CISSP PRACTICE QUESTIONS – 20210129
You are implementing a security kernel that aligns with the reference monitor concept to enforce the access control policy prohibiting unauthorized information disclosure. Which of the following is correct about your implementation?
A. Information as constrained data items is well-formed to prevent conflict of interest.
B. Lipner’s model is a formal model that can support your design and enforce the policy.
C. A subject with a confidential clearance can not write to a file classified as top secret.
D. All information flows from high to low-security level is blocked with no exceptions per the Bell-Lapadula model.
Programming, Processing, and Computing
It’s not uncommon we use terms like multiprogramming, multitasking, multithreading, multiprocessing, etc., but often without consistent definitions. This post shares my definitions and perspectives on these terms.
Definitions
- The term software may refer to a program or process.
- A program is the static image of code at rest or in storage. It can be a text-based script or binary-coded executable and the target of static software testing.
- A script is typically executed by an interpreter.
- An executable refers to the object code transformed from the source code by a compiler.
- A process is a program loaded into the memory and in execution. It is the target of dynamic software testing.
- A task is a scheduling job, as a work unit, of the operating system.
- A thread is the smallest execution unit of modern processors. A single-threaded process contains one thread, commonly known as the UI thread; a multi-threaded process comprises two or more threads.
- Scheduling means the arrangement of tasks to be executed by the processor.
CVE and Vulnonym
Do you know “Heartbleed” is a bug from the TLS implementation in OpenSSL, coded CVE-2014-0160? The CVE Identifier is not friendly; people love names. However, the bug named by security companies may be too sensational and cause fear, uncertainty, and doubt.
CERT/CC Vulnonym
CERT/CC: ‘Sensational’ bug names spark fear, hype – so we’ll give flaws our own labels… like Suggestive Bunny
CVE
- Common Vulnerabilities and Exposures (CVE)
- NIST National Vulnerability Database (NVD)
- NIST SP 800-51 R1: Guide to Using Vulnerability Naming Schemes
- CVE Numbering Authority (CNA) Rules
- CVE Records
- CVE Terminology and FAQ
Vulnonym
- @vulnonym
- CERT/CC launches Twitter bot to give security bugs random names
- CERT/CC Aims to Tackle FUD with New CVE-Naming Bot
- CERT/CC Seeks to Remove Fear Element From Named Vulnerabilities
- Vulnonym: Stop the Naming Madness!
- The entirely predictable problems with the Vulnonym naming scheme
- CERT/CC: ‘Sensational’ bug names spark fear, hype – so we’ll give flaws our own labels… like Suggestive Bunny
- 避免漏洞命名製造恐慌,CERT/CC將自己為漏洞起名字
Vulnerability Naming
CISSP PRACTICE QUESTIONS – 20210128
The Bell-LaPadula (BLP) model is a formal security model based on the state machine and prevents information flow from a higher security level to a lower one. Which of the following is correct about the BLP model?
A. The BLP model provides mandatory protection from unauthorized information alternation.
B. The BLP model doesn’t rely on infinite states to avoid attacks that might predict its behavior.
C. The BLP model prescribes all subjects at a higher security level shall not write to an object at a lower level.
D. The BLP model maintains both secure and insecure states and enforce secure transition between states.