Two situations with a similar goal:
1) You have access to a target network, and you a Windows host. Is it possible to remotely finger print which (operating system security) patches are applied to the system without attempting actual exploits?
2) If you have either partial or full access to a target (unprivileged login, or root access) is it possible to finger print the security patches that have been applied without attempting the exploits that the patches remedy?
I should state first, that this is from a red team perspective. The owner of the target computer cannot be asked questions, or be asked to take any actions. Furthermore, stealth is of the essence.
There is a world of difference between an unpatched system, and a patched system, but it is quite noisy, and risks downing the system to try too many actual exploits (and it seems like the dumb way to go about finding the patch level.) Is there any safe, and quiet way to fingerprint this?
We need at least 10 more requests to produce the answer.
0 / 10 have requested this problem solution
The more requests, the faster the answer.
Two situations with a similar goal: 1) You have access to a target network, and you...
A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
First, read the article on "The Delphi Method for Graduate Research." ------ Article is posted below Include each of the following in your answer (if applicable – explain in a paragraph) Research problem: what do you want to solve using Delphi? Sample: who will participate and why? (answer in 5 -10 sentences) Round one questionnaire: include 5 hypothetical questions you would like to ask Discuss: what are possible outcomes of the findings from your study? Hint: this is the conclusion....