RSS

Posts in 2024

  • ncl-osint-ssl

    31.01.2024 in NCL-Spring-2024

    SSL (Medium) First off, a rant… This is a TLS (Transport Layer Security) encrypted key, not SSL (Security Socket Layer). I realize that these terms are often used interchangeably, but they represent different generations of security …

    Read more

  • ncl-osint-whois

    30.01.2024 in NCL-Spring-2024

    WHOIS (Easy) You could totally use a WHOIS lookup website to answer these, but I love using the command-line whenever possible. Example websites for reference: https://www.whois.com/whois/ https://lookup.icann.org/en https://mxtoolbox.com/whois.aspx …

    Read more

  • ncl-osint-threat-intel

    30.01.2024 in NCL-Spring-2024

    Threat Intel (Easy) Simple Google searches for this one as well. Q1: What is the CVE of the original POODLE attack? A: CVE-2014-3566 POODLE (Padding Oracle On Downgraded Legacy Encryption). This security vulnerability was disclosed in 2014 and …

    Read more

  • ncl-osint-pgp-lookup

    30.01.2024 in NCL-Spring-2024

    PGP Lookup (Easy) Public PGP (Pretty Good Privacy) Key Servers: https://pgp.mit.edu/ https://keyserver.ubuntu.com/ https://keys.openpgp.org/ Q1: What is the key fingerprint for security@cpanel[.]net? A: B6709B4CC6F42077F69841919521BEDCABD94DDF Q2: …

    Read more

  • ncl-osint-meta

    30.01.2024 in NCL-Spring-2024

    Meta (Easy) This section has a downloadable image (Meta.jpg) and asks about some of the metadata. Most of the information can be found by simply looking at the properties (Right Click -> Properties) and then going to the “Details” tab. …

    Read more

  • ncl-osint-lookup

    30.01.2024 in NCL-Spring-2024

    Lookup (Easy) This section just required a bit of research and Google to find the answers. I’ve included a bit more information if you are curious. Q1: What type of DNS record holds the DNSSEC public signing key? A: DNSSEC The DNSKEY record …

    Read more

  • ncl-osint-http-headers

    30.01.2024 in NCL-Spring-2024

    HTTP Headers (Easy) Shameless Plug… I’ve got a course specifically focused on HTTP for Cyber Security: Pluralsight - Network Protocols for Security: HTTP Separately, this section has some simple questions that you can use Google to …

    Read more