Hi. Welcome back to the course in module five. We wrapped up our discussion on Mel. We're gonna do, um, our scan. We're also gonna go over some important process monitoring, and then we'll wrap up, do by doing some hash.
So I've got a pre lap knowledge check for you guys here, So let's go ahead and go through the questions. Now, I'm gonna pause for a brief moment After I read the question to give you a chance toe, answer it in your head or jot it down on a piece of paper. You could even pause this video if you just want to go through him. And then if you want to see the answers for
So let's start with question number one. So poor 23 is what? So which one of those service's runs on port number 23.
All right, so if you guessed answer a telnet, you are correct. Now let's talk about the other answer. So SMTP actually runs on Port number 25
Rdp or remote desktop protocol that runs on port, and then SS H runs on Port 22.
All right, so let's move on to question number two So port 3 89
that is which one of these. So which one of these runs on Port 3 89?
All right, so you're probably able to eliminate answer a right off the bat because SMTP we just talked about runs on Port 25.
So the answer here for Port 39 is held up.
So lightweight directory access protocol
answer. See, pop three. That one runs import 1 10 and then Cabrera ls that runs on
So question number three So hash calculation tools they could be used to check. What? So which one of these So is that this kind of FTP servers is a stringer Logs. It's a file integrity or is it de dos?
You're correct. If you answer it, answer C So file integrity is what we're amazing. Mainly gonna be using the hash speculation tools for
discounted FTP servers. That's kind of a made up answer. Stringer logs. That's the tour we're gonna use in the first part of this lab. And Stringer's just a malware analysis tool.
Basically, a male were scanner. Let me correct myself a male where scanner, scanner tool, and then de dos. That's obviously wrong distributed denial of service. That's actually attack type that we're not gonna cover in this lab.
All right, So question number four, our last question here. Net bios, data Graham service runs on which one of these ports.
So this one's a little trick question here because several of these answers are actually net biles. But we want the data. Graham service. We want to know which port that runs on.
All right, So if he answered C
poor number 1 38 you are correct. Now, poor answer and beer both met Miles, but port 1 37 is the Net bios name service, and then port 1 39 It's actually the Net bio session service. And then, obviously, the last one there, Port 1 10 is pop three, which we talked about in question number two.
All right, so if you got 100% there, you're doing a great job. If you didn't get any of these, right, that's okay. Um, we're kind of hidden things at a high level in this lab, but I just want to test your knowledge of the things we covered so far throughout the course,
So ports basically a port is just a connection or interface between devices. So this might be at the network level of we're connecting our our host computer to a server or route or something like that, or a wireless connection, or even on the internal operating system itself, like different processes run as we launch different applications. So
a lot of things there. But just know that ports
or something that we can look at potentially see if there's any type of male we're running on the machine.
So stinker again. I talked about that in just a moment ago. Stickers, a free tool that's provided by McAfee. Now there's a lot of free scanners out there. We're just happened to run through this one because it's in the cyber labs. But again, you could use things like Mau whereby it has a free scan available as well.
Ah, here's a link to download it. If you want to download it on your local machine there, if you want to run it in your own virtual, you could describe it. You can also just do a Google search for a stinger by McAfee, and it'll pull it the link for you
so Here's a picture of it. Looks like again we're gonna go step by step through the stinger in the in the actual lab to run a scan and everything.
So the other tool that we're going to use his call cure reports that's gonna be in part two of the lab. Now that one's gonna be used to monitor the ports that are currently running on a machine and one of the advantage of this tool. And this is a screen shot here. This looks slightly different than the one we're gonna use now. 11 advantage is that actually will mark
particular ports as like, basically like, Hey, this is suspicious.
So that's one advantage of it.
TCP view is another tool to let us view the ports running on the end point systems of TCP a new TV ports.
What's running allows us tow. See, the process is running on the machine, so that's gonna be partner before the lab. And then we're gonna wrap up in Haskell. So this kind of looks
what we're gonna do This is hashtag right here. We're gonna go through some different options in years. Well, so what we're gonna do is a little more advanced than just looking at this particular screening and running the hash.
So again, this was just a brief intro to the lab that we're going to do again. The tools we're gonna cover our Stinger reports TCP view, what's running. And then the hash Coke is well,
so in the next video, we're gonna go over the Stinger tool first and again. That's that free analysis scanner from McAfee that allows us to just want a quick scan on the machine and see
what type of Mauer might be on the particular machine.