A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control answer. The total cost of the device must be kept to a minimum in case the device is discovered during an assessment. Which of the following tools should the engineer load onto the device being designed?
A. Custom firmware with rotating key generation
B. Automatic MITM proxy
C. TCP beacon broadcast software
D. Reverse shell endpoint listener
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
also in the question they talk about keeping the cost down and Automatic MITM proxy is expensive
so I agree with D. Reverse shell endpoint listener
Per Metasploit documentation:
If you find yourself in one of the following scenarios (but not limited to), then you should consider using a reverse shell:
The target machine is behind a different private network.
The target machine’s firewall blocks incoming connection attempts to your bindshell.
Your payload is unable to bind to the port it wants due to whatever reason.
You simply can’t decide what to choose.
So yeah, D.
D – Agreed
“design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test”
A. Makes No Sense
B. Not really. MITM proxy is more for intercepting HTTP and HTTPS connections between clients…
C. Will be caught by NIDS as it will be in clear
D. Yep secure connection, reverse so it doesn’t open any local ports, and will bypass the NIDS and Firewalls.
So… YEP it’s D
D