312-50v11 Exam Dumps : Certified Ethical Hacker Exam (CEH v11)

Weaponization

The adversary analyzes the data collected in the previous stage to identify the

vulnerabilities and techniques that can exploit and gain unauthorized access to the

target organization. Based on the vulnerabilities identified during analysis, the adversary

selects or creates a tailored deliverable malicious payload (remote-access malware

weapon) using an exploit and a backdoor to send it to the victim. An adversary may

target specific network devices, operating systems, endpoint devices, or even

individuals within the organization to carry out their attack. For example, the adversary

may send a phishing email to an employee of the target organization, which may include a malicious attachment such as a virus or worm that, when downloaded, installs a backdoor on the system that allows remote access to the adversary. The following are the activities of the adversary: o Identifying appropriate malware payload based on the analysis o Creating a new malware payload or selecting, reusing, modifying the available malware payloads based on the identified vulnerability

o Creating a phishing email campaign o Leveraging exploit kits and botnets

Knowing when to include agents into your vulnerability management processes isn’t an easy decision. Below are common use cases for agent-based vulnerability scanning to assist you build out your combined scanning strategy.

• Intermittent or Irregular Connectivity: Vulnerability management teams are now tasked with scanning devices that access the company network remotely using public or home-based Wi-Fi connections. These connections are often unreliable and intermittent leading to missed network-based scans. Fortunately, the scanning frequency of agents doesn’t require a network connection. The agent detects when the device is back online, sending scan data when it’s ready to communicate with the VM platform.
• Connecting Non-Corporate Devices to Corporate Networks:With the increased use of private devices, company networks are more exposed to malware and infections thanks to limited IT and security teams’ control and visibility. Agent-based scanning gives security teams insight into weaknesses on non-corporate endpoints, keeping them informed about professional hacker is potential attack vectors in order that they can take appropriate action.
• Endpoints Residing Outside of Company Networks: Whether company-issued or BYOD, remote assets frequently hook up with the web outside of traditional network bounds. An agent that resides on remote endpoints conducts regular, authenticated scans checking out system changes and unpatched software. The results are then sent back to the VM platform and combined with other scan results for review, prioritization, and mitigation planning.

Agent-Based Scanner: Agent-based scanners reside on a single machine but can scan several machines on the same network.