A security analyst for a bank received an anonymous tip on the external banking website showing the following:
– Protocols supported
– TLS 1.0
– SSL 3
– SSL 2
– Cipher suites supported
– TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH p256r1
– TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit
– TLS_RSA_WITH_RC4_128_SHA
– TLS_FALLBACK_SCSV non supported
– POODLE
– Weak PFS
– OCSP stapling supported
Which of the following should the analyst use to reproduce these findings comprehensively?
A . Query the OCSP responder and review revocation information for the user certificates.
B . Review CA-supported ciphers and inspect the connection through an HTTP proxy.
C . Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output.
D . Inspect the server certificate and simulate SSL/TLS handshakes for enumeration.
Answer: A
Leave a Reply