Ethical Hacking
LDAP Enumeration Countermeasures -use 1.______ or 2.__________ technology to encrypt the traffic. - Select a 3.________ different from your email address and enable account lockout. - Restrict access to 4._______ by using software such as Citrix. - Use 5.________ or any 6._________ _____________ mechanism to limit access to legitimate users.
-1.SSL, 2.STARTTLS -3.username -4.AD -5.NTML, 6.basic authentication
Something you are:
Some physical characteristic of the user (biometrics), such as a fingerprint, eye iris, voice, typing speed, pattern in key press intervals, etc.
· Something you have:
Some physical object in the possession of the user, such as a security token (USB stick), a bank card, a key, etc.
SPIT
Spam over Internet Telephony
FTP Port
TCP 20, 21
-PA<port list> -
TCP ACK Ping
--'
end of line comment
OSINT frameworks contains a set of the most popular tools that facilitate your tasks of collecting information and data from __________
open sources
-sP
skip port scan. This option tells Nmap not to do a port scan after host discovery, and only print out the available hosts that responded to the scan.
· Traffic sent to a routing black hole— the attacker can send specific routes to 1.________, effectively 2.______ IP addresses off the network
1. null0. 2. kicking
Attackers use the 1.__________ technique to bypass the 2.___________. In this technique, attackers use a combination of 3._________-and 4._______-case letters in the 5._______ payload.
1. obfuscation 2. WAF 3. upper, 4. lower 5. XSS
/n <count>Specifies the number of echo Request messages be sent. The default is 4.
ping-* 6 192.168.0.101
piggybacking
same as tailgating
Anomaly-based intrusion detection systems were primarily introduced to detect
unknown attacks
"LDAP Enumeration Countermeasures: - By default, LDAP traffic is transmitted
unsecured
Nessus is a remote security scanning tool that scans a computer and raises an alert if it discovers any _________ that malicious hackers could use to access any computer you have connected to a network.
vulnerabilities
Burp Suite is an integrated platform/graphical tool for performing security testing of _____ applications.
web
1.notification, 2.wiped clean & rebuilt, 3.changed,
4. [IRP] Neutralization: To ensure that all employees are aware of the shutdown, employers should send out 1._________to all other IT team members. Next, the infected systems and devices should be 2.__________ and ______ Passwords on all accounts should also be 3._________. If a business discovers that there are domains or IP addresses that have been affected, it is essential to block all communication that could pose a risk.
1. identified
5. [IRP] Recovery: The recovery phase of an incident response plan involves restoring all affected systems and devices to allow for normal operations to continue. However, before getting systems back up and running, it is vital to ensure that the breach's cause has been 1._________to prevent another breach from occurring again.
was a password recovery tool for Microsoft Windows. It could recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks.
Cain and Abel (often abbreviated to Cain)
IOT forth layer is
IOT Analytics
The second layer consists of
IOT gateway devices
The first layer of the Internet of Things consists of
Sensor-connected IOT devices
nmap -sS
TCP SYN (Stealth) Scan (-sS)
Tools commonly used to perform banner grabbing are:
Telnet, nmap and Netcat. Hyper Text Transfer Protocol (HTTP) (80), File Transfer Protocol (FTP) (21), and Simple Mail Transfer Protocol (SMTP) (25)
John the Ripper
is a free password cracking software tool.
The Third layer of IOT is
the Cloud
wireless sniffer can detect SSID even if SSID broadcasts are_________
disabled
sigverify: searching for unsigned_______
drivers
· RIPE Network Coordination Centre (RIPE NCC)
Europe
CAST-128 is a (1) ____ or (2)_____round Feistel network with a (3)___-bit block size and a key size of between (4)_____ and (5) _____bits
1. (12-), 2. (16-), 3. (64), 4. (40), 5. (128)
Twofish is an encryption algorithm designed by Bruce Schneier. It's a 1____________ key block cipher with a block size of 2.________ bits, with keys up to 3.__________bits.
(1) symmetric (2.) 128 bits (3.) 256bits
The nmap -A enables 1. (-O), 2. (-sV), script scanning 3. (-sC) 4. traceroute (--traceroute).
(Aggressive scan options) 1. OS detection (-O) 2. version scanning (-sV) 3. script scanning (-sC_ 4. traceroute
-sY
(SCTP INIT scan) Stream Control Transmission Protocol SCTP is a relatively new alternative to the TCP and UDP protocols, combining most characteristics of TCP and UDP
inference-based assessment, the scanning process begins by gathering information based on discovery methods including....
, including host identification, operating system detection and fingerprinting port scanning, and protocol detection.
stealth viruses also self-modify in the following ways:
- 1. Code Modification: The stealth virus changes the code and virus signature of each infected file. - 2.Encryption: The stealth virus encrypts data via simple encryption and uses a different encryption key for each infected file.
Interactive Application Security Testing (IAST). is a hybrid approach combining 1._______ and 2.________.
- 1. SAST and 2. DAST -IAST tools can check whether known vulnerabilities (from SAST) can be exploited in a running application (i.e., DAST).
-PE, -PP, and -PM
- ICMP Ping Types
-PO<protocol list>
- IP Protocol Ping
btlejack -s
- Sniffing an existing connection:
btlejack -c any
- Sniffing for new connections:
A dynamic application security testing (DAST) identify potential security vulnerabilities in the web application and architectural weaknesses by 1._____ and has no 2.____to the source code. It can detect vulnerabilities in 3.___________, 4,___________ 5._______,6.____________,verbs (___________)and 7._____injection
-1.black-box test. -2.no access -3.query strings, 4.headers, 5.fragments, 6.verbs (GET/POST/PUT) and 7.DOM injection.
Enterprise Purdue Level (Enterprise Network and Business ----------- Logistics Systems) (#) -Industrial DMZ (IDMZ (#) -Manufacturing (Operational Systems) (#) -Manufacturing (Control Systems and Basic Controls (#) -Manufacturing (Physical process) (#)
-5 & 4 -3.5 -3 -2 & 1
WPA-3 Enterprise: This wireless security protocol allows 1._____-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as, 256-bit 2._________/Counter Mode Protocol, 84-bit hashed message authentication mode with 3. _______ ________ _________ (HMAC-SHA 384) and 4._____curve digital signature algorithm (ECDSA) using a 384 bit5. ________ curve
1. 192, 2. 256-bit Galois/Counter Mode Protocol (GCMP-256) 3.84-bit Hashed Message Authentication Mode with Secure Hash Algorithm (HMAC-SHA384), and 4. Elliptic Curve Digital Signature Algorithm (ECDSA) using a 384-bit 5. elliptic curve
-Beacon flood: Generating thousands of counterfeits 802.11 [beacons] to make it difficult for clients to find a legitimate 1._____. ========= -Denial of service: Exploiting the 2. ____________ 3. clear_________ assessment (CCA) mechanism to make a channel appear busy. ========= -Access point theft: Physically 4.________ an AP from its installed location ========= -EAP failure: Observing a valid 802.1X EAP exchange and then sending the client a 5._________ EAP-Failure message
-Beacon flood: Generating thousands of counterfeits 802.11 [beacons] to make it difficult for clients to find a legitimate 1.AP. ========= -Denial of service: Exploiting the 2. carrier-sense multiple access with collision avoidance (CSMA/CA) 3. clear channel assessment (CCA) mechanism to make a channel appear busy. ========= -Access point theft: Physically 4. removing an AP from its installed location ========= -EAP failure: Observing a valid 802.1X EAP exchange and then sending the client a 5. forged EAP-Failure message
-The PSH flag is used when the application simply can't wait for the data and needs it immediately. The sender will be working through a standard exchange and placing packets into the 1. _______ as space frees up. -URG flagged packet is treated with 2.________, lets you go to the front of the line when you arrive at your destination. -ACK is used for 3.__________. -FIN brings an orderly 4._______ to the session.
-The PSH flag is used when the application simply can't wait for the data and needs it immediately. The sender will be working through a standard exchange and placing packets into the 1. buffer as space frees up. -URG flagged packet is treated with 2. importance, lets you go to the front of the line when you arrive at your destination. -ACK is used for 3. acknowledgments. -FIN brings an orderly 4.close to the session.
-high- interaction honeypot simulates 1._____ services of a target network, including applications the attacker might assume are in play. =========== -Low- interaction honeypots simulate only a 2______ amount of target services. =========== -Pure honeypots emulate the entirety of a real 3._________ network.
-high- interaction honeypot simulates 1. all services of a target network, including applications the attacker might assume are in play. =========== -Low- interaction honeypots simulate only a 2.limited amount of target services. =========== -Pure honeypots emulate the entirety of a real 3. production network.
-net view \\<computername> /ALL The above command displays all the 1. ________on the specified remote computer, along with 2. _________ shares. =========== -net view \\<computername> In the above command, <computername> is the 3._______ or 4. ______ ____________ of a specific computer, the resources of which are to be displayed. =========== -net view /domain:<domain name> The above command displays all the 5.___________ on the 6. ____________ ____________. =========== -net view /domain The above command displays all the 7._______ in the 8.__________.
-net view \\<computername> /ALL The above command displays all the 1. shares on the specified remote computer, along with 2. hidden shares. =========== -net view \\<computername> In the above command, <computername> is the 3.name or 4. IP address of a specific computer, the resources of which are to be displayed. =========== -net view /domain:<domain name> The above command displays all the 5.shares on the 6. specified domain. =========== -net view /domain The above command displays all the 7.shares in the 8.domain.
Directory traversal is also known as the
../ (dot dot slash) attack, directory climbing, and backtracking
Auxiliary modules do not require the use of a 1._________to run like 2._________ modules. These types of modules include useful programs such as scanners, fuzzier, and SQL injection tools.
.payload 2. exploit
CVSS score low:| CVSS score medium:| CVSS score high:| CVSS score critical:
0.1 - 3.9 4.0 - 6.9 7.0 - 8.9 9.0 - 10.0;
URL encoding is the process of converting a 1._______ into a valid 2._________format so that data can be safely 3.________ over 4.________.
1 .URL, 2. ASCII, 3. transported, 4. HTTP
(-sN) 1.______ scan, Does not set any 2.____
1, Null, 2. bits, (TCP flag header is 0)
php.ini file is exposed inside the 1._________ directory. This allows any 2.____________, ___________user to discover sensitive information about your server(s), including 3._________ logins, __________ , and ___________ error messages.
1. 'cgi-bin' 2. unauthenticated, remote 3. database logins, passwords and verbose error messages
DumpsterDiver -a, --advance Set this flag to analyze files using rules specified in 1. ________ DumpsterDiver -s, --secret Set this flag to analyze files in search of hardcoded 2,___________ DumpsterDiver, an automated tool, to identify potential secret 1.______ and hardcoded 2._______ in target cloud ed tool,
1. 'rules.yaml'. 2. passwords 1.leaks, 2.passwords
Slowloris attack- is a DDoS attack tool used to perform layer-1.______ DDoS attacks to take down 2._____ infrastructure =========== Ping-of-death (PoD) attack-an attacker attempts to crash, destabilize, or freeze the target system or service by sending 1.________ or 2._______ packets using a simple ping command =========== Multi-vector attack - attacker uses combinations of 1.________, 2._______, and 3._________ layer attacks to take down the target system or service. ============ Smurf attack - attacker 1.________ the source IP address with the victim's IP address and sends a large number of ICMP ECHO request packets to an IP broadcast network
1. 7 2. web ======= 1.malformed 2. oversized ======= 1. volumetric 2. protocol 3. application ======= 1. spoofs
If the table contains two different IP addresses that share the same MAC address, then you are probably undergoing an
1. ARP poisoning attack
The Base64 encoding scheme represents any binary data using only printable 1.________. In general, it is used for encoding 2.________ attachments for safe transmission over 3.________ and also for encoding user 4.__________.
1. ASCII characters 2. email 3. SMTP 4. credentials
"[main]" "enc_GroupPwd=" ext:txt finds 1._______ VPN client passwords (2._______ but easily cracked) ------------- inurl:/remote/login?lang=en Find 3._____ Firewall's 4._____L-login portal ------------- filetype:rcf inurl:vpn Finds 5._________ Global 6._______ Client files containing sensitive 7._________ and __________ -------------
1. Cisco 2. encrypted 3.Fortigate 4.SSL 5. Sonicwall 6. VPN 7. info and login
DerpNSpoof https://github.com/Trackbool/DerpNSpoof Simple 1.______Spoofing tool made in Python 3 with 2._____
1. DNS , 2.Scapy
The Maimon scan: During a port scan on the target host, your colleague sends 1.______ probes and finds that an 2.____ packet is sent in response by the target host, indicating that the port is 3.____
1. FIN/ACK, 2. RST, 3. closed
Buffer over-reads can be triggered, as in the 1._________ bug, by maliciously crafted inputs that are designed to exploit a lack of 2. _________ checking to 3._______ parts of 4.______ not intended to be accessible.
1. Heartbleed, 2.bounds, 3.read, 4.memory
Most ping programs use ICMP echo requests and wait for echo replies to come back to test connectivity. 1._______ allows us to do the same testing using any IP packet, including ICMP, UDP, and TCP. This can be helpful since nowadays most firewalls or routers 2.________ ICMP.
1. Hping2, 2.block
IP Protocol Scan (-sO)::allows you to determine which 1.____protocols are supported by 2._______ machines.
1. IP (TCP, ICMP, IGMP, etc.), 2. target
Censys provides an automated monitoring solution, integrated with your existing 1.__________, to scan your employees' 2._______ networks for exposures and vulnerabilities..
1. IT work flow, 2.home's
1. Identify the ________ 2. Determine the ________associated with the vulnerability 3. Determine the __________ of the vulnerability 4. Develop the ___________ 5. Select the method for delivering: _______ or ______ 6. Generate and deliver the ________ 7. Gain remote __________
1. Identify the vulnerability 2. Determine the risk associated with the vulnerability 3. Determine the capability of the vulnerability 4. Develop the exploit 5. Select the method for delivering: local or remote 6. Generate and deliver the payload 7. Gain remote access
Session Donation: Involves 1._____________ to make it possible. An attacker creates an 2._______ and sends 3.__________ link to the victim. Convincing the victim to provide 4._________ about their 5.___________but in reality, it is not their 5.__________ but the attackers 5.___________. Users are used to be logged in different sites making it less suspicious when the user click link that they already 6.______________. ============ Session fixation common techniques: Session token in the :1.______argument or 2. _________ form _______ ============= session fixation attack is a class of Session 1.________, which steals the established session between the 2.______ and the Web 3._______after the user logs in.
1. Involves Social Engineering 2. account, 3. authenticated 4. information 5. account, 6. authenticated ============ 1.URL argument, hidden form field ============ 1. hijacking, 2.client, 3.server
The Null Scan is a type of TCP scan that hackers — both ethical and malicious — use to identify 1.________ TCP ports
1. Listening
Vulnerability scanning solutions perform vulnerability penetration tests on the organizational network in three steps:
1. Locating nodes: The first step in vulnerability scanning is to locate live hosts in the target network using various scanning techniques. 2. Performing service and OS discovery on them: After detecting the live hosts in the target network, the next step is to enumerate the open ports and services and the operating system on the target systems. 3. Testing those services and OS for known vulnerabilities: Finally, after identifying the open services and the operating system running on the target nodes, they are tested for known vulnerabilities.
Metagoofil: extract critical 1.______ that includes the usernames of clients, operating systems (exploits are OS-specific), email addresses (possibly for social engineering), list of software (version and type) used, list of servers, document date creation/modification, and authors of the website ============ Infoga: Infoga is a tool used for gathering email account information (IP, hostname, country, etc.) from different 2._____sources (search engines, pgp key servers, and Shodan), and it checks if an email was leaked using the haveibeenpwned.com API. ============ Immunity Debugger:write exploits, analyze 3. ________, and reverse engineer binary files ============ Nessus: scans for 4.________
1. Metagoofil:info 2. Infoga: public 3. Immunity Debugger: malware 4. Nessus: vulnerabilties
nmap -sM | exactly the same as 1.________,2._______,3._____ scan, except that the probe is 4._______.
1. NULL 2. FIN, and 3. Xmas 4. FIN/ACK
Bluto| is a 1.________-based tool for DNS 2.________, DNS zone 3._______, DNS 4.______ card checks, 5. DNS________-________, 6. e-mail _______and more.;
1. Python, 2. recon, 3. zone transfer testing, 4. wild card checks, 5.brute-forcing, 6.enumeration
WAFW00F is a 1._______ tool to help you 2.________ and 3._______ Web Application Firewall (WAF) products. It is an active 4.________________ tool as it actually connects to the web server, but it starts out with a normal HTTP response and escalates as necessary.
1. Python, 2.fingerprint, 3.identify, 4.reconnaissance
Splunk:It is an 1,_____ tool that can automatically collect all the event logs from all the systems present in the network. Spam Mimic: 2._______ and 3._______ e-mail messages to be disguised as spam. IDA Pro:is a multi-platform 4._________ and 5._________ that explores 6.________ programs, for which the source code is not always available to create maps of their execution. CCleaner:system 7.__________, ____________, and __________ tool
1. SIEM 2. encode 3. decode 4. disassembler 5. debugger 6. binary 7. optimization, privacy, cleaning
Web Services Security (WS-Security, WSS) is an extension to 1.______to apply security to Web services. The protocol specifies how 2._________ and __________ can be enforced on messages and allows the communication of various security token formats.
1. SOAP 2.integrity ,confidentiality
A wireless sniffer in monitor mode can detect the 1._______ used by clients as they join WLANs
1. SSID
nmap -sT -default 1________ scan type when 2.______ scan is not an option. -This is the same high-level system call that 3._______, 4._____ clients, and most other 5._______-enabled applications use to establish a connection.
1. TCP 2. SYN 3. web browsers 4. P2P clients 5. network
SCTP INIT scan is the SCTP equivalent of a 1.___________ ___________ scan. It can be performed 2.________ scanning thousands of ports per second on a fast network not hampered by restrictive 3.______
1. TCP SYN 2. fast 3. firewall
The idle scan is a 1._____ port scan method that consists of sending 2._______ packets to a computer to find out what 3._________ are available.
1. TCP, 2.spoofed, 3.services
Detecting the presence of Bait and Switch Honeypots: An attacker can identify the presence of such honeypots by looking at specific 1.________ parameters such as the 2._________, the 3.___________, and the 4.___________.
1. TCP/IP 2. Round-Trip Time (RTT) 3. Time To Live (TTL) 4. TCP timestamp.
namp -sU | 1.______ scan works by sending a 2._______packet to 3._______ targeted port. For most ports, this packet will be 4.______ , but for a few of the more common ports, a protocol-specific payload will be sent
1. UDP 2. UDP, 3. every 4. empty(no payload)
Shellshock, also known as Bashdoor, is a family of security bugs in the 1._________shell. Shellshock could enable an attacker to cause Bash to execute arbitrary 2._________and gain 3.__________ to many Internet-facing services, such as web servers, that use Bash to process requests.
1. Unix Bash, 2.commands 3. access
XML external entity injection (also known as 1.______ ) is a ______ security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view 2.______on the application server ___________ and interact with any back-end or external systems that the application can access.
1. XXE, web 2. files , filesystem
TEA uses a 1.____-bit key operating on a 2._____-bit block. It also uses a constant that is defined as 3.____/the golden ratio. This constant is referred to as 4.______, and in each round, a multiple of 5.______ is used.
1. [128] 2. [64] 3. [232] 4.delta 5.delta
There are two primary methods of VLAN hopping: switch _________, _______ tagging.
1. ___________ spoofing and 2.double tagging. Both attack vectors can be mitigated with proper switch port configuration.
One way to determine whether a TCP port is open is to send 1.______________ packet to the port. The target machine will respond with a 2_____________ packet if the port is open, and 3._____________ if the port is closed.
1. a SYN (session establishment) 2. SYN/ACK (session request acknowledgment) 3. RST (reset
Insecure direct object references (IDOR) are a type of 1.____________vulnerability that arises when an application uses user-supplied input to __________ objects directly. IDOR vulnerabilities are most commonly associated with horizontal 2. _________, but they can also arise in relation to vertical _________.
1. access control , access 2.privilege escalation
DNS cache poisoning - DNS cache poisoning refers to 1._______ or adding 2._______DNS records in the DNS 3._______ cache so that a DNS query is redirected to a 4._______site. ------------ Proxy server DNS poisoning - The attacker makes its IP address a 1.________ DNS entry in the 2._______ server with the help of a 3.________. ------------ Internet DNS spoofing - To perform this attack, the attacker sets up a 1._______ DNS server with a 2._______ IP address. ------------ Intranet DNS spoofing - attack on a switched 1._______ with the help of the 2._______ poisoning technique.
1. altering 2. forged 3. resolver 4. malicious ---------- 1.primary 2. proxy 3. Trojan ---------- 1. rogue 2. static ---------- 1.LAN 2. ARP
The firewall check 1._________layer headers and 2.__________layer 3._______numbers
1. application 2. transport 3. port
User-mode or application rootkit:|- These are installed in a shared library and operate at the 1._________ layer, where they can modify 2.__________ and 3._________ behavior. User-mode rootkits are relatively easy to detect because they operate at the same layer as 4.___________ programs.;
1. application, 2.application, 3.API, 4.anti-virus
An untethered jailbreak is a jailbreak that does not require any 1.________ when it reboots up. The 2.______will be _______ without the help of a computer or an application.
1. assistance 2. kernel, patched
An ideal framework for the mobile interface should include a proper 1.____________ mechanism for the user, an account 2.___________ mechanism after a certain number of failed attempts, local storage 3.__________ 4.___________ communication channels, and security of data 5._________ over the channel
1. authentication 2. lockout 3. security 4. encrypted 5. transmitted
Baiting abuses your natural 1._________ to coax you into exposing yourself to an attacker. Typically, the potential for something 2._______ or 3._______ is the manipulation used to exploit you. The attack usually involves infecting you with 4._________.
1. curiosity, 2.free, 3.exclusive, 4.malware
Slowloris is a type of 1. _________ ___________ __________ attack tool which allows a single machine to take down another machine's 2.____________ with minimal bandwidth and side effects on unrelated services and ports.
1. denial of service 2.web server
-Pretty Good Privacy (PGP) is a protocol used to encrypt and decrypt data with 1. ____________ and 2.__________ privacy. It is often used for data compression, digital signing, encryption and decryption of messages, emails, files, and directories, and to enhance the privacy of email communications. -------------- The Extensible Authentication Protocol (EAP) is used as an alternative to the 3.________ and 4. _______ authentication protocols, as it is more secure and supports different authentication mechanisms such as passwords, smart tokens, one-time passwords (OTPs), secure ID card, digital certificates, and public-key encryption mechanisms. ------------- The Challenge-Handshake Authentication Protocol (CHAP) is an authentication mechanism used by 5. ________-to-_________Protocol (PPP) servers to authenticate or validate the identity of remote clients or network hosts. ------------- Hash-based message authentication code (HMAC) is a type of 6. =___________ authentication code (MAC) that uses a cryptographic 7.______ along with a cryptographic 8.______ function.
1. authentication and 2. cryptographic 3.CHAP and 4. PAP 5. Point-to-Point Protocol 6. message authentication code (MAC) that uses a cryptographic 7.key 8.hash function
routing attack mitigation includes · adding message 1._________to your routing protocol to prevent the spoofing or modification of a valid routing protocol message. Additionally, the routing protocol message types can be 2.___________ by 3.________ from networks with no need to originate them.
1. authentication, 2. blocked, 3. ACLs
Fuzz testing or fuzzing is an 1.___________ software testing method that 2.________ invalid, malformed, or unexpected inputs into a system to reveal software 3.________
1. automated 2. injects 3. defects
TAN grabber- A Transaction Authentication Number (TAN) is a single-use password for authenticating online 1.________ transactions. 1._________ Trojans intercept valid TANs entered by users and replace them with random 2._________. ------------- Covert credential grabber: This type of malware remains dormant until the user performs an online 3.______ transaction. It works covertly to 4._________ itself on the computer and edits the 5._________ entries each time the computer is started ------------ HTML injection: The Trojan creates fake 6.______ fields on 7.________ pages, thereby enabling the attacker to collect the target's account details, credit card number, date of birth, etc. ------------- Form grabber: a type of malware that captures a target's sensitive data such as IDs and passwords, from a 8. ______ or ______. It analyses 9. ________ requests and responses to the victim's browser.
1. banking 2.numbers 3.financial 4.replicate 5.registry 6.form 7. e-banking 8. form, page 9. POST
wget:perform 1._______grabbing on 2.______
1. banner, 2. webserver
Detecting the presence of Fake AP: Fake access points only send 1.______frames but do not produce any fake 2._________on the access points, and an attacker can monitor the network traffic and quickly note the presence of fake AP
1. beacon 2. traffic
CSRF exploits the trust that a site has in a user's 1._________.
1. browser
In general, code that sprays the heap attempts to put a certain sequence of 1.______ at a predetermined location in the 2._______ of a target process by having it allocate 3.________ blocks on the process's heap and fill the bytes in these blocks with the right values.
1. bytes, 2.memory 3. (large)
Markov Chain: This attack creates every possible 1,______ combination for each word in a 2._______. The password candidate "do" would also generate "Do" and "dO."
1. case 2. dictionary
An HTML encoding scheme is used to represent unusual 1.__________ so that they can be safely 2._________ within an 3.________ document.
1. characters, 2. combined, 3. HTML
CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized 1._________ are submitted from a user that the web application trusts.
1. commands
aLTEr attack: an attacker installs a fake 1._______ tower between two authentic endpoints to mislead a victim. He uses this virtual tower to interrupt the 2._____ transmission between the user and the real tower, attempting to 3._____ an active session. After that, the attacker receives the user's request and can manipulate the virtual tower traffic and 4.______ a victim to a malicious website.
1. communication, 2. data, 3.hijack, 4. redirect
Banner Grabbing is a technique used to gain information about a 1._______ system on a network and the 2.______ running on its 3.______.
1. computer 2. services 3. open ports
Session hijacking-cookie hijacking is the exploitation of a valid _______ session—sometimes also called a session ______—to gain unauthorized access to information or services in a computer system.
1. computer, 2.key
Attackers can detect the existence of Sebek-based honeypots by analyzing the 1._____________in the network layer, as Sebek data communication is usually ______________. Since Sebek logs everything that is accessed via 2.__________ before transferring to the network, it causes the _____________.
1. congestion , unencryped 2.reading () call, congestion effect
Cloud IoT Core: allows you to easily and securely 1._______, 2.________, and 3._________ data from millions of globally dispersed devices.
1. connect, 2.manage, 3.ingest
An image is a read-only template with instructions for creating a Docker 1.__________. Often, an image is based on another image, with some additional customization. For example, you may build an image which is based on the ubuntu image, but installs the Apache web server and your application, as well as the configuration details needed to make your application run.
1. container
risk treatment: selecting and implementing 1._______ on the 2,_________risks in order to 3.__________ them
1. controls, 2. identified 3. modify
, session hijacking, sometimes also known as 1._________ __________, exploits a valid computer 2.___________—sometimes also called a 3._________ ___________—to gain unauthorized 4.__________ to information or services in a computer system.
1. cookie hijacking 2. session 3. session key 4. access
The Sybil attack in computer security is an attack wherein a reputation system is subverted by creating 1._________ ___________
1. multiple identities.
The vendor lock-in problem in cloud computing is the situation where customers are 1.___________ (i.e. locked-in) on a single cloud service provider (CSP) technology implementation and cannot easily 2._______ to a different vendor without substantial costs or technical incompatibilities.
1. dependent, 2.move
Combining footprinting techniques with tools such as Tracert allows the attacker to create __________ representations of the target organization's_______ presence.
1. diagrammatic, 2. network
SYN/FIN scanning using IP fragments can make it 1.______for the packet filter to 2. _______ ________ of the packet when scanning
1. difficult 2. determine , purpose
DNS over datagram TLS (DTLS) to 1._________ the DNS traffic and for 2.________ protection
1. encrypt 2. integrity
A secure framework for the cloud component should include 1._________ communications, strong authentication 2.________, a secure 3._________ ___________, 4._________ storage_, 5.automatic _________, etc.
1. encrypted 2. credentials 3. web interface 4. encrypted 5. updates
A polymorphic virus infects files with an 1._______copy of itself, which is decoded by a 2.________ module.
1. encrypted copy 2. decryption
Obfuscating is an IDS 1.___________ technique used by attackers to 2._________the attack packet 3.____________in such a way that the 4.____________host can only decode the packet but not the 5._______.
1. evasion 2. encode 3. payload 4. destination 5. IDS
nmap -F : (1._______ (limited port) scan)-Specifies that you wish to scan 2._____ ports than the default. Normally Nmap scans the most common 1,000 ports for each scanned protocol. With -F, this is reduced to 3.______.
1. fast, 2.fewer, 3.100
-T option and their number (0-5) and their name. The template names are paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5). The 1. _______ ______ are for IDS evasion. 2._______ mode is the default and so 3.__________ does nothing
1. first two 2. Normal 3. -T3
The nmap -f option causes the requested scan (including ping scans) to use tiny 1.______________ IP packets. The idea is to split up the 2.________header over several packets to make it harder for 3.________, 4.__________and other annoyances to 5._______ what you are doing.
1. fragmented 2. TCP , 3.packet filters, 4.intrusion detection systems, 5.detect
GnuPG(privacy guard) is a complete and 1._________ implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to 2.___________ and 3.__________your data and communications.
1. free 2. encrypt 3. sign
ethical hacking phases
1. gaining access 2. reconnaissance 3. scanning 4. gaining access 5. maintaining access 6. clearing tracks
-Certificate Management System: 1. __________, ___________, __________, and __________ certificates ============ -Digital Certificates: Establishes 2.__________ of a person when performing 3.________ transactions ============ -Validation Authority (VA): 4.________ certificates (with their 5._______ keys) =========== -Certification Authority (CA): 6._______ and ________ digital certificates ========== -End User: 7._______, ________, and _________ certificates ========== -Registration Authority (RA): Acts as the 8._________ for the CA
1. generates, stores, distributes. verifies 2. credentials 3. online 4. stores 5. public ' 6. issues, verifies 7. request. manages, uses 8. verifier
COBIT Framework is an IT 1._________ framework and supporting toolset that allows managers to bridge the gap between 2.________ requirements, technical 3.______, and 4._________risk
1. governance 2. control 3. technical 4. business
External assessment assesses the network from a 1._________point of view to find out what exploits and vulnerabilities are accessible to the outside world. These types of assessments use external devices like 2.______.________.______.
1. hacker's 2. firewalls, routers, and servers
- Rootkit hypervisors exploit 1.__________ virtualization features to gain control of a machine. This is done by bypassing the 2.________and running the target ____________ in a _________
1. hardware 2.kernel. OS, virtual machine
A container is a runnable instance of an 1._________. You can create, start, stop, move, or delete a container using the Docker 2.______or 3._______. You can connect a container to one or more networks, attach storage to it, or even create a new image based on its current state.
1. image 2. API 3.CLI
A Tunneling virus is a virus that attempts to 1.__________anti-virus software before the anti-virus can 2._________ malicious code.
1. intercept 2. detect
MarioNet allows attackers to place 1. __________ code on high-traffic websites for a short period of time.MarioNet allows hackers to assemble giant botnets from users' 2.__________
1. malicious code, 2. browsers.
2. Weaponization: In this step, the intruder creates a 1.________weapon like a virus, worm, or such to exploit the target's 2.________. Depending on the target and the purpose of the attacker, this 3._________ can exploit new, undetected 4.__________
1. malware, 2. vulnerabilities, 3. malware, 4. vulnerabilities
cloud hopper attack target's 1.________ provider by sending 2._________ ________that distributed specially created malware. This program compromised users', 3._________and to gain __________ to the cloud service.
1. managed service providers, 2. phishing emails 3.credentials, 4.remote access
modbus write <Target IP> %MW100 2 2 2 2 2 2 2 2 modbus write <Target IP> 400101 2 2 2 2 2 2 2 2 1.________ register values Using Schneider address: modbus read <Target IP> %MW100 10 Using Modicon address: modbus read <Target IP> 400101 10 2.________ register values modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10 2. read _______ values
1. manipulate 2. read 3. coil
- Bootkits gain control of a target system by infecting its 1.___________. Bootkits allow a malicious program to execute before the target 2.______________ loads.;
1. master boot record (MBR) 2.operating system
· Traffic redirection— enabling the attacker to 1.______ traffic in transit or 2.______ packets
1. modify, 2. sniff
-oG <filespec> (grepable output) : It is a simple format that lists each host on 1.______ line and can be trivially searched and parsed with standard Unix tools such as 2.______, 3.______, 4._____, 5._____, 6.______, 7.______.
1. one, 2. grep, 3.awk, 4.cut, 5.sed, 6.diff, and 7.Perl
ACK scanning is one of the more unusual scan types, as it does not exactly determine whether the port is 1.open or 2.closed, but whether the port is 3.filtered or 4.unfiltered.
1. open 2. close 3. filtered 4. unfiltered
ACK scanning is one of the more unusual scan types, as it does not exactly determine whether the port is 1._________ or _______, but whether the port is 2._________ or ___________.
1. open or closed 2. filtered or unfiltered
Active Online Attacks: Techniques used to perform active online attacks include : 1. ________ guessing, 2. dictionary and 3. ______-______attacks, 4.______ injection, Link-local multicast name resolution (LLMNR)/NBT-NS poisoning, use of Trojans/spyware/keyloggers, internal5._________ attacks
1. password guessing 2. dictionary and 3. brute-forcing attacks, 4, hash injection,, use of Trojans/spyware/keyloggers, 5.monologue attacks,
risk tracking and review: evaluates the 1.________ of implementation
1. performance
Azure IoT Central: an IoT application 1._______ that reduces the burden and cost of 2________, 3.________, and 4.__________ enterprise-grade IoT solutions.
1. platform, 2.developing, 3.managing, 4.maintaining
pen test phases ----------------- 1. pre-attack phase- 2. attack phase- 3. post-attack phase-
1. pre-attack phase-reconnaissance and data-gathering 2. attack phase-penetrate the network. 3. post-attack phase-clean up
APT lifecycle
1. preparation 2. initial intrusion 3. expansion 4. persistence 5. search & exfiltration 6. cleanup
The individual who creates the digital signature uses a 1._______ to encrypt signature-related data, while the only way to decrypt that data is with the signer's 2.__________
1. private key 2. public key; In general, public keys encrypt and private keys decrypt. However, a digital signature—used to absolutely prove identity—works the other way: a hash is encrypted with the sender's private key so that anyone decrypting it with the sender's public key will have proof of identity.
Inverse TCP flag scanning works by sending TCP 1._______packets with or without TCP flags. -Based on the response, it is possible to determine whether the port is 2. _______ or _______ -If there is no response=then the port is 3._______. -RST= 4. ________
1. probe, 2. open or closed 3. open 4. closed
· Routing protocol DoS—a routing protocol attack could be launched to stop the routing 1. _______ from functioning properly
1. process
· Router denial-of-service (DoS)—attacking the routing 1._______ can 2.________ the router or 3.__________ ______ __________
1. process, 2. crash 3. severe service degradation
-RSA - Ron Rivest, Adi Shamir, and Leonard Adleman formulated RSA, a 1._______-key cryptosystem for Internet encryption and authentication. ========== -Diffie-Hellman- It is a cryptographic protocol that allows two parties to establish a shared 4.______ key over an 5._________ channel. ========== -Camellia - Camellia is a 6.________-key 7._______ cipher having either 18 rounds (for 128-bit keys) or 24 rounds (for 256-bit keys) ========== -YAK - a 8._______c-key-based 9.___________ ____________ __________ (AKE) protocol.
1. public 2. encryption 3. authentication ========== 4. shared key 5. insecure ========== 6. symmetric 7. block ========== 8. public 9. Authenticated Key Exchange
When encrypting, you use recipient's 1._______ key to write a message and recipient use their 2.______key to read it
1. public 2. private
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for1._________ __________ encryption and signing of 2.__________ data.
1. public key, 2. MIME
In a web of trust security model, every user in the network maintains a ring of 1._________. Also, a user needs to encrypt a message using the receiver's 2.________, and only the receiver can decrypt the message using their ___________.
1. public keys 2. public key, private key
Stages of Attack of DNS Cache Poisoning: - send DNS 1.________ to the DNS 1._______, which forwards the 1._______/TLD authoritative DNS server request and awaits an answer. - The attacker 2.__________ the DNS with 2._________ responses that contain several IP addresses of the 2._______ website. To be accepted by the DNS resolver, the attacker's response should match a port number and the query ID field before the DNS response. Also, the attackers can force its response to be increasing their chance of success. - If you are a 3._________ user who queries this DNS resolver, you will get a __________ response from the cache, and you will be automatically redirected to the ___________ website.
1. queries, resolver, Root, 2. overloads, poisoned, malicious 3. legitimate, poisoned, malicious
Saleae Logic Analyzer: It is a powerful logic analyzer that lets you 1._________ and 2.________ signals in your circuit, so you can 3.________ it fast. Over 20,000 professionals and enthusiasts use Logic each month to 4.________ and understand their 5.____________designs.
1. record and 2. display, 3. debug, 4. debug, 5. electrical
Registration hijacking refers to the action of an attacker to 1._______himself as the targeted 2._________user. If successful, all the 3._______ calls to the_4.______ VoIP user will be routed to the 5._____ phone 6._____ by the attacker rather than the 7.______ _______ phone
1. register, 2.VOIP, 3.incoming calls, 4. victim, 5.VOIP, 6. chosen, 7.victim's VoIP.
filetype:______results to those of a certain filetype. E.g., PDF, DOCX, TXT, PPT, etc. Note: The "ext:" operator can also be used—the results are identical.
1. restrict
-R: Tells Nmap to always do _________ DNS resolution on the target IP addresses. Normally ___________ DNS is only performed against responsive ______ hosts.
1. reverse, 2. reverse, 3. online
The DroidDream Trojan gained 1._______ access to Google Android mobile devices in order to access unique _____________ information for the phone.
1. root , identification
RFCrack (-s -u) Send 1._________ payloads RFCrack (-i -F) Perform 2.______ attacks RFCrack (-r -F -M) Perform 3.___________-code bypass attacks RFCrack (-j -F) Perform 4._________ RFCrack (-b -v -F) Scan 5.______ through frequencies RFCrack (-k) Scan 6.________ frequencies
1. saved 2.replay 3. rolling 4.jamming 5. incrementally 6. common
DumpsterDiver --------------- -r, --remove - Set this flag to remove files that do not contain secret keys. -a, --advance - Set this flag to analyze files using 2._______ specified in '2._____'. -s, --secret - Set this flag to analyze files in search of hardcoded 3.________. -o OUTFILE - Generate output in 4.________ format.
1. secret 2. rules, rules.yaml 3. passwords 4. JSON
PCI Data Security Standard (PCI DSS) 1. build and maintain a _____ network 2. protect _________ data 3. maintain _________ man program 4. strong ________ control 5. _______ & __________ networks 6.________ __________policy
1. secure 2. cardholder 3. vul 4. access 5. monitor & test 6. info security policy
Cross-site scripting (XSS) Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular 1._________, CSRF exploits the trust that a site has in a user's 2.__________.
1. site, 2.browser -found in web applications. -inject client-side scripts into web pages viewed by other users. -bypass access controls such as the same-origin policy.
Ingress filtering - prevents 1.__________ traffic from entering the 2._________. ======== TCP intercept - a feature on routers used to prevent and mitigate 1.________-flooding attacks ======== Rate limiting - 1._______ limiting is a technique used to control the rate of outbound or inbound traffic of a network interface controller. ======= Egress filtering - Egress filtering refers to a practice that aims to prevent IP 1._________ by blocking 2._________ packets with a source address that is not 3._______.
1. spoofed 2. Internet ========== 1. TCP SYN ========== 1. rate ========== 1. spoofing 2. outgoing 3. inside
The idle scan is a TCP port scan method that consists of sending 1.__________ to a computer to find out what services are available. This is accomplished by 2.___________ another computer whose network traffic is very 3.____________that is, not transmitting or receiving information). This could be an idle computer, called a "zombie".
1. spoofed packets 2. impersonating 3. slow or nonexistent
Fileless attacks is, a type of 1. ________ attack that 2.___________ detection by most security solutions and frustrates forensic analysis efforts. While not considered a traditional virus, fileless malware does work in a similar way—it operates in memory. Without being stored in a file or installed directly on a machine, fileless infections go straight into memory, and the malicious content never touches the hard drive..
1. stealth 2. evades
Serpent is a 1._________key block cipher with a block size of 2.________bits representing a 3.___-round SP-network operating on a block of four 4.____-bit words
1. symmetric ,2.128, 3, (32) 4, (32)
A SIM swap scam (also known as a port-out scam, SIM splitting, Smishing, and simjacking, SIM swapping) is a type of account 1.________ fraud that generally targets a weakness in ____________ in which the second_______ or step is a __________or ______placed to a mobile telephone.
1. takeover ,two-factor authentication and two-step verification, factor, text message (SMS) , call
UDP has no 1.__________handshake, and the system does not respond when the port is 2._____; when the port is 3._______, the system responds with an ICMP port 4.____________ message.
1. three-way, 2. open, 3. closed, 4.unreachable
A smudge attack is an information extraction attack that discerns the password input of a 1._________device such as a cell phone or tablet computer from _________ smudges.
1. touchscreen , fingerprint
No proper attribute-based access control (ABAC) validation allows attackers to gain 1.___________ 2,___________ to 3._______ objects or perform actions such as 4._________ or _________.
1. unauthorized access, 2.API, 3.viewing, 4,updating, or deleting.
Negligent insider- insiders, who are 1._______ on potential security threats or simply bypass general security procedures to meet workplace 2._______ ================= Malicious insider - 1._________ or 2._________ employees who steal data or destroy company networks 3.____________ by injecting malware into the corporate network ================= Compromised insider -1.______ compromises an 2._______who has access to the critical assets or computing devices of an organization ================ Professional insider - use their 1._______ knowledge to identify weaknesses and vulnerabilities in the company's network and 2.______lthe organization's confidential information to competitors or black-market bidder
1. uneducated 2. efficiency ============= 1. disgruntled 2. terminated 3. intentionally ============= 1. outsider 2. insider ============= 1. technical 2. sell
Firewalking is the method of determining the movement of a data packet from an 1.________ ________ _________ to a protected 2.________ _________ through a firewall.
1. untrusted external host 2. internal host
This service can help the penetration tester to perform 1._________enumeration via the _________ and ________ commands. The role of the 2._________ command is to reveal the actual address of users aliases and lists of email and ________ which can confirm the existence of names of valid users.
1. username , EXPN, VRFY
dz> run app.package.attacksurface <package_name> Lists 1. __________ 2. _____________ dz> run app.activity.info -a <package_name> Displays 1.______ of the 2._____ activities dz> run app.activity.start <activity_name> 3._________Activities
1. various 2. exported 1.details 2. exported 3. launching
Detecting the presence of User-Mode Linux (UML) Honeypot: User-Mode Linux is an open-source software under GNU, which is used to create 1.________ _________and is efficient in deploying honeypots. Attackers can identify the presence of UML honeypots by analyzing files such as 2.___________, 3.______________, and 4._____________, which contain UML-specific information.
1. virtual machines 2. /pro/mounts 3. /proc/interrupts 4. /proc/cmdline
3. Delivery: This step involves transmitting the 1.________ to the target. The intruder/attacker can employ different 2.________ 3._______, and 4.___________ for this purpose.
1. weapon, 2.USB drives, 3. e-mail, 4. websites
RC4 - A Rivest Cipher Numerous Occurrence MOnitoring and Recovery Exploit (RC4 NOMORE) attack is an attack against the RC4 stream cipher. This attack exploits the vulnerabilities present in a 1.________ server that uses the RC4 encryption algorithm for accessing 2.__________ sensitive information. ============ Twofish - TwoFish is a 128-bit block cipher. It is one of the most conceptually simple algorithms that uses a 3.________ key for both 4.________ and 5.________ for any length up to 256 bits. ============ RC5 - is a 6._______ 7._________-key 8._________ cipher designed by Ronald Rivest for RSA Data Security (now RSA Security). The algorithm is a 9._________ algorithm with a 10.________block size, a 10.__________ key size, and a 10._________ number of rounds. ============ Threefish - involves only 11. operations, i.e., ARX (12.___________-__________-_________), which makes the coding simple, and all these operations work on 64-bit words.
1. web 2. encrypted ============ 3. single 4. encryption 5. decryption ============ 6. fast 7. symmetric 8. block 9. parameterized 10. variable ============= 11. three 12. addition-rotation-XOR
Command Injection Attacks: In this type of attack, a hacker alters the content of the 1._______ ________ by using 2.______ code and by identifying the 3.________ fields that lack valid 4.________
1. web page 2. HTML 3. form 4. constraints
Nikto is a free software command-line vulnerability scanner that scans 1.____________ for dangerous files/CGIs, outdated server software, and other problems.
1. web servers
SOAP allows clients to invoke 1.___________ and receive responses independent of 2._________ and ____________.
1. web services 2. language and platform
/\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix Security professionals must use the above expression to detect 1._____ or more 2.______ and 3.______ characters that are involved in an attack. ((\%3D)|(=))[^\n]*((\%27)|(\')|(\-\-)|(\%3B)|(;))/i Security professionals must use above 4._______expression to check the 5.______ sign from the user request or its 6.______ value (%3D). The expression '[^\n] * ' indicates that it can have some 7.non-________ characters.
1. zero 2. alphanumeric 3. underscore 4. regular 5. '=' 6. hex 7.non-newline
The International Data Encryption Algorithm (IDEA) operates on 1.____-bit blocks using a 2._____-bit key and consists of a series of 3._____identical transformations (a round, see the illustration) and an output transformation (the half-round).
1.(64), 2.(128), 3. (8)
TCP/IP Hijacking hijack connection, with two possibilities:
1.-Find the seq which is a number that increases by 1, but there is no chance to predict it. 2.- The second possibility is to use the Man-in-the-Middle attack which, in simple words, is a type of network sniffing. For sniffing, we use tools like Wireshark or Ethercap.
Digital signatures are significant for electronic 1. ________ and are a key component of most 2. _________schemes. To be effective, digital signatures must be unforgeable
1.. commerce, 2. authentication
Injection is used by an attacker to 1.________ _________ into a vulnerable computer program and 2.___________ the course of execution.
1..introduce code, 2.change
TwoFish is a 1.______-bit block cipher. It is one of the most conceptually simple algorithms that uses a 2._______ key for both 3.__________ and 4._________ for any length up to 5._______ bits.
1.128, 2.single, 3.encryption, 4.decryption, 5. (256)
SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function which takes an input and produces a 1._______-bit (20-byte) hash value known as a message digest
1.160bit
The default port for LDAP is port 1._____ but LDAPS uses port 2._____ and establishes 3.________upon connecting with a client.
1.389, 2.636, 3.TLS/SS:
Kube-apiserver: The API server is an integral part of the Kubernetes control panel that responds to all 1._____ requests. It serves as a front-end utility for the control panel and it is the only component that interacts with the 2._______cluster and ensures ___________.
1.API 2. etcd , data storage
Programming languages commonly associated with buffer overflows include 1.____ and 2.______, which provide no built-in protection against 3.______ or 4.________ data in any part of memory and do not automatically check that data written to an 5.______ (the built-in buffer type) is within the boundaries of that array
1.C, 2.C++, 3.accessing, 4.overwriting, 5.array
CAST-128, also called 1.______, is a 2.________-key 3._______ cipher having a classical 4.___-or 5.____-round 6.______network with a block size of 7.___ bits. CAST-8._____ uses a key size varying from 9.____ bits to 10.____
1.CAST5 2.symmetric 3.block 4.12 5.16 6.Feistel 7.64 8.28 9. [40] 10. [128]
Six guiding constraints define a RESTful system. 1.__________-_______ architecture 2.______________:no session information is retained by the receiver, usually a server. 3._________ 4.________ system: A client cannot ordinarily tell whether it is connected directly to the end server or to an intermediary along the way. If a proxy or load balancer is placed between the client and server, it won't affect their communications, and there won't be a need to update the client or server code. 5. ________ on demand (optional) 6._________ interface: simplifies and decouples the architecture, which enables each part to evolve independently.
1.Client-server architecture 2.Statelessness:no session information is retained by the receiver, usually a server. 3.Cacheability 4.Layered system: A client cannot ordinarily tell whether it is connected directly to the end server or to an intermediary along the way. If a proxy or load balancer is placed between the client and server, it won't affect their communications, and there won't be a need to update the client or server code. 5. Code on demand (optional) 6.Uniform interface: simplifies and decouples the architecture, which enables each part to evolve independently.
macof: floods the network with random 1.______ addresses (causing some switches to 2.________ in 3.______ mode, facilitating 4._________).
1.MAC, 2. fail open, 3. repeating, 4. sniffing
Boot Sector Virus moves the 1._____ to another location on the 2._______ _________ and copies itself to the original location of the ________
1.MBR, hard drive, MBR
spoofed session flood attack can bypass security under the disguise of a valid 1._________ session by carrying an 2._________, multiple 3._________, and one or more 4._________ or 5._________ packets.
1.TCP session, 2.SYN, 3.ACK, 4.RST or 5.FIN
Out-of-band SQLi techniques would rely on the database server's ability to make 1.________or 2._________ requests to deliver data to an attacker. ============ In-band SQL injection is the most common and easy-to-exploit of SQL injection attacks. In-band SQL injection occurs when an attacker is able to use the same 1.________ channel to both 2._______ the attack and 3________ results. ============ Union-based SQLi is an in-band SQL injection technique that leverages the UNION SQL operator to combine the results of two or more 1.__________statements into a single result which is then returned as part of the 2________ response. ============ Time-based SQL injection is an inferential SQL injection technique that relies on sending an 1._____________SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is 2.____________
1.DNS or 2.HTTP ========= 1.communication 2.launch 3.gather ========== 1. SELECT 2. HTTP ========= |. TRUE or FALSE., 2. TRUE or FALSE
The Recursive query is, when a 1._____ client directly gets the 2._______ of a domain, by asking the 3._________ system to perform the complete translation. The non-Recursive query is, when a 4.______ client contacts the 5. _____ server, 6.____ by_____, until it finds the server, containing the needed information.
1.DNS, 2. IP address, 3.name server 4.DNS, 5.name server, 6.one by one
HULK is a 1.__________ tool used to attack web servers by generating unique and obfuscated 2. __________ ___________.
1.Denial of Service (DoS), 2. traffic volumes
Phlashing is a permanent denial of service 1._______ attack that exploits a vulnerability in network-based 2.________updates. Such an attack is currently theoretical but if carried out could render the target device inoperable.
1.DoS, 2.firmware
- nmap --script enip-info -sU -p 44818 <host> send a 1.________ packet to a remote device that has TCP 44818 open. The script will send a Request Identity Packet and once a response is received, it validates that it was a proper response to the command that was sent, and then will parse out the data. Information that is parsed includes Device Type, Vendor ID, Product name, Serial Number, Product code, Revision Number, status, state, as well as the Device IP.
1.EtherNet/IP
http://www.certifiedhacker.com/page.aspx?id=1 UNION SELECT ALL 1,TABLE_NAME,3,4 from sysobjects where xtype=char(85)--[EMPLOYEE_TABLE] Returned from the server 1.________ __________ Tables http://www.certifiedhacker.com/page.aspx?id=1 UNION SELECT ALL 1,column_name,3,4 from DB_NAME.information_schema.columns where table_name ='EMPLOYEE_TABLE'-- Extract Table 2._________ Names http://www.certifiedhacker.com/page.aspx?id=1 or 1=convert(int, (select top 1 COLUMN-NAME-1 from TABLE-NAME-1))-- Extract 1st 3._______ of 1st Row (Data)
1.Extract Database 2. Column 3. Field
Xmas scan (-sX) Sets these flags: the 1.______2. _______ and 3.______ flags, lighting the packet up like a Christmas tree.
1.FIN, 2.PSH, and 3,URG
WS-Address spoofing - BPEL Rollback: 1._______ attack that requires existence of BPEL engine. One message results in the call of 2._______ actions/web service calls that are called by the BPEL engine. The attack only becomes visible once all stages of the BPEL engine are run through.
1.Flooding, 2.multiple
NeuVector delivers 1.__________ __________ Container Security with the only cloud-native, 2.___________ security platform providing end-to-end vulnerability management, automated CI/CD pipeline security, and complete run-time security including the industry's only container firewall to protect your infrastructure from 3.___________-days and 4.________ threats.
1.Full Lifecycle Container, 2. Kubernetes, 3.zero-days and 4. insider threats.
JXplorer allows the tester a nice 1._________ to query remote LDAP 2._________.
1.Graphical User Interface, 2.servers
SOAPAction spoofing: if 1.______is used to transport the SOAP message the SOAP standard allows the use of an additional HTTP header element called 2.___________. This header element contains the name of the executed operation. It is supposed to inform the receiving web service of what operation is contained in the 3.________, without having to do any 4.___________ parsing. Can be used by an attacker to mount an attack.
1.HTTP , 2.SOAPAction, 3..SOAP Body, 4.XML parsing
webhooks: a user-defined 1._________ callback or push 2.______ that are raised based on 3.________ events
1.HTTP, 2.APIs, 3. trigger
Carriage Return" and "Line Feed." These elements are embedded in 1.__________headers and other software 2.________ to signify an 3.______ _ ______ marker. Exploits occur when an attacker is able to inject a 4.________ sequence into an HTTP stream. By introducing this unexpected 5._______injection, the attacker is able to maliciously exploit 6._______vulnerabilities in order to manipulate the web application's functions.
1.HTTP, 2.code, 3.End of Line, 4.CRLF, 5.HTTP, 6.CRLF
The ETag or entity tag is part of 1.________, the protocol for the World Wide Web. It is one of several mechanisms that HTTP provides for Web 2._______ validation, which allows a client to make 3._______requests.
1.HTTP,, 2.cache, 3.conditional
CRIME (Compression Ratio Info-leak Made Easy) is a security exploit against secret web cookies over connections using the 1.___________and ________that also use data 2.____________When used to recover the content of secret authentication cookies, it allows an attacker to perform session hijacking on an authenticated web session, allowing the launching of further attacks. CRIME was assigned CVE-2012-4929.
1.HTTPS and SPDY protocols 2. compression
******FCC1.____are required for all 2._____ emitting devices sold in the USA. By searching an FCC 3.____, you can find details on the 4._______ operating 5.________(including 6._______), photos of the device, user manuals for the device, and 7.______ reports on the wireless emissions.
1.IDs 2.wireless, 3.ID, 4.frequency, 5.strength, 6.SAR
ping /s<count> Specifies that the 1.________ timestamp option in the 2.___ ___________ is used to record the 3.________ of arrival for the echo 4._______message and corresponding echo 5._________message for each hop. The count must be a minimum of 6.______ and a maximum of 7.______. This is required for 8.________-_________ _________ addresses.
1.Internet, 2.IP header, 3.time, 4.request, 5.reply, 6 .one, 7.four, 8.link-local destination
The GOST (Government Standard) block cipher, also called 1.______, is a 2.________-key block cipher having a 3.____round 4._____ network working on 5._____-bit blocks with a 6.______-bit key length. It consists of an 7._____-box that can be kept secret and it contains around 354 bits of secret information.
1.Magma 2.symmetric, 3.32 4.Fiestel 5/ 64 6.256, 7.3S
Port 139:1._______ is an older transport layer that allows 2.______computers to talk to each other on the same 3._____.
1.NETBIOS, 2.Windows, 3.network
The Internal monologue attack allows 1._________ __________hashes to be obtained from the victim's system, without 2.__________ code in the 3._________ or interacting with protected services such as the 4.____________
1.NTLMv1 challenge-response , 2. injecting, 3.memory, 4, Local Security Authority Subsystem Service (LSASS).
Gobbler http://gobbler.sourceforge.net/ Spoofed remote 1._____ detection tool.
1.OS
In Unicornscan, the 1.______ of the target machine can be identified by observing the 2.______values in the acquired scan result.
1.OS,2.TTL
e-banking Form Grabber: A form grabber is a type of malware that captures a target's sensitive data such as IDs and passwords, from a web browser form or page. It analyses 1._______ requests and responses to the 2.________ browser. It compromises the scramble pad 3.______________ and intercepts the scramble pad 4._______ as the user enters his/her Customer Number and Personal Access Code.
1.POST, 2.victim, 3.authentication, 4.input,
Orbot: It is a free software 1.________ server project to provide 2._________ on the Internet for users of the 3.________operating system. Allows traffic routing from a device's web browser, e-mail client, map program, etc., through the 4._____ network, providing anonymity for the user.
1.Proxy, 2.anonymity, 3.Android, 4. Tor
Credential enumerator: a self-extracting 1._______ containing two components, a 2.__________and a 3. ________ component
1.RAR file, 2.bypass , 3.service
WEP uses the insecure 1.______cipher to 2._______ data, but because it was incorrectly implemented, it's vulnerable to reverse-engineering the 3.__________ __________. It's been easily crackable for well over a decade.
1.RC4, 2. encrypt, 3. encryption key
Desynchronization Attack; A typical 1._______ related threat in which a tag's key stored in the back-end 2.________ and the tag's 3._______would not be the 4._______, because of an attacker 5._______ the communication between the parties.
1.RFID, 2.database. 3.memory, 4.same, 5.blocks
Mobile Application Security Testing (MAST) is a blend of SAST, DAST, and forensic techniques while it allows mobile application code to be tested specifically for mobiles-specific issues such as 1._____________, 2.___________,3,______________,4._____________,5._______________6. _____________ 7.____________8.___________
1.SAST, 2 .DAST, 3. jailbreaking, 4, device rooting, 5. spoofed 6. Wi-Fi connections, 7. validation of certificates, 8.data leakage prevention
Port 445:Later versions of 1._____ (after Windows 2000) began to use port 445 on top of a 2._____ stack. Using 2._____ allows 1._____ to work over the internet.
1.SMB 2. TCP
- VRFY: This 1._________ command is used to verify a user 2.______ on a mail 3.________.
1.SMTP, 2.ID, .3.mail domain
An open mail relay is an 1._________ server that is configured to allow 2.___________on the Internet to send email through it, not just mail destined to or originating from known users.
1.SMTP, 2.anyone
- EXPN: This 1.______ command asks for confirmation about the identification of a 2.______ list.
1.SMTP, 2.mailing
WS-Address spoofing: An attacker send a 1._______ message, containing WS-Address information, to a web service server. The2._______element doesn't contain the 3._________ of the attacker but instead the 4._________ service client who the attacker has 5._______to receive the message
1.SOAP, 2.<ReplyTo> ,3.address,4.web service , 5.chosen
The DROWN| (Decrypting RSA with Obsolete and Weakened eNcryption) attack is a cross-protocol security bug that attacks servers supporting modern 1._________ protocol suites by using their support for the obsolete, insecure, 2._________ protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure.
1.SSLv3/TLS, 2.SSL v2
The half-open scan sends an 1.________ message and just notes the 2.________ responses.
1.SYN 2. SYN-ACK
Metasploit has a Meterpreter script, getsystem, that will use a number of different techniques to attempt to gain 1.__________ level privileges on the 2._______ _______.
1.SYSTEM, 2.remote system
Internet Security Association and Key Management Protocol (ISAKMP) is a protocol defined by RFC 2408 for establishing 1._________ and 2.____________keys in an Internet environment.
1.Security association (SA), 2.cryptographic
A jamming attack:is the transmission of radio signals that disrupt communications by decreasing the 1.___________-plus-2._____ratio
1.Signal-to-Inference, 2. noise
Threefish was developed in 2008 and it is a part of the 1._______ algorithm. It was enrolled in NIST's 2.__________ (hash function) contest. It is a large tweakable 3.__________-key 4._________ cipher in which the 5._______ and 6._______ sizes are equal, i.e., 256, 512, and 1024
1.Skein 2.SHA-3, 3.symmetric 4.block 5.block 6. key
A 1,_______virus is a kind of malware that does everything to avoid detection by antivirus or antimalware. It can hide in legitimate files, boot sectors, and partitions without alerting the system or user about its presence
1.Stealth
CAST-128: 1._________block cipher having a classical 2.___ or _____-round 3..______ network with a block size of 4..______ bits for encryption, which includes large 8 × 32-bit S-boxes based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR operations. This cipher also uses a 5._________ key and a .6.._______ key for performing its functions.
1.Symmetric-key , 2. (12), 2. (16) ,3. Feistel , 4. (64) bits, 5. masking, 6. rotation
Netcat is a utility capable of establishing a 1._____ or 2._____ connection between two computers, meaning it can 3._____ and 4._______through an open port to crack the hash
1.TCP, 2.UDP, 3.write, 4.read (backdoor utility)
- RCPT: Must include a "1.______" parameter specifying the 2.__________mailbox, and may also incorporate other optional parameters.
1.TO, 2.recipient,
BeEF : This is short for 1.__________. It is a penetration testing tool that focuses on the 2.__________.
1.The Browser Exploitation Framework, 2.web browser
UDP flood attack occurs when numerous fabricated 1._____ packets are fired at a server until it becomes 2._________.
1.UDP, 2. unresponsive
Wash is a utility for identifying 1.______ enabled access points. It can 2._______ from a live interface or it can 3._______ a list of pcap files.
1.WPS, 2.survey, 3.scan
SSIs (server side includes injections) are directives present on 1._________applications used to feed an 2.________ page with 3._________ contents.
1.Web , 2.HTML, 3.dynamic
Key Reinstallation Attack.KRACK is a severe replay attack on 1.___________protected access protocol, which secures your 2.___________ connection. Hackers use KRACK to exploit a vulnerability in 3._______. When in close range of a potential victim, attackers can access and read encrypted data using KRACK.
1.Wi-Fi Protected Access protocol (WPA2), 2.Wi-Fi, 3.WPA2
Ophcrack is a free open-source (GPL licensed) program that cracks 1._________ __________passwords by using 2.__________ _________ through 3.________tables.
1.Windows log-in, 2.LM hashes, 3.rainbow
WS-Policy is a specification that allows web services to use 1.________ to advertise their policies (on security, quality of service, etc.) and for web service consumers to specify their policy requirements.
1.XML
-oX <filespec> -Requests that 1._______ output be directed to the given 2,_______
1.XML. 2.filename
Nmap Xmas scan was considered a stealthy scan which analyzes responses to 1._______ packets to determine the nature of the 2.______ device.
1.Xmas 2. replyng
Key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against_1._____________ by increasing the ___________________it takes to test each possible key.
1.a brute-force attack, 2.resources (time and possibly space)
The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet protocol suite for 1._________ and 2._________ of network 3._________ and presence information. It accomplishes this without the assistance of 4.______-based configuration mechanisms, such as 5.______ or 6._______, and without special ______ configuration of a network host.
1.advertisement, 2.discovery, 3.server, 4.DHCP, 5.DNS,DHCP, 6.static
Promiscuous mode is a mode for a wired network interface controller (NIC) or wireless network interface controller (WNIC) that causes the controller to pass 1.all _______it receives to the central processing unit (CPU) rather than passing only the 2.________ that the controller is 3.________programmed to receive
1.all traffic, 2.frame, 3.specifically programmed
tcptrace is a TCP connection 1.______ tool. It can tell you detailed information about TCP connections by sifting through 2._____ ______
1.analysis 2.dump files
Incident triage In this phase, the identified security incidents are 1.____________,2.________,3.__________ and 4.____________ . The IH&R team further analyzes the compromised device to find incident details such as the 1.__________. 2.__________. 3.__________. and 4.method of_________. 5. and any _____it exploited
1.analyzed, 2.validated, 3.categorized, and 4.prioritized 1.type of attack, 2.its severity, 3.target, impact, 4.method of propagation, and any vulnerabilities it exploited.
Msfencode is a useful tool that alters the code in an executable so that it looks different to 1.______ software but will still run the same way.
1.antivirus
According to clause 11.3 of Payment Card Industry Data Security Standard: "Perform external penetration testing at least 1.________and after any significant infrastructure or application 2._______ or _________
1.anually 2.. upgrade or modification
An untethered jailbreak is a jailbreak that does not require any 1._______ when it 2.______up ========== - Semi-tethered Jailbreak allows a user to 1._______ their phone normally, but upon doing so, the jailbreak and any modified code will be effectively 2.________, as it will have an 3._________ kernel. ========== - Semi-untethered Jailbreak; This type of jailbreak is like a semi-tethered jailbreak in which when the device reboots, it no longer has a _________ kernel, but the key difference is that the kernel| can be patched without using a _______
1.assistance 2.reboots up. 1.reboot, 2.disabled, 3.unpatched
A masquerade attack is one where the perpetrator 1._______ the identity of a co-employee to 2_____victims into providing user 3,________ that he/she can then use to gain 4.________ to other connected accounts.
1.assumes, 2. trick, 3. credentials, 4. access
SSL/TLS uses both 1.______________ and _________encryption to protect the 2.____________ and 3._________of data-in-transit. 4._________ encryption is used to establish a secure session between a client and a server, and 5.________ encryption is used to exchange data within the secured session.
1.asymmetric and symmetric, 2.confidentiality , 3.integrity, 4.asymmetric, 5.symmetric
RSA is 1.________, which is used to create a 2.____________ pair, AES is 3._________ which is used to encrypt data
1.asymmetric, 2.public/private key, 3.symmetric,
Actions on Objective: Once the ___________ gains _________ access, they finally take action to fulfill their purposes, such as:3.__________, data_________, data _________.
1.attacker, 2.persistent, 3.ransomware, exfiltration, or even destruction.
Wapiti allows you to 1._________ the security of your 2._______ or 3.________applications. It performs 4.__________ scans of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data.
1.audit, 2.website or 3.web, 4."black-box"
• Session token in a hidden form field: In this method, the victim must be tricked to 1._________ in the target Web Server, using a 2.______ developed for the attacker. The 3. _______could be hosted in the evil 4. _______ ________ or directly in html formatted 5._______
1.authenticate 2. login form 3. form 4. web server 5. email
DNSSEC is a set of extensions to DNS to provide DNS clients (resolvers) origin 1. ______________ of DNS data, 2. _______ ________of ________, and data 3. ______, but not 4. ________ or 5. _________.
1.authentication, 2. authenticated denial of existence, 3.data integrity, 4. availability, 5. confidentiality
cloudborne: An attack scenario affecting various cloud providers could allow an attacker to implant persistent 1.________ for data theft into 2._______ cloud servers, which would be able to remain intact as the cloud infrastructure moves from customer to customer.
1.backdoors 2.bare-metal
(Application Shim) was created to allow for 1._________compatibility of software as the 2.________ codebase changes over time.
1.backward, 2.OS
AP Beacon Flood: Generating thousands of counterfeit 802.11 1.______to make it difficult for clients to 2.________ a legitimate 3.______.
1.beacons, 2.find, 3.AP
A multipartite virus is a computer virus that can attack both the 1.________________and 2.___________ of an infected computer.
1.boot sector, 2.executable files
VisualRoute offers a wide variety of network tools that help users keep one step ahead of network issues such as 1.__________ and 2.________.
1.bottle necks, 2.packet loss/latency issues.
Heartbleed is a security 1._____ in the 2.______ cryptography library, which is a widely used implementation of the 3.______ Layer Security protocol .allowing theft of the servers' private keys and users' session cookies and passwords.
1.bug, 2.OpenSSL, 3.Transport Layer Security (TSL)
IntentFuzzer detecting 1._____ leaks of 2._______ applications
1.capability, 2.Android
elicitation is the strategic use of 1.____________to extract information from people (targets) without giving them the feeling that they are being 2.____________or 3.__________for the information.
1.casual conversation 2. interrogated 3.pressed
Passive Online Attacks: A passive attack is a type of system attack that does not lead to any 1.__________ in the system. ------------ In this attack, the attacker 2._________ or ___________the data passing over the communication channel, to and from the system. The data are then used to 3._________ into the system. ------------ Techniques used to perform passive online attacks include 4.________ sniffing, 5. ______-in-the-middle attacks, 6._______ attacks, etc.
1.changes 2. monitors or record 3. break 4.wire sniffing, 5.man-in-the-middle attacks, 6.replay attacks, etc.
AP Denial-of-Service: Exploiting the carrier-sense multiple access with collision avoidance (CSMA/CA) clear 1. channel __________ mechanism to make a 2. _______appear 3._________.
1.channel assessment (CCA), 2.channel, 3.busy
The related-key attack is similar to the 1.________ plaintext attack, except that the attacker can obtain 2._________ encrypted under two different 3.______.
1.chosen, 2.ciphertext, 3.keys
A shape adaptive chosen-plaintext attack is a 1.____________plain-test attack scenario in which the attacker has the ability to make his 2._________ plaintext of the inputs to the 3.____________ function based on the 4.________ chosen-plaintext queries and their corresponding 5.___________.
1.chosen-plaintext 2.chosen-plaintext 3. encryption 4. previous 5. ciphertexts
A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker can obtain the 1.______for arbitrary 2.________ ------------------------------- The related-key attack is similar to the 3.________ plaintext attack, except that the attacker can obtain 4._________ encrypted under two different 5.______. ------------------------------- A shape adaptive chosen-plaintext attack is a 6.____________plain-test attack scenario in which the attacker has the ability to make his 7._________ plaintext of the inputs to the 8.____________ function based on the 9.________ chosen-plaintext queries and their corresponding 10.___________. ------------------------------- A known-plaintext attack (KPA) is an attack model for cryptanalysis where the attacker has access to both the 11.________, and its 12._______ version (ciphertext).
1.ciphertexts, 2.plaintexts 3.chosen, 4.ciphertext, 5.keys 6.chosen-plaintext 7.chosen-plaintext 8. encryption 9. previous 10. ciphertexts 11.plaintext (called a crib) 12. encrypted
AT&T USM: USM (Unified Security Manager) Anywhere centralizes security monitoring of networks and devices in the 1._________,2.___________,3._________ helping you to detect threats virtually anywhere
1.cloud, 2.on-premises, and in 3.remote locations,
modbus read --output SCADAcoils.txt <IP> 101 100 modbus read --output SCADAcoils.txt <IP> %M100 100 Use the following command to capture 1._____ values into an 2.______ file:
1.coil 2. output
Using DNS tunnelling, an adversary can also communicate with the 1.___________ server, 2.________ security controls, and perform data 3. __________.
1.command and control, 2. bypass, 3. exfiltration
The msfcli provides a powerful 1._______ line interface to the framework. This allows you to easily add Metasploit 2._______into any 3._______you may create.
1.command line interface, 2.exploits, 3.scripts
Nikto is a free software 1.__________ vulnerability scanner that scans 2.__________for dangerous files/CGIs, outdated server software and other problems.
1.command-line, 2.webservers,
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized 1.________are submitted from a user that the web application trusts. There are many ways in which a malicious website can transmit such commands
1.commands
The /etc/sudoers file controls who can run what 1._______ on what 2._______ and special things such as whether you need a password for particular commands.
1.commands 2. machines
A side-channel attack is any attack based on information gained from the implementation of a 1._______ _______, rather than weaknesses in the implemented 2. _________ itself (e.g. cryptanalysis and software bugs). Timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited.
1.computer system, 2.algorithm
ntitle:"Sipura.SPA.Configuration" -.pdf: Finds 1.________ pages for online 2.______ devices ----------- inurl:8080 intitle:"login" intext:"UserLogin" "English" 3.______ login portals ----------- "Config" intitle:"Index of" intext:vpn directory with 4._____ of 5._____ servers ----------- !Host=*.* intext:enc_UserPassword=* ext:pcf Looks for 6._____ configuration files (.pcf), which contain user 7.______ profiles ----------- filetype:pcf vpn OR Group Finds publicly accessible 8.______ used by 9._____ clients
1.configurations 2. VOIP 3.VOIP 4. keys 5. VPN 6. profile 7. VPN 8. .pcf 9. VPN
Robots.txt: is used to control 1.______ access. It is an easy means to 2._____ certain resources such as unimportant images, style, or script files from 3.________ _________.
1.crawling, 2.exclude, 3.search engines.
Container Tech Tier-1:Developer machines - image 1.__________,2.________,3._________ ========= Container Tech Tier-2: 1.______and accreditation systems - 2._______and 3.__________of image contents, signing images and sending them to the registries ========= Container Tech Tier-3:Registries - 1.________ images and________images to the _____________based on requests ========= Container Tech Tier-4:Orchestrators - 1.__________ images into containers and 2.________ containers to hosts ========== Container Tech Tier-5:Hosts - 1.________and 2.__________ containers as instructed by the orchestrator
1.creation, 2.testing and 3.accreditation ========= 1.testing, 2. verification, 3. validation ========= 1.storing, 2.disseminating, 3.orchestrators ========= 1.transforming, 2. deploying ========= 1.operating, 2. managing
an ideal framework for an edge would be such that it provides 1._________ components so that it can be deployed and work in any 2.________ condition possible.
1.cross-platform 2. physical
Vulnerability Management Life Cycle: Assess: Determine a baseline risk profile so you can eliminate risks based on 1.asset________ 2._______, and 3.asset _______
1.crticality 2. vulnerability 3. classification
Adversaries may create or modify launch 1.______ to repeatedly execute malicious 2.________as part of persistence.
1.daemons, 2.payloads
The Smurf attack is a distributed 1.__________attack in which large numbers of 2.______ packets with the intended victim's spoofed source 3._____ are 4.________ to a computer network using an IP 5.________ address.
1.denial-of-service, 2.ICMP, 3.IP, 4.broadcast, 5.broadcast
automated patch management 1._______: Use tools to detect missing security patches. 2.______: Asses the issue(s) and its associated severity by mitigating the factors that may influence the decision. 3._______: Download the patch for testing. 4._____: Install the patch first on a test machine to verify the consequences of the update. 5.______: Deploy the patch to computers and ensure that applications are not affected. 6._______: Subscribe to receive notifications about vulnerabilities when they are reported.
1.detect 2. assess 3. acquire 4. test 5.deploy 6.maintain
2. [IRP] Identification: involves 1._________whether or not an organization has been breached.
1.determining
Differential cryptanalysis - is the study of how 1.________ in information 2.________ can affect the resultant difference at the 3.______.
1.differences, 2.input, 3.output
3. [IRP] Containment involve 1.__________the impacted device from the 2.________or having a 3.________ system that can be used to 4.________ normal business operations.
1.disconnecting, 2.internet, 3.back-up, 4.restore
ARP ping scan- Use this technique to 1._______ all the 2.______ devices hidden by a 3.________ firewall in the IPv4 range in a target network.
1.discover, 2.active, 3.restrictive
inference-based assessment, the scanning process begins by gathering information based on 1. ______methods, including 2._____
1.discovery, including 2. host identification, operating system detection and fingerprinting port scanning, and protocol detection.
three-tier application architecture-Presentation tier Its main purpose is to 1.______ information to and 2._____ information from the user.
1.display 2. collect 1.stored 2. managed
Macro viruses work by embedding malicious code in the macros associated with 1.____________,_____________,__________, causing the malicious programs to run as soon as the documents are 2._______.
1.documents, spreadsheets, and other data files 2.opened
DNS rebinding is a method of manipulating resolution of domain___________ that is commonly used as a form of computer attack. A malicious web page causes visitors to run a 2. client-side_________ that attacks machines elsewhere on the network . This attack can be used to breach a private network by causing the victim's web browser to access computers at private IP addresses and return the results to the attacker.
1.domain names, 2.client-side script
net view : Displays a list of 1.__________,2._________ or 3._________that are being shared by the specified computer.
1.domains, 2. computers, or 3.resources
e-banking Covert Credential Grabber: This type of malware remains 1.__________until the user performs an online 2._______ transaction. It works covertly to 3.______ itself on the computer and edits the 4.___________ entries each time the computer is 5._________.
1.dormant, 2.financial, 3.replicate, 4.registry, 5.started
A replay attack occurs when a cybercriminal 1._________ on a secure network communication, 2.____________ it, and then fraudulently 3.______ or _________ it to misdirect the receiver into doing what the hacker wants.
1.eavesdrops 2. intercepts 3.delays or resends
Infoga is a tool gathering 1._______ information (IP, hostname, country,...) from a different 2.________ (search engines, PGP key servers, and shodan) and checks if emails were leaked using haveibeenpwned.com API. It is a really simple tool but very effective for the early stages of a penetration test or to know your company's visibility on the Internet.
1.email accounts, 2.public source
Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered 1._____ containing an 2,________ or 3.________has had its content and recipient address(es) taken and used to create an almost 4._______ email.
1.email, 2.attachment, 3.link, 4.cloned
A web spider (also known as web crawler or web robot) is a program or automated script that browses websites in a methodical manner to collect specific information such as1._________,and 2.__________.
1.employee names and 2.email addresses.
A Spacefiller (Cavity) virus tries to attack devices by filling the 1.________ present in various files. Its working strategy involves using the 1._________ of a file to house a virus, without altering its actual size. This also makes its detection quite impossible.
1.empty spaces
Sandbox detection 1.____________the whole environment and runs a scanned sample in a virtual machine with a real2.__________) and 3.__________ installed.
1.emulates , 2.operating system (OS,applications
obfuscating:This technique 1_______packets with _______characters. The target company's IDS cannot recognize the ______, but the target web server can ______ them.
1.encoded, 2.unicode. 3.packets, 4.decode
DNS Tunneling is a method of cyber attack that 1.________ the data of other programs or protocols in 2.________ queries and responses.
1.encodes 2.DNS
Cryptcat enables us to communicate between two systems and 1._______the communication between them with 2__________, one of many excellent encryption algorithms from Bruce Schneier et al. IDS can't detect the 3._____________ taking place even when its traveling across normal HTTP ports like 80 and 443.
1.encrypt 2.twofish 3. malicious behavior
IPsec driver: Software that performs protocol-level functions required to 1._______ and 2._________ packets.
1.encrypt, 2.decrypt
A crypter is a type of software that can 1.___________,_2.__________ and 3.___________ malware, to make it harder to 4._________ by security programs.
1.encrypt, 2.obfuscate, and 3.manipulate; 4.detect
Grille ciphers: A technique used to 1._______ plaintext by 2.______ it onto a sheet of paper through a 3.______ (or stenciled) sheet of paper, cardboard, or any other similar material. In this technique, one can decipher the message using an identical 4.._______.
1.encrypt, 2.writing,3. pierced, 4.grille
Shadowsocks : Its is a free and open-source 1.________protocol project, widely used in China to circumvent 2.________ censorship.
1.encryption, 2.Internet
The function of a TPM is to generate 1.________ keys and keep a part of the key inside the 2.______ rather than all on the disk.
1.encryption, 2.TPM
Global deduction — the attacker discovers a functionally equivalent algorithm for 1.________ and 2.________, but without learning the 3.______.
1.encryption, 2.decryption, 3.key
Global deduction — the attacker discovers a functionally equivalent algorithm for 1.________ and 2.________, but without learning the 3.______. -------------- Information deduction — the attacker 4.______ some information about plaintexts (or ciphertexts) not previously 5._______ -------------- Instance (local) deduction — the attacker discovers additional 6___________ (or ciphertexts) not previously 7.__________.
1.encryption, 2.decryption, 3.key 4.gains, 5.known 6.plaintext, 7.known
Global deduction — the attacker discovers a functionally equivalent algorithm for 1.________ and 2.________, but without learning the 3.______. -------------- Information deduction — the attacker 4.______ some information about plaintexts (or ciphertexts) not previously 5._______ -------------- Instance (local) deduction — the attacker discovers additional 6.___________ (or ciphertexts) not previously 7.__________.
1.encryption, 2.decryption, 3.key 4.gains, 5.known 6.plaintext, 7.known
SA refers to several protocols used for negotiating 1.__________ keys and 2.____________. One of the most common SA protocols is 3.______ ______ ________.
1.encryptions, 2.algorithms. 3.Internet Key Exchange (IKE)
fileless malware obfuscation techniques to bypass antivirus: (^) caret symbol used to 1._______ malicious commands at execution time
1.escape
Session splicing is an IDS 1._______ technique in which an attacker delivers data in 2._________, smallsized packets to the 3. ________ computer, making it very difficult for an 4.______ to detect the attack signatures.
1.evasion, 2.multiple, 3.target, 4.IDS
Bluesmacking attack works by transmitting a data packet that 1.________ the 2._______packet size available on Bluetooth devices.
1.exceeds 2. max
A code emulation emulates only the 1._______ of the sample itself. It temporarily 2. ________objects that the sample interacts with.
1.execution ,2. creates
XML Flooding (also known XML Flood) aims at 1.___________ the resources of a web service by sending a large number of legitimate 2.___________ Messages.
1.exhausting, 2.SOAP
Extension Mechanisms for DNS (EDNS) is a specification for 1._________ the size of several 2._________ of the Domain Name System (DNS) protocol which had 3.______ restrictions_ that the Internet engineering community deemed too limited for increasing functionality of the protocol.
1.expanding, 2.parameters, 3.size restrictions
Man-in-the-Cloud" (MITC) attacks rely on common 1.________services as their infrastructure for 2.______. 3._____. and 4.________.
1.file synchronization, 2. command and control (C&C), 3.data exfiltration, and 4.remote access
6. [IRP] Review: The 1.______step in an incident response plan occurs after the incident has been solved. Throughout the incident, all details should have been properly documented so that the information can be used to 2.________similar breaches in the future. Businesses should complete a detailed 3,___________ that suggests tips on how to improve the existing incident plan. Companies should also closely monitor any post-incident activities to look for threats.
1.final, 2.prevent, 3.incident report
Privacy-Enhanced Mail (PEM) is a file format for storing and sending
cryptographic keys, certificates, and other data
A yo-yo attack generates a 1._______ of traffic until a 2._________service 3.________ outwards to handle the increase of traffic, then halts the attack, leaving the victim with 4._______________ resources
1.flood, 2.cloud-hosted, 3.scales, 4.over-provisioned
e-banking HTML Injection: The Trojan creates fake 1.________ fields on e-banking pages, thereby enabling the attacker to collect the target's 2._______ _______, credit card number, date of birth, etc. The attacker can use this information to 3.________________ the target and 4.___________his/her account.
1.form, 2.account details, 3.impersonate, 4.compromise
The Web Services Description Language (WSDL) is an XML-based interface description language that is used for describing the 1._______ offered by a 2.______________.
1.functionality, 2.web service
Information deduction — the attacker 1.______ some information about plaintexts (or ciphertexts) not previously 2._______
1.gains, 2.known
IOT 1._______ should incorporate strong encryption techniques for secure communications between endpoints
1.gateway
MSFpayload is a command line instance of Metasploit that is used to 1._________ and 2.________ all of the various types of 3.________ that are available in Metasploit.
1.generate, 2.output, 3.shellcode
Armitage is a 1.________ cyber-attack management tool for the Metasploit Project that 2._______ targets and recommends 3.______.
1.graphical, 2. visualizes, 3. exploits
Robotium is an open-source test framework for writing automatic 1.________ testing cases for 2._________applications.
1.gray box, 2.Android
RESTful is a collection of resources that use 1.___________ methods such as 2.________, __________, __________, __________
1.http 2. put, post, get and delete
Operational threat intelligence is mostly collected from sources like 1._______, 2.________ ,3._________and 4.__________events that lead to cyber-attacks.
1.humans, 2.social media and 3.chat rooms, and additionally from 4.real-world activities
• Session token in the URL argument: The Session ID is sent to the victim in a 1._________ and the victim accesses the site through the malicious 2.________ .
1.hyperlink, 2.URL
A clickjacking attack is performed when the target website is loaded into an 1._______ element that is masked with a 2.______ _______ element that appears 3._________.
1.iframe 2. web page 3. legitimate
TRAP sends a notification about the past event 1.____, without waiting for the manager's 2.____, and does not need 3._______ of receipt?
1.immediately 2. request 3. confirmation
CVSS basic metric represents the 1.______qualities of vulnerabilities CVSS temporal metric represents the features that continue to 2._________during the 3.______ of the vulnerability CVSS environmental metric represents vulnerabilities that are based on a particular 4._____________ or 5.____________.
1.inherent 2.change, 3.lifetime 4.environment or 5.implementation
Wrapping attacks aim at 1._______ a 2._____ element into the 3._______structure so that a 4._____ ______ covers the unmodified element while the 5._____ _____ is processed by the application login
1.injecting, 2.faked, 3.message, 4.valid signature, 5.faked one
In cases where source routing is disabled, the session hijacker can also use 1.______ hijacking where he injects his malicious data into intercepted communications in the 2._______session. It is called blind because he cannot 3._______the response.
1.injects, 2.TCP, 3.see
AH transport would only ensure the______ of the LAN data,
1.integrity
ESP & AH tunnel mode should be used to secure the 1.______ and 2.________of data 3.____________networks and not 4._________ a network;
1.integrity, 2.confidentiality, 3.between, 4.within
-T flag. can influence the 1.________ (and 2._______) of the scan with this flag
1.intensity and 2.speed
Offline, diversion thefts involve 1.__________ deliveries by persuading couriers to go to the wrong location.
1.intercepting
Key whitening : It is a technique intended to increase the security of an 1._____ block cipher. It consists of steps that combine the 2. ______with portions of the key.
1.iterated, 2.data
Once the connection is captured, perform a 1._________ operation using the following command btlejack -f 0x129f3244 -j Start 2. ________the connection using the following command: btlejack -f 0x9c68fd30 -t -m 0xlfffffffff
1.jamming 2.hijacking
Jargon codes: is like a substitution cipher in many respects, but instead of replacing 1._______code, individual 2.________, the 3._______ themselves are changed. An example of a jargon code is "cue" code ----------------- Semagrams: A text semagram hides the text message by 4._________ or 5.________ the appearance of the carrier text message, such as by changing font sizes and styles, adding extra spaces as whitespaces in the document, and including different flourishes in letters or handwritten text
1.jargon code:2. individual letters, 3. words 4.converting, 5. transforming
Soap Array Attack: By default, SOAP doesn't 1._________the number of elements within an array. This property can be 2._________ by an attacker to execute a DOS attack limiting the availability of the web service.
1.limit , 2.exploited
Google- [link:]- Search for______ to pages
1.links
Strategic threat intelligence provides high-level information relating to cyber security posture, threats, details regarding the 1._____impact of various cyber activities, attack trends, and the impacts of high-level 2.________selections. This info is consumed by 3._______ _______ and 4.__________of the organization like IT 5.__________ and 6.________.
1.money ,2.business , 3.high-level executives, 4.management,5. management, 6.CISO
Network intrusion detection systems (NIDS) are placed at a strategic point or points within the network to_______traffic to and from all devices on the network.
1.monitor
The Docker daemon (dockerd) 1._______ for Docker API requests and 2.________ Docker objects such as images, containers, networks, and volumes. A daemon can also 3._____________ with other daemons to manage Docker services. =========== The Docker client (docker) is the primary way that many Docker 1.________ interact with Docker. When you use commands such as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one 2.________. ============= A Docker registry stores Docker 1._______. Docker Hub is a public registry that anyone can use, and Docker is configured to look for 1.__________ on Docker Hub by default. You can even run your own private registry.
1.listens 2.manages 3.communicate ======== 1.users2.daemon ======== 1.images
The Docker daemon (dockerd) 1._______ for Docker API requests and 2.________ Docker objects such as images, containers, networks, and volumes. A daemon can also 3._____________ with other daemons to manage Docker services. ========== The Docker client (docker) is the primary way that many Docker 1.________ interact with Docker. When you use commands such as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one 2.________. ========== A Docker registry stores Docker 1._______. Docker Hub is a public registry that anyone can use, and Docker is configured to look for 1.__________ on Docker Hub by default. You can even run your own private registry.
1.listens 2.manages 3.communicate ========= 1.users2.daemon ======== 1.images
Pharming is a scamming practice in which 1.__________ is installed on a personal computer (PC) or server, 2.____________ users to fraudulent websites without their knowledge or consent. ============ Pharming exploits interest address in two ways: 1.change computer's 1. ________ ________ to direct traffic away from its intended target 2. hackers use a technique called 2._____ ______
1.malicious code, 2. misdirecting ========= 1. host files 2. DNS poisoning
rootkits are 1.___________associated with that provides root-level, privileged access to a computer while 2.________ its existence and actions.
1.malicious software, 2. hiding
Droppers are programs that secretly install 1.______programs, built into their 2._____, on a computer.
1.malicious, 2.code
Agent Smith: modular 1._____ that exploits a series of 2._______vulnerabilities to replace legitimate existing apps with a malicious imitation.
1.malware, 2. Android
5. Installation:In this step, the 1._______ installs an 2._______ _______for the 3.________. This 4._______ ________ is also known as the 5.________.
1.malware, 2.access point, 3.attacker, 4.access point, 5.backdoor
4. Exploitation:In this step, the 1._______ starts the 2.________. The program code of the 3.________ is triggered to exploit the target's 4._________
1.malware, 2.action, 3.malware, 4.vulnerabilities
6. Command and Control: The 1._________ gives the 2.___________access to the 3._________/___________.
1.malware,2.attacker, 3.network/system
The POODLE attack (which stands for "Padding Oracle On Downgraded Legacy Encryption") is a 1.________ exploit which takes advantage of Internet and security software clients' fallback to 2.________.
1.man-in-the-middle, 2. SSL 3.0 (TLS protocol)
TCP Hijacking -A type of 1._______ attack where an attacker is able to _2._____the packets of the network participants and 3._____ their own packets to the network. The attack takes advantage of the_4.______ connection establishment features and can be carried out both during the 5._______ and when the connection is 6._________.
1.man-in-the-middle, 2. view, 3. send, 4.TCP, 5. triple handshake, 6. established
Evilginx is a 1._____________ attack framework used for 2._________ credentials and 3.________ cookie of any web service. It's core runs on 4._________ HTTP server, which utilizes 5._________pass and 6.sub________ to 7.______and 8._______HTTP content, while 9.________ traffic between client and server.
1.man-in-the-middle, 2.phishing, 3.session cookies, 4.Nginx, 5.proxy_pass, 6.sub_filter, 7.proxy, 8.modify, 9.intercepting
GetRequest: Used by the SNMP 1.______ to request 2._____ from an SNMP 3._____ ------------ GetNextRequest: Used by the SNMP manager 4._________ to 5._______ all the data stored in an array or table ------------ GetResponse: Used by an SNMP agent to satisfy a 6._______ made by the SNMP 7._________
1.manager,2.info 3. agent ------------ 4.continuously,5. retrieve ------------ 6.request 7. manager
"Flowmon empowers 1.__________and 2._____companies to ensure the reliability of their industrial 3.________ to avoid downtime and disruption of service continuity"
1.manufacturers, 2.utility, 3.networks
A fingerprinting algorithm is a procedure that 1._______an arbitrarily large 2.______ item (such as a computer file) to a much shorter 3.____ string, its fingerprint, that uniquely 4.______ the original 5.______ for all practical purposes
1.maps, 2.data, 3.bit, 4. identifies, 5.data
- Exploiting the Dragonfly handshake: In this method, the attacker 1.___________ as an authentic 2._______. When a user attempts to exchange keys to access the Internet using the 3.______________ authentication_ mechanism, the attacker informs the user that it does not support the 4.________method. Then, the attacker suggests the use of a weaker encryption mechanism such as 5.__________ for accessing the Internet. Subsequently, the attacker can use various techniques to exploit or crack the 6.________ encryption.
1.masquerades, 2.AP, 3.WPA3 authentication, 4. (WPA3) ,5.(WPA2), 6. (WPA2)
smtp-user-enum -m n: 1._____ number of processes (default: 2._____) ----------- smtp-user-enum -M mode: Specify the 3.______command to use for username guessing from among 4. ______ 5._______ and 6.________ (default: 7._______) ----------- smtp-user-enum -u user: Check if a user exists on the 8.______ system ----------- smtp-user-enum o -f addr: Specify the 9._______ email address to use for 10._______ ________guessing (default: [email protected])
1.max 2. (5) 3.SMTP 4. EXPN, 5. VRFY, and 6.RCPT TO (default: 7.VRFY) 8. remote system 9.from 10. RCPT TO
three-tier application architecture-Application tier (logic tier) 1._______ and 2.________ data between tiers
1.moving 2. processing
Technical threat intelligence provides information above an attacker's 1.___________that are used to perform the 2.______.
1.resources, 2. attack,
Unspecified Proxy Activities An adversary can create and configure 1.________ domains pointing to the same 2.______, thus, allowing an adversary to 3.______ quickly between the 4.______ to avoid detection.
1.multiple, 2.host, 3.switch, 4.domain
Dynamic DNS (DDNS) is a method of automatically updating a 1.______ server in the Domain Name System (DNS), often in 2._________, with the active DDNS configuration of its configured hostnames, addresses or other information.
1.name server, 2.real-time
In Windows OS, 1._______ pipes are used to provide legitimate _________ between running processes.
1.named pipes, 2.communication
Outlook scraper:a tool that scrapes 1.______ and _2._____addresses from the victim's 3.________ accounts and uses that information to send out additional 4._________ emails from the compromised accounts.
1.names, 2.email, 3.Outlook, 4.phishing
Port forwarding or port mapping is an application of 1.____________that redirects a communication request from2._________ and 3._________ combination to another while the packets are traversing a network 4.__________, such as a 5.________ or 6._________.
1.network address translation (NAT), 2.one address, 3.port number, 4.gateway, 5.router, 6.firewall
NetBIOS stands for Network Basic Input Output System. It Allows 1._______ communication over a 2.______ and allows them to share 3._____ and 4._______.
1.network, 2.LAN, 3.files, 4.printers
-r: Nmap randomizes the port scan order by default to make detection slightly harder. The -r option causes them to be scanned in _________ order instead.
1.numerical
NCollector Studio is an all in one 1.____________,_2.__________ aimed at home users and professionals needing to download specific files from a website or full websites for 3.__________
1.offline browser, 2. website ripper/crawler, 3. offline browsing.
The term pretexting indicates the practice of presenting 1.________as 2.____________ else to obtain private information
1.oneself, 2.someone
ISAPI (Internet Server Application Programming Interface) filters can be used to 1.________ items that have already been cued as "2._________ ________ and allow hackers to enter into web spaces that are intended to be 3.___________.
1.open, 2.access denied, 3.confidential
A port knocking is a method of externally 1.______ ports on a firewall by generating a connection 2.______on a set of prespecified 3._______ports. Once a 4.________ sequence of connection attempts is received, the firewall rules are 5.________modified to 6.______ the host which sent the connection attempts to connect over specific port(s).
1.opening, 2.attempt, 3.closed ports, 4.correct, 5.dynamically, 6.allow
- Kernel-mode are implemented within an 1._________ kernel module, where they can control all 2.____________ In addition to being difficult to detect, kernel-mode rootkits can also impact the stability of the target system
1.operating system's, 2.system processes.
Stateful firewalls will discard 1.____________ACK packets, leading to no 2.__________. When this occurs, the port is marked as 3.________.
1.out-of-sync , 2.response, 3.filtered
Tcpdump is a data-network 1.________ analyzer computer program that runs under a 2._________
1.packet, 2.command-line interface
in general scenarios, 1.___________are used to improve the readability of the code, group complex expressions, and split commands.
1.parentheses
Slowloris: During its execution, 1.______ HTTP requests are sent to the 2._____ infrastructure or applications and upon receiving a 3._____request, the target server 4._______ multiple connections and keeps 5.________ for the requests to complete..
1.partial, 2.web, 3.partial, 4.opens, 5.waiting
Offline Attacks: Offline attacks refer to 1. attacks in which an attacker tries to recover cleartext from a hash dump. Offline attacks are often time-consuming but have a high success rate, as the 1. hashes can be reversed owing to their small 1.________ and 2.______. Attackers use 3.__________ hashes from 4.________ tables to perform 5._________ and distributed network attacks.
1.password, 2.keyspace 3.short length 4.pre-computed 5.rainbow, offline
Stands for "PRobability INfinite Chained Elements." The PRINCE attack uses an algorithm to try the most likely 1. ______candidates with a refined 2._______ attack.
1.password, 2. combinator
e-banking TAN Gabber: A Transaction Authentication Number (TAN) is a single-use 1._________for authenticating online 2._________ transactions.
1.password, 2.banking,
Kon-Boot is a software utility that allows users to bypass Microsoft Windows 1.________and Apple macOS 1._________
1.passwords
Mail PassView: a 1.________ recovery tool that reveals 2.___________and account details for various 3._________ and passes them to the 4.________ enumerator module.
1.passwords 2.email 3.clients, 4.credential
When the device reboots with a Semi-untethered Jailbreak , it no longer has a 1._______kernel, but the kernel can be patched without using a 2.___________.
1.patched ,computer
CxSAST is application 1._________ management software and includes features such as 2.___________ tools.
1.performance, 2.diagnostic
A known-plaintext attack (KPA) is an attack model for cryptanalysis where the attacker has access to both the 1.________, and its 2._______ version (ciphertext).
1.plaintext (called a crib) 2. encrypted
Instance (local) deduction — the attacker discovers additional 1.___________ (or ciphertexts) not previously 2.__________.
1.plaintext, 2.known
Docker is a set of 1._____________ products that use ____-level virtualization to deliver _________ in packages called ____________.
1.platform as a service (PaaS) , OS, software, containers
KRACK is a replay attack that repeatedly 1,___________the 2._________ transmitted in the third step of the3._______ handshake, an attacker can gradually match encrypted packets seen before and learn the full keychain used to encrypt the traffic
1.resets , 2.nonce, 3.WPA2
Kube-scheduler is a master component that scans newly generated 1.________ and allocates a _______ for them. It assigns the 2._________ based on factors such as the 3._______requirement, 4. _______ locality, 5.________ _______ ________ restrictions, and 6. nternal ______ ___________.
1.pods, node, 2. node 3.resource requirement, 4.data locality, 5. software/hardware/policy restrictions, and 6. internal workload interventions.
· Unauthorized route prefix origination—this attack aims to introduce a new 1.______ into the routing table that shouldn't be there. The attacker might do this to get a 2.______ attack network to be 3._______ throughout the victim network.
1.prefix 2. covert, 3. routable
An RSA user creates and publishes a public key based on two large 1._____numbers, along with an _2._____ value. The 3,_______numbers are kept secret. Messages can be encrypted by anyone, via the 4.______ key, but can only be decoded by someone who knows the 5.______ numbers.
1.prime,2. auxiliary, 3. prime, 4. public, 5. prime
In Windows OSs, access tokens are used to determine the security context of a :1._________ or 2._________.
1.process or 2.thread.
Meltdown and Spectre exploit critical vulnerabilities in modern 1.__________. Malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the 2.________of other running 3.___________.
1.processors, 2.memory, 3.programs
Tactical threat intelligence plays a serious role in 1.___________ the 2.________of the organization.
1.protecting, 2.resources
deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot 1.______ that the 2.______data 3.______.
1.prove, 2. plaintext, 3. exists
In the proxy server DNS poisoning technique, the attacker sets up a 1.________ server on the attacker's system. The attacker also configures a fraudulent 2.______ and makes its 3.__________ a primary 4.________entry in the 5.______ server. The attacker changes the proxy server settings of the victim with the help of a 6.________.
1.proxy, 2.DNS, 3.IP address, 4.DNS, 5.proxy, 6.Trojan
(Server-side request forgery) SSRF attack utilizes an insecure server within the domain as a 1._______. Similar to CSRF If a 2.___________of a url is vulnerable to this attack, it is possible an attacker can devise ways to 3.________ with the server 4.__________(ie| via 127.0.0.1 or localhost) or with the 5._________ servers that are not accessible by the external users.
1.proxy, 2. parameters 3. interact, 4. directly, 5. backend
The BBProxy tool allows the attacker to use a BlackBerry device as a 1._______ between the 2.________ and the 3.________ network.
1.proxy, 2.Internet, 3.internal
WRITE: When encrypting, you use recipient's 1.________ key to write a message and recipient use their 2.______ key to read it) ============== When signing, you use your 1.____________ to write message's signature, and recipient's use your public key to check if it's really yours)
1.public key, private key ============== 1.private key
PKI is an arrangement that binds 1.____ _____with respective identities of entities (like2._______ and ________). The binding is established through a process of 3.________ and issuance of 4.__________ at and by a 5._______ authority (CA).
1.public keys, 2.people and organizations, 3.registration, 4.certificates, 5.certificates authority
YAK is a 1._____-_______-based Authenticated Key Exchange (AKE) protocol. The authentication of YAK is based on 2._________ __________ pairs, and it needs 3.____ to distribute authentic 4._______ _______.
1.public-key 2.public key 3.PKI 4.public keys
on Rivest, Adi Shamir, and Leonard Adleman formulated RSA, a __________ cryptosystem for Internet __________ and ________.
1.public-key, 2.encryption and 3.authentication
SPF (SpeedPhish Framework) is a 1.________tool designed to allow for quick recon and deployment of simple 2__________ phishing exercises.
1.python, 2. social engineering
DNS cache snooping is when someone 1.________ a DNS server in order to find out (snoop) if the DNS 2._______ has a specific DNS 3.______cached, and thereby deduce if the DNS 4.________ __________ (or its 5._______) have recently visited a specific site.
1.queries, 2.server, 3.record, 4.server's owner, 5.users
Network-Based Scanner: Network-based scanners are those that interact only with the 1.______machine where they reside and give the report to the 2.________ machine after scanning. ------------ Agent-Based Scanner: Agent-based scanners reside on a 3.______machine but can scan 4._______ machines on the 5._______ network. ------------ Proxy Scanner: Proxy scanners are the network-based scanners that can scan networks from 6._____ ______ on the network. ------------ Cluster scanner: Cluster scanners are similar to proxy scanners, but they can 7._________ perform 8._________ or more scans on different machines in the network.
1.real, 2.same 3.single, 4.several, 5.same 6.any machine 7.simultaneously, 8.two
DNS cache poisoning refers to altering or adding forged DNS 1.______ in the DNS 2.________ cache so that a DNS 3._______ is redirected to a 4._______site.
1.records, 2.resolver, 3.query, 4.malicious
NetPass.exe: a legitimate utility developed by NirSoft that 1._______all network 2._____________ stored on a system for the 3.________ logged-on user.
1.recovers , 2.passwords 3. current
usufy Looks for 1.______ accounts with given 2.___________
1.registered 2.nicknames
ping /t Specifies ping continue sending echo 1._______ messages to the 2.__________ until 3._________. To 4.______ and display statistics, press 5.________ To interrupt and quit this command, press 6._________
1.request, 2.destination, 3.interrupted, 5.CTRL + ENTER. 6.CTRL + C
1. Reconnaissance: In this step, the attacker/intruder chooses their target. Then they conduct in-depth 1.__________ on this target to identify its 2.__________ that can be exploited.
1.research, 2. vulnerabilities
chntpw is a software utility for 1._________ or 2.________ local passwords used by 3.________. It does this by editing the 4._______ database where 5._________stores password hashes.
1.resetting, 2.blanking, 3.Windows 4. SAM, 5..Windows
ping /a Specifies 1. ________ _________ resolution be performed on the 2.____________ IP address. If this is successful, ping displays the corresponding 3. ________ _________.
1.reverse name, 2. destination, 3. host name
A Wi-Fi Pineapple can also be used as a ________ access point to conduct __________ attacks.
1.rogue access point (AP), 2.man-in-the-middle (MitM) attacks.
Privilege escalation is a common vulnerability present in APis having 1.______________ where changes to 2._______ are made without proper attention. Allow attackers to gain access to users' sensitive information
1.role-based access control (RBAC) , 2.endpoints
A public key infrastructure (PKI) is a set of 1._________,2.________,3.________,4.______ and 5.________needed to create, manage, distribute, use, store and revoke 6.digital _________ and manage 7.__________ encryption
1.roles, 2.policies, 3.hardware, 4.software and 5.procedures ,6.digital certificates, 7.public-key
Key schedule : In cryptography, the so-called product ciphers are a certain kind of cipher, where the (de-)ciphering of data is typically done as an iteration of _________. A key schedule is an algorithm that calculates all the_____ keys from the key.
1.round
Key derivation function (KDF) is a cryptographic hash function that derives one or more 1.______ from a 2. __________such as the 3._____________ , 4,___________,5._____________using a pseudorandom function.
1.secret keys, 2.secret value, 3.main key, 4,a password, or 5.a passphrase
Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on the version) is the protocol used to set up a 1.___________in the 2.______protocol suite.
1.security association (SA) , 2.IPsec
Lacework is the data-driven 1._______ platform for the 2._______. The Lacework Cloud Security Platform, powered by 3.___________ .
1.security, 2. cloud, 3. Polygraph
In a DHCP Starvation attack, a hostile actor 1._______ a ton of bogus DISCOVER packets until the DHCP server thinks they've _2._____ their available pool.
1.sends, 2.expended
A sandbox (including application sandboxing) is a security mechanism for 1._________running programs, usually in an effort to mitigate system 2.________ and/or software 3.__________ from spreading.
1.separating , 2,failures, 3.vulnerabilities
A circuit-level gateway firewall works at the 1.______ layer of the OSI model or 2._________ layer of TCP/IP. It forwards data between networks without 3._________ and 4._________incoming packets from the host but allows the traffic to pass through itself.
1.session 2. transport 3. verification 4. blocks
HMAC can provide message authentication using a 1.___________instead of using 2. __________with 3.___________. It trades off the need for a complex public key infrastructure by delegating the key exchange to the communicating parties, who are responsible for establishing and using a trusted channel to agree on the key prior to communication.
1.shared secret 2. digital signatures 3. asymmetric cryptography
The Windows OSs use a Windows Application Compatibility Framework called _______to provide compatibility between the older and newer versions of Windows.
1.shims
Zig-Bee is a 1._______ communication protocol based on the 2.________ standard and transfer data infrequently at a 4.___________low rate in a restricted area within a range of 5._______
1.short-range 2. IEEE 203.15.4 3. low rate 4. 10-100m
Non-Electronic Attacks: . Techniques used to perform non-electronic attacks include 1.______ surfing, social 2.__________, dumpster 3._________, etc.
1.shoulder surfing, 2. social engineering, 3. dumpster diving, etc.
PGP is used for 1.__________,2._________,3. __________texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
1.signing, 2.encrypting, and 3,decrypting
USBdumper runs 1._____ as a background process once started and 2._____ the complete contents of every connected usb device to the system 3._______ the knowledge of the user.
1.silently, 2. copies, 3. without
The best way to detect a SQL Injection vulnerability in a web application would be to put a 1.______ ______ into a parameter in the application. Then, if they received an error, they could infer the presence of an 2._________ ___________ ___________ .
1.single quote, 2.SQL Injection vulnerability
Security professionals must check for regular expressions, such as the 1. single___________, 2.__________, 3.double-_________ to detect SQL injection attacks.
1.single-quote (') character, 2.hash (#), 3. double-dash (--)
PyLoris is a 1.________ _______ ________ tool which enables the attacker to craft its own 2._______ request headers.
1.slow HTTP DoS , 2.HTTP
Static application security testing (SAST) is used to secure 1.______ by reviewing the 2.________ of the software to identify sources of 3._________.
1.software, 2.source code, 3.vulnerabilities
The common technique used for initial intrusion is thru 1._______phishing emails or exploiting public servers 2.________. The 3.______ phishing emails sometimes look legitimate with 4._________ containing feasible malware or malicious link.
1.spear, 2vulnerabilities, 3.spear, 4attachments
Google- [allinurl:] - it can be used to fetch results whose URL contains all the 1._______
1.specified characters
The Spearphone attack breaches 1._________ privacy by exploiting the ___________ and capturing ________ reverberations generated through the _____________. This, in turn, empowers the attackers to listen to every sound coming out of the loudspeaker including conversations, music, or any other audio.
1.speech, motion sensor 'accelerometer' , speech, loudspeaker
CeWL is a ruby app which 1.______ a given 2._____ to a specified depth, optionally following external links, and returns a list of 3.________which can then be used for 4.__________ crackers such as John the Ripper.
1.spiders, 2.URL, 3.words , 4.password crackers
--dbs
Enumerate DBMS databases
CRLF injection is frequently used to 1.______HTTP responses, it can also be designated as HTTP Response 2.______ or Improper 3._________ of CRLF Sequences in HTTP Headers.
1.split 2. splitting 3. naturalization
An STP manipulation attack is when an attacker, hacker, or an unauthorized user 1._______ the 2.______ bridge in the topology.
1.spoof, 2.root
RST hijacking involves injecting an authentic-looking reset (RST) packet using a 1.____________ source address and predicting the 2.___________ number. The hacker can 3.________ the victim's connection if it uses an accurate 4.______ number.
1.spoofed, 2.ack, 3.reset, 4.ack
Syhunt Hybrid combines comprehensive 1.______ and 2._______ security scans to detect vulnerabilities like 3._______,4.File _______,5.______ Injection,6._______ Execution and many more, including inferential, in-band and out-of-band attacks through 7.______________(HAST).
1.static, 2. dynamic, 3.XSS, 4.File Inclusion, 5. SQL Injection, 6. Command Execution, 7.Hybrid-Augmented Analysis (HAST).
Diversion theft: they involve 1._______confidential information by persuading victims to send it to the 2.________recipient.
1.stealing, 2.wrong
The application is vulnerable to SSI(Server-Side Injection) if there is presence of pages with extension 1._____ , 2.________ and 3._____
1.stm, 2.shtm and 3. shtml.
Static/statistical crypters use different 1._____to make each encrypted file 2.________. Having a separate 3.________ for each client makes it easier for malicious actors to 4._______ or, in hacking terms, "clean" a 5.______ once it has been detected by a security software.
1.stubs, 2.unique, 3.stub, 4.modify, 5.stub
A CAM overflow attack occurs when an attacker connects to a single or multiple 1.__________ ports and then runs a tool that 2.__________ the existence of thousands of random 3.________addresses on those switch ports
1.switch, 2. mimics, 3. MAC
Camellia is a 1._________-key 2._______ cipher having either 3.____ rounds (for 128-bit keys) or 4.____ rounds (for 256-bit keys). It is a 5._______ cipher with a block size of 128 bits and a key size of 128, 192, and 256 bits.
1.symmetric, 2.block 3. [18] 4. [24] 5.. Feistel
The GOST block cipher (Magma), defined in the standard GOST 28147-89 (RFC 5830), is a Soviet and Russian government standard 1.________ key block cipher with a block size of 2.______
1.symmetric, 2.64 bits
Blowfish is a type of 1.________ block cipher algorithm designed to replace 2._____ or 3._____ algorithms. It uses the same secret key to 4._______ and 5._______ data. This algorithm splits the data into a block length of 6.______bits and produces a key ranging from 7._____ bits to 8.______ bits.
1.symmetric, 2.DES, 3.IDEA, 4.encrypt, 5.decrypt, 6.[64], 7.[32], 8.[448]
Key encapsulation mechanisms (KEMs) are a class of encryption techniques designed to secure 1._______ cryptographic key material for transmission using 2.____________ algorithms.
1.symmetric, 2.asymmetric (public-key)
Serpent is a 1.________-key 2.______ cipher. It uses a 3.______-bit symmetric block cipher with key sizes of 4._______, 5._______, or 6.______ bits. Serpent involves 7._____ rounds of computational operations that include substitution and permutation operations on four 8.______-bit word blocks using ____-variable S-boxes with 4-bit entry and 4-bit exit. All S-boxes work parallelly _____ times.
1.symmetric,block 2. [128] , 3. [128] , 4.[192] , 5.[256]. 6.[32], 7.[32], 8.[8] 9.[32]
iOS Trustjacking: is a vulnerability that allows attackers to exploit the iTunes Wi-Fi 1.________ feature. Designed to allow users to manage their iOS devices without requiring a 2._______ connection to a computer, this feature can be manipulated by attackers to acquire persistent control over the victim's device.
1.sync, 2.physical
Injection flaws tend to be easier to discover when examining source code than via 1._______. 2.________ and _________ can help find injection flaws
1.testing,2.Scanners and fuzzers
ntpdate This command collects the number of 1._______ samples from several 1.______ sources ---------------- ntpdc This command queries the ntpd daemon about its 2.________ state and requests 3._________ in that state. ---------------- ntpq monitors the operations of the 4._____daemon ntpd and determines performance.
1.time 2.current, 3.changes 4. NTP
Honeyd is a simulator honeypot engine that can create thousands of honeypots easily. The honeyd would respond to received SMTP requests with fake responses. An attacker can identify the presence of honeyd honeypot by performing 1.___________ ____________ __________methods.
1.time-based TCP fingerprinting
In counter-based tokens, both the 1.________ and the 2.________ server maintain a 3._______, whose value besides a 4.________ _____ is used to generate the one-time 5._______-_______ password
1.token, 2.authenticating, 3.counter, 4.shared key, 5.one-time password
Maltego focuses on providing a: library of 1._________for discovery of 2.______ from 3.______ ______ and 4.________ that information in a 5._________ format, suitable for link analysis and data mining.
1.transforms, 2.data, 3.open sources, 4.visualizing, 5.graph
Diffie-Hellman It is a cryptographic protocol that allows 1.________ ________to establish a shared 2.________ over an insecure channel.
1.two parties, 2.key
An advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a network and remains 1.________ for an extended period of time.
1.undetected
The Simple Service Discovery Protocol (SSDP) is the basis of the discovery protocol of 1. universal _____and _______ and is intended for use in residential or small office environments.
1.universal plug and play
Semi-tethered Jailbreak allows a user to reboot their phone normally, but upon doing so, the kernel will be 1._________. Any functionality independent of the jailbreak will still run as normal, such as making a 2._________,________, and __________ .
1.unpatched 2. phone call, texting, or using App Store applications
A downgrade security attack can be implemented in the following two ways.
Exploiting backward compatibility: Exploiting the Dragonfly handshake:
Null ciphers: A technique used to hide the message within a large amount of 1._______ data. The 2.________ data are mixed with the 3._______ data in any order horizontally, diagonally, vertically, or in reverse so that no one can understand it other than those who know the order.
1.useless, 2.original, 3.unused
(RedirectEXE:a shim that runs in the 1._____ ______and is used by attackers to bypass 2.________and perform different attacks including the disabling of Windows Defender and backdoor installation
1.user mode, 2.UAC
.Userland Exploit: It allows 1._____-level access but does not allow 2._______-level access
1.user, 2.iboot
iBoot jailbreak allows 1._____-level and 2._____-level access.
1.user, 2.iboot
Output encoding is a 1._______ technique that can be used after 2._____________. This technique is used to encode the 3._________ to ensure that it is properly sanitized before passing it to the database.
1.validation, 2.input validation, 3.input
SetRequest: Used by the SNMP manager to modify the 1._____ of a 2.______ within an SNMP agent's management information base (MIB) ------------ Trap: Used by an SNMP agent to inform the pre-configured SNMP manager of a certain 3._____
1.value,2. parameter 3.event
RC4 is a 1.________ key-size 2.________-key 3. _______ cipher with 4.______-oriented operations, and it is based on the use of a 5._________ permutation. RC5 is a 1.____________ algorithm with a 2._________ block size, a 2._________ key size, and a 2._________ number of rounds.
1.variable, 2. symmetric, 3. stream, 4. byte, 5. random 1.parameterized, 2.variable
Polymorphic crypters are considered more advanced. They use state-of-the-art algorithms that utilize random 1._________,2.__________,3._______,4._______ and so on.
1.variables, 2.data, 3.keys, 4.decoders
Registration Authority (RA):Acts as the 1._____ for the CA Validation Authority (VA): 2.________ certificates (with their public key)
1.verifier 2.stores
[Cyber Kill Chain] Delivery : transmitting the _______ to the target. e.g. USB drives, e-mail attachments, and websites for this purpose
1.weapon
Metadata spoofing is a process of changing or modifying service metadata written in the 1.___________file, where the information regarding 2.________instances is stored.
1.web service definition language (WSDL) , 2. service
Netsparker is an automated, yet fully configurable 1._______ application security scanner that enables you to scan 2._____, 3.______ applications, and 4.______services, and identify 5._______flaws.
1.web, 2.websites, 3.web and 4.web, 5.security
Google - [site:]- Search within a specific _____
1.website
[Unicornscan] The default TTL value for modern versions of Windows is
128
The Advanced Encryption Standard (AES) is a variant of Rijndael, with a fixed block size of
128 bits, and a key size of 128,
NETBIOS Name Service (TCP/UDP: ========== ·NETBIOS Datagram Service (TCP/UDP: ============= · NETBIOS Session Service (TCP/UDP:
137) ====== 138) ====== 139)
SNMP port
161
Sniffers operate on Layer _____ of the OSI model
2
Balena is a complete set of tools for building, deploying, and managing fleets of connected 1.__________ devices.
2.Linux
ports must you block first in case that you are suspicious that an IoT device has been compromised
48101
With the Btlejack tool, take a position within a radius of________from the target devices
5 m
The Data Encryption Standard (DES) is a symmetric-key algorithm for the encryption of digital data, with a fixed block size of
64 bits, and a key size of 56 bits.
Wired Equivalent Privacy (WEP) is a security algorithm for IEEE
802.11 wireless networks.
Kerberos port
88
A Covert Channel Tunneling Trojan (CCTT) enables attackers to gain 1. _______ into and out of a network using authorized 2.________ covertly.
A Covert Channel Tunneling Trojan (CCTT) enables attackers to gain 1._______ interfaces into and out of a network using authorized 2._________ covertly.
Which API vulnerability? -APIs accidentally expose the internal variables or objects due to improper binding and filtering based on a whitelist -Allow attackers with unauthorized access to modify the object properties
API6 Mass Assignment
APII -Broken Object Level Authorization -Allows the attacker to modify the object's 1.______ value and obtain unauthorized access to the data source ============ AP12 - Broken User Authentication - APIs are vulnerable to authentication attacks such as 2.______ stuffing and 3.______-forcing. ============ AP13 - Excessive Data Exposure - Allows attackers to retrieve 4. __________ than requested ============ AP14 - Lack of Resources and Rate Limiting - APIs avoid enforcing restrictions on the number of 5.__________ requested by the client. May include 6.__________ flaws that can be exploited to perform 7._______-force attacks ============ AP15 - Broken Function Level Authorization - Complexity in access control 8.______ through different hierarchies, groups, and roles between administrative and regular functions can cause authorization errors ============ AP16 - Mass Assignment - Allow attackers with unauthorized access to modify the object 9._________ ============ AP17 - Security Misconfiguration - Security misconfigurations include vulnerabilities such as insecure default 1.________, 2.________ configurations, open 3.__________ storage, misconfigured 4._______ headers, permissive cross-origin 5.______ sharing (CORS), and missing 6._________ ============ AP18 - Injection - Sending 7. ___________ data as queries to the interpreter may result in injection flaws, such as 8._______, _________, ________, and __________ injection ============ AP19 - Improper Assets Management Insufficient - Improper asset management occurs due to a lack of 9._________ control for API hierarchies, and older versions of API consists of vulnerabilities that can be exploited by the attacker
APII -Broken Object Level Authorization -Allows the attacker to modify the object's 1.ID value and obtain unauthorized access to the data source AP12 - Broken User Authentication - APIs are vulnerable to authentication attacks such as 2.credential stuffing and 3.brute-forcing. AP13 - Excessive Data Exposure - Allows attackers to retrieve more 4.information than requested AP14 - Lack of Resources and Rate Limiting - APIs avoid enforcing restrictions on the number of 5.resources requested by the client May include 6. authentication flaws that can be exploited to perform 7. brute-force attacks AP15 - Broken Function Level Authorization - Complexity in 8. access control policies through different hierarchies, groups, and roles between administrative and regular functions can cause authorization errors AP16 - Mass Assignment - Allow attackers with unauthorized access to modify the object 9.Properties AP17 - Security Misconfiguration - Security misconfigurations include vulnerabilities such as insecure default 1. configurations, 2.ad-hoc configurations, open 3.cloud storage, misconfigured 4.HTTP headers, permissive cross-origin 5.resource sharing (CORS), and missing 6.TLS/SSL AP18 - Injection - Sending 7. untrusted data as queries to the interpreter may result in injection flaws, such as 8.SQL, LDAP, XML, and command injection AP19 - Improper Assets Management Insufficient - Improper asset management occurs due to a lack of 9._________ control for API hierarchies, and older versions of API consists of vulnerabilities that can be exploited by the attacker
an online tool to retrieve information such as your organization's network range and identify the network topology and operating system used in the network
ARIN
(AFRINIC)
African Network Information Centre
Error-based SQL injection: the attacker forces the database to return 1._________________ in response to his/her inputs.
Error-based SQL injection: the attacker forces the database to return 1. error messages in response to his/her inputs.
Information: What is the attack surface with information provided? ---------------- Client-Side Validation ============ Database Interaction ============ File Upload and Download ============ Display of User-Supplied Data ============ Dynamic Redirects ============ Login ============ Session State ============ Injection Attack ============ Cleartext Communication ============ Error Message ============ Email Interaction ============ Application Code ============ Third-Party Application ============ Web Server Software
Attack ---------------- Client-Side Validation - Injection Attack, Authentication Attack =========== Database Interaction- SQL Injection, Data Leakage =========== File Upload and Download- Directory Traversal =========== Display of User-Supplied Data- Cross-Site Scripting =========== Dynamic Redirects- Redirection, Header Injection =========== Login- Username Enumeration, Password Brute-force =========== Session State- Session Hijacking, Session Fixation =========== Injection Attack- Privilege Escalation, Access Controls =========== Cleartext Communication- Data Theft, Session Hijacking =========== Error Message- Information Leakage =========== Email Interaction- Email Injection =========== Application Code- Buffer Overflows =========== Third-Party App- Known Vulnerabilities Exploitation =========== Web Server Software- Known Vulnerabilities Exploitation
EVASION TECHNIQUE to obscure input strings to avoid detection by signature-based detection systems. ---------- Sophisticated matches Null byte Case variation
Attackers use these [sophisticated matches] as an evasion technique to trick and bypass user authentication. [Null Byte:] Uses the null byte (%00) character prior to a string to bypass the detection mechanism. By default, in most database servers, SQL is [case insensitive]. Owing to the case-insensitive option of regular expression signatures in the filters, attackers can mix upper and lower case letters in an attack vector to bypass the detection mechanism.
SQLi attack that is based on True/False questions
Blind SQL injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker
Boolean-based blind SQL injection (sometimes called inferential SQL Injection) is performed by asking the right questions to the application database. Multiple valid statements evaluated as true or false are supplied in the affected parameter in the HTTP request.
Boolean-based blind SQL injection (sometimes called inferential SQL Injection) is performed by asking the right questions to the application database.
Port 179 -
Border Gateway Protocol (BGP)
A peer-to-peer attack is when an attacker exploits bugs in peer-to-peer servers to execute a ______attack.
DDoS
XOIC is a_______ attacking tool with an IP address, a user-selected port, and a user-selected protocol.
DDoS
- nmap -PN [target]
Don't ping
TCP SYN Ping (-PS<port list>)|-PS option sends an _______tcp packet with the _____ flag set.;
EMPTY, SYN
Psiphon: It is a free and open-source 1.__________censorship 2._________ tool that uses a combination of secure communication and obfuscation technologies like: 3._______
I. internet 2.circumvention, 3.(VPN, SSH, and HTTP Proxy).
nmap - sn -PE <Target Range of IP Addresses> The 1.__________ __________ping sweep is used to determine the live hosts from a range of IP addresses by sending 1.__________ __________ requests to multiple hosts.
ICMP ECHO
- nmap -PP [target]
ICMP Timestamp ping nmap
The nmap -S
IP_Address (Spoof source address)
IPID scans take advantage of predictable 1.________ ________ value from IP header: every IP packet from a given source has an 1. ________that uniquely identifies fragments of an original IP datagram; the protocol implementation assigns values to this mandatory field generally by a fixed value (1) increment.
Identification field
In a chosen-cipher-text attack, the bad guy chooses a particular 1. _________-________ message and attempts to discern the key through 2. __________ analysis with 3. ________ keys and a 4. ________-_________ version.
In a chosen-cipher-text attack, the bad guy chooses a particular 1. cipher-text message and attempts to discern the key through 2. comparative analysis with 3. multiple keys and a 4. plain-text version.
Jan 3, 2020, 9:18:35 AM 10.240.212.18 - 54373 10.202.206.19 - 22 tcp_ip Let's just disassemble this entry.
Jan 3, 2020, 9:18:35 AM - time of the request 10.240.212.18 - 54373 - client's IP and port 10.202.206.19 - server IP - 22 - SSH port
[related:]
Lists web pages that are similar to a specified web page.
MAC spoofing attack- attackers change their 1.______ to that of an 2. __________ user to bypass the 2.MAC filtering configured in an AP. ============ Evil twin attack - Posing as an authorized AP by 3._______ the WLAN's SSID to lure users. attackers use packet =========== Fragmentation attack - tools such as 4.________ and 5.________ to split the probe packet into smaller packets that circumvent the port-scanning techniques employed by IDS. ========== De-authentication attack - forces the clients to 6. _________ from the AP
MAC spoofing attack- attackers change their 1. MAC address to that of an 2. authenticated user to bypass the 2.MAC filtering configured in an AP. ============ Evil twin attack - Posing as an authorized AP by 3..beaconing the WLAN's SSID to lure users. attackers use packet =========== Fragmentation attack - tools such as 4.Nmap and 5.fragroute to split the probe packet into smaller packets that circumvent the port-scanning techniques employed by IDS. ========== De-authentication attack - forces the clients to 6. disconnect from the AP
NOOP is useful mainly in testing to avoid 1.__________. This command does 2._________and can generate only a successful 3._______, with no change in 4.________
NOOP is useful mainly in testing to avoid 1.__________. This command does 2._________and can generate only a successful 3._______, with no change in 4._______ 1.timeouts, 2.nothing, 3.response, 4.state
Automated Assessment: An assessment where an ethical hacker uses vulnerability assessment tools such as _________, _________ or _______ _______
Nessus, Qualys, or GFI LanGuard
o Network-Based Scanner: Network-based scanners are those that interact only with the ______ _______ where they reside and give the report to the same machine after scanning. ========== o Agent-Based Scanner: Agent-based scanners reside on a single machine but can scan _______ machines on the same network. ============= o Proxy Scanner: Proxy scanners are the network-based scanners that can scan networks from ______machine on the network. ============ o Cluster scanner: Cluster scanners are similar to proxy scanners, but they can simultaneously perform _____ or _______ scans on different machines in the network.
Network-Based Scanner: real machine Agent-Based Scanner: several Proxy Scanner: any Cluster scanner: two, more
ARIN)
North America
PCAP are the packet capture libraries/drives used by 1.______and 2.______ tools for Windows. libpcap is used by 3._______
PCAP are the packet capture libraries/drives used by sniffing and scanning tools for Windows. libpcap is used by Linux.
vulnerability assessment solutions Product-based solution: Product-based solutions are installed in the organization's _________ network. ============ Service-based solution are offered by ______ parties, such as auditing or security consulting firms. ============ Tree-based assessment: auditor selects ________ strategies for_______machine or component of the information system. ============ Inference-based assessment: scanning starts by building an ________ of the protocols found on the machine. After finding a _________, the scanning process starts to detect which ports are attached to services, such as an email server, web server
Product-based solution: internal Service-based solution: third Tree-based assessment: different, each Inference-based assessment: inventory, protocol
RATs are designed to open a ___________ ____________ between attacker and victim.
RATs are designed to open a direct channel between attacker and victim.
The Cyber Kill Chain consists of 7 steps:
Reconnaissance, weaponization, delivery, exploitation, installation, command and control
RedirectEXE: shim use to bypass1.____ ---------- Schtasks: A user with administrator privileges can use these utilities in conjunction with the Task Scheduler to schedule 2.________ or 3.________ that can be executed at a particular date and time. ------------ launchd: is executed to complete the system 4.________process ------------ WinRM: allow a user to run an 5._________ file to modify system 6._________ and the 7._________ on a remote system.
RedirectEXE: 1.UAC ---------- Schtasks: 2.programs, 3.scripts ---------- launchd: 4.initialization process ---------- WinRM: 5.executable, 6.services, 7.registry
- nmap -PY [target]
SCTP(stream control transmission protocol) Init Ping
hping3 -1 10.0.1.x --rand-dest -I eth0
Scan entire subnet for live host
btlejack -d /dev/ttyACMO -d /dev/ttyACM2 -s
Select target devices
Port 427 -
Service Location Protocol (SLP)
ShellPhish: ShellPhish is a phishing tool used to phish user 1._______from various social networking platforms such as Instagram, Facebook, Twitter, and LinkedIn. It also displays the victim system's public IP address, browser information, hostname, geolocation, and other information. ------------ GFI LanGuard: GFI LanGuard 2._______ management software scans the user's network automatically as well as installs and manages security and non-security 3._______. ------------ Netcraft provides Internet security services, including 4.___________and 5._________ services, 6.________ testing, and PCI scanning. ------------ BeRoot: A post-exploitation tool to check common 7.________ to find a way to 8.__________ ____________.
ShellPhish: 1. credentials GFI LanGuard: 2. patch, 3. patches Netcraft: 4.anti-fraud, 5.anti-phishing, 6.app testing, PCI scanning BeRoot: 7. misconfiguration, 8. escalate privilege
TCP Connect Scan (-sT)
TCP connect scan is the default TCP scan type when SYN scan is not an option.
Linux You need to identify the OS on the attacked machine. You know that TTL____and Window Size: ____
TTL: 64 and Window Size: 5840.
[SQL Injection] "WHERE condition"
Tautology
- Nmap -PU [target]
UDP ping
UDP Scan (-sU)
UDP service scan
[SQL Injection] "Union Select"
Union SQL Injection
WS-BPEL
Web Services Business Process Execution Language (WS-BPEL), commonly known as BPEL (Business Process Execution Language),
Dragonblood.: It allows an attacker in range of a password-protected _______ network to obtain the password and gain access to sensitive information such as user credentials, emails and credit card numbers.
Wi-Fi
NetBIOS codes 00: ============ NetBIOS codes 03: =========== NetBIOS codes 06: =========== NetBIOS codes 20: =========== NetBIOS codes 21: =========== NetBIOS codes 1B: =========== NetBIOS codes 1D: =========== NETBIOS 1E:
Workstation Service (workstation name) =========== Windows Messenger service =========== Remote Access Service =========== File Service (also called Host Record) =========== Remote Access Service client =========== Domain Master Browser - Primary Domain Controller for a domain =========== Master Browser NetBIOS 1C: | Domain Controllers for a domain (group record with up to 25 IP addresses) ============ Browser Service Elections
Wrapping attack Cloudborne attack Cryptanalysis attack Cross-site scripting attack
[A wrapping attack] is performed during the translation of the SOAP message in the TLS layer, where attackers duplicate the body of the message and send it to the server as a legitimate user. [Cloudborne] is a vulnerability residing in a bare-metal cloud server that enables attackers toimplant malicious backdoor in its firmware.[Cryptanalysis] is the study of ciphers, ciphertext, or cryptosystems with the ability to identify vulnerabilities in them and thus extract plaintext from ciphertext even if the cryptographic key or algorithm used to encrypt the plaintext is unknown.In [CSRF attack], an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account.
[Enumerating AWS account IDs] are identified via unique IDs, which, when exposed in the 1._______ domain, can be leveraged by attackers to target cloud services. Attackers enumerate IAM role names by analyzing the AWS 2._______ messages, which reveal information regarding the existence of a user. ============ [Enumerating S3 buckets] Simple storage service (S3) is a scalable cloud 3. storage service used by Amazon AWS where files, folders, and objects are 4. stored via web APIs. ============ [Enumerating [IAM Roles Attackers] enumerate IAM role names by analyzing the AWS 5. error messages, which reveal information regarding the existence of a user. ============ [Enumerating AWS S3 bucket permissions.] By using this tool, attackers can verify whether a bucket is 6. public or 7.non-public.
[Enumerating AWS account IDs] are identified via unique IDs, which, when exposed in the 1.public domain, can be leveraged by attackers to target cloud services. Attackers enumerate IAM role names by analyzing the AWS 2.error messages, which reveal information regarding the existence of a user. ============ [Enumerating S3 buckets] Simple storage service (S3) is a scalable cloud storage service used by Amazon AWS where files, folders, and objects are stored via web APIs. ============ [Enumerating [IAM Roles Attackers] enumerate IAM role names by analyzing the AWS error messages, which reveal information regarding the existence of a user. Attackers use S3Inspector to enumerate ============ [Enumerating AWS S3 bucket permissions.] By using this tool, attackers can verify whether a bucket is public or non-public.
[Exploit Kits:] A malicious script is used by the attackers to exploit poorly 1. _________ vulnerabilities in an 2. _______ device ========== [Network Pivoting:] An attacker uses a malicious 3. ________ device to connect and gain access to a 4. _______ server, and then uses that connection to 5. ________ other devices and network connections to the server to steal sensitive information. ========== A [BlueBorne] attack is performed on 6. ________ connections to gain access to and take 7. ______control of the target device.
[Exploit Kits:] A malicious script is used by the attackers to exploit poorly 1. patched vulnerabilities in an 2. IoT device ========== [Network Pivoting:] An attacker uses a malicious 3. smart device to connect and gain access to a 4. closed server, and then uses that connection to 5. pivot other devices and network connections to the server to steal sensitive information. ========== A [BlueBorne] attack is performed on 6. Bluetooth connections to gain access to and take 7. full control of the target device.
-Injection -Sensitive data exposure -XML external entities (XXE)
[Injection flaws] are web application vulnerabilities that allow untrusted data to be interpreted and executed as part of a command or query.[An XML External Entity] attack is a Server-side Request Forgery (SSRF) attack whereby an application can parse XML input from an unreliable source because of the misconfigured XML parser.
SELECT * FROM user WHERE name = 'x' AND userid IS NULL
[SQL Injection]
[gateway] first step for an 1. _______ into the world of the Internet as it connects 2. _______ devices to 3. _________components ========== [cloud platform] central point of 4. _________ aggregation ========== [edge] main 5. _________ device in the IoT ecosystem ========== [mobile]6. _________ that allow users to interact with 7._______
[gateway] first step for an 1. edge into the world of the Internet as it connects 2. smart devices to 3. cloud components ========== [cloud platform] central point of 4. data aggregation ========== [edge] main 5. physical device in the IoT ecosystem ========== [mobile]6. interface that allow users to interact with 7.edge
hexdump style: The packet bytes pane shows the ______of the current packet
data
[iOS Jailbreaking:] Jailbreaking iOS is the process of removing the 1. ________ mechanisms set by Apple to prevent malicious code from running on the device. It provides root access to the OS and removes sandbox restrictions. ========= [OS Data Caching:] An OS cache stores 2. used ______/_________ in 3. ___________ on a 4. _______basis in the hard disk. An attacker can dump this memory by 5. rebooting the victim's device with a malicious 6. OS and extract sensitive data from the dumped memory ========= [Carrier-loaded Software:] Pre-installed software or apps on devices may contain vulnerabilities that an attacker can exploit to perform malicious activities such as 7. ________, 8. _________, or 9. stealing ________ on the device, 10. _____________ on calls, and so on. ========= [User-initiated Code:] User-initiated code is an activity that 10. ________ the victim into installing malicious applications or clicking links that allow an attacker to install 11. ____________ code to exploit the user's browser, cookies, and security permissions.
[iOS Jailbreaking:] Jailbreaking iOS is the process of removing the 1. security mechanisms set by Apple to prevent malicious code from running on the device. It provides root access to the OS and removes sandbox restrictions. ========= [OS Data Caching:] An OS cache stores 2. used data/information in 3. memory on a 4. temporary basis in the hard disk. An attacker can dump this memory by 5. rebooting the victim's device with a malicious 6. OS and extract sensitive data from the dumped memory ========= [Carrier-loaded Software:] Pre-installed software or apps on devices may contain vulnerabilities that an attacker can exploit to perform malicious activities such as 7. deleting, 8. modifying, or 9. stealing data on the device, 10. eavesdropping on calls, and so on. ========= [User-initiated Code:] User-initiated code is an activity that 10. tricks the victim into installing malicious applications or clicking links that allow an attacker to install 11. malicious code to exploit the user's browser, cookies, and security permissions.
Detecting the presence of User-Mode Linux (UML) Honeypot:
analyzing files such as /proc/mounts, /proc/interrupts, and /proc/cmdline, which contain UML-specific information.
Guardster offers various services to let you use the internet ________ and ___________
anonymously and securely
Netcraft provides Internet security services including,
anti-fraud, anti-phishing services, application testing, PCI scanning
REpresentational State Transfer (RESTful) web services are designed to make the services more productive. They use many underlying HTTP concepts to define the services. It is an _____________ approach rather than a protocol like SOAP.
architectural
Boolean-based blind SQL injection (sometimes called inferential SQL Injection) is performed by asking the _______questions to the application database.
asking the right questions
What identifies malware by collecting data from protected computers while analyzing it on the provider's infrastructure instead of locally?
cloud-based detection
side channel Differential fault analysis — in which secrets are discovered by introducing faults in a
computation.
AndroidManifest.xml: determines the basic configuration in an Android _______ such_____ package, components of the______, permissions, hardware and software features
configuration, app, app, app,
Reverse image search is a 1. ________query technique that involves providing the _______ system with a sample _______ that it will then base its search upon.
content-based image retrieval, (CBIR) , image
Secure Electronic Transaction (SET) is a communications protocol standard for securing
credit card transactions over networks, specifically, the Internet
Compound SQLi is attacks that involve using SQLi alongside
cross-site scripting, denial of service, DNS hijacking, or insufficient authentication attacks.
Classic SQLi attacks are the most common and simplest form of SQLi. Classic attacks can occur whenever an SQL database allows users to submit an SQL statement
error-based SQLi & DMS-specific SQLi
nmap flag -D : scan _______ port ______ times using a set of __________ source IP addresses
every, several, spoofed
Cisco ASA (Adaptive Security Appliance)— is a series of hardware _________developed by Cisco Systems.
hardware firewalls
cmd.exe /c ((echo command1) &&( echo command2))
inserting parentheses
evasion method thats depends on the Time-to-Live (TTL) fields of a TCP/IP
insertion attack
aLTEr
installing a virtual communication tower between the two authentic endpoints to mislead the victim
With the WEB-STAT app by WEB-STAT, you can learn how people _________with your site, take action, and grow your business. Get full details about each visitor, including last visit, search engine, location, equipment, and more.
interact
Bullguard IoT: checks if your _______-connected devices at home are _______ on Shodan, the world's first search engine for _________-connected devices.
internet, public, Internet
IPsec connections include the following steps:
key exchange, packet headers and trailers, authentication, encryption, transmission
meet-in-the-middle attack (MITM): what is the __________-_________attack used against _____.
known-plaintext., DES DES rely on performing multiple encryption operations in sequence. One DES key followed by encrypting it with a second DES key.
Most common areas of misconfiguration, that leads to wireless cracking's are: 1.______defaults, 2._______ error.
left to 1. factory defaults, like usernames and passwords or default WLAN's broadcasted (SSID's) and default settings may be found in manuals of the specific vendor on the internet. - 2.human Error - advanced security policies are configured on a set of AP's across the organization, and other ones are forgotten and left with default weak security settings.
risk assessment
likelihood and impact
Ntptrace: Traces a chain of Network Time Protocol (NTP) hosts back to their _________ ________ source.
master time
ncpa.cpl
ncpa = Network Control Panel Applet, cpl = Control Panel
Attackers scan identify Snort_inlinehoneypots by analyzing the 1.________ If an ___________is dropped, it might look like a black hole to an attacker. When the snort_inline modifies an ____________, the attacker can capture the modified packet through another host system and identify the packet modification.
outgoing packets.
the password file from /etc/passwd. does not contain
password themelves
The captured data can be converted into the_________ format using the following command: btlejack -f 0xac56bc12 -x nordic -o capture.nordic.pcap
pcap
Linux hides files and folders that have a ________ at the________of their name.
period, start
Skimming in cybersecurity refers to cybercriminals' strategies for capturing and stealing cardholder's _________ __________ ___________.
personal payment information
Kasiski examination - (also referred to as Kasiski's test or Kasiski's method) is a method of attacking __________ ___________ciphers, such as the Vigenère cipher.
polyalphabetic substitution
port 515
printer
TCP Maimon Scan (-sM)
probing FIN/ACK
Kube-controller-manager is a master component that runs controllers. Controllers are generally individual ________________but are combined into a single binary and run together in a single process to reduce complexity.
processes (e.g., node controller, endpoint controller, replication controller, service account and token controller)
[Cyber Kill Chain] Actions on Objective
ransom, data exfiltration, data destruction
Footprinting (also known as
reconnaissance)
WebSploit Framework : This is an open source project which is used to scan and analysis _______ in order to find various type of vulnerabilities. This tool is very powerful and support multiple vulnerabilities.
remote system
- Firmware rootkits gain access to the software that runs devices, such as
routers, network cards, hard drives or system BIOS
WebCopier Pro allows 1.______ complete 2._________of your favorite sites, magazines, or stock quotes. Companies can transfer their intranet contents to staff computers, create a copy of companies' online catalogs and brochures for sales personal, backup corporate web sites, print downloaded files.
saving , copies
IoTSeeker: _______ the target network for specific types of IoT devices and _______ whether they are using the _______, _________-________ credentials.
scan, detect, default, factory-set
Shodan, Censys, and Thingful is a
search engine for IoT
Total break — the attacker deduces the_______
secret key
side-channel Cache attack — attacks based on attacker's ability to monitor cache accesses made by the victim in a _________ physical system as in __________ environment or a type of __________ service.
shared, virtualized, cloud
sixnet-tools is a tool for exploiting
sixnet RTUs.
Hootsuite is a 1.______ _______ management platform (for auto-posting, trends analyzing, etc.). It collects information from 1. _________ ________ only about users registered in it (photos, posts, etc.).
social media
Risk Identification
sources, causes and consequences
tcpsplice is a tool for extracting portions of packet trace files generated using 1___________flag
tcpdump's -w
Simplex Mode: the communication is________
unidirectional.
LMMIB2.MIB -Contains object types for ______ and _______ services. ============ DHCP.MIB -Microsoft-defined MIB that contains object types for monitoring the_____traffic between _____ hosts and DHCP servers. ============ HOSTMIB.MIB -Contains ______ types for monitoring and managing host _______. =========== MIB_II.MIB -Contains the Management Information Base (MIB-II), which provides a simple, workable architecture and system for managing _______-based internets. ========== WINS.MIB -Microsoft-defined MIB for the ....
workstation, server ========== network, remote ========== object, resources ========== TCP/IP ========== Windows Internet Name Service (WINS).
To prevent SPF attack you need to secure edge ports (or other untrusted ports) with options like 1.______guard, 2.______guard, 3.______guard, 4._______filter.
· 1.root-guard - prevents a port to become root port · 2.bpdu-guard - disables a port on BPDU reception · 3.tcn-guard - ignores topology change notifications received on a given· bpdu-filter - ignores BPDUs received on a given port (disabling loop detection by STP!) · 4.bpdu-filter - ignores BPDUs received on a given port (disabling loop detection by STP!)]
(APNIC)
· Asia-Pacific Network Information Centre
Nessus is a program for automatically searching for known flaws in the protection of information systems. It is able to detect the most common types of vulnerabilities, for example
· Availability of vulnerable versions of services or domains · Configuration errors (for example, no need for authorization on the SMTP server) · default passwords, blank, or weak passwords -client-server
(LACNIC) ·
· Latin American and Caribbean Network Information Centre
The area most open to attack is often the routing systems within your enterprise network. Because of some of the sniffing-based attacks, an enterprise routing infrastructure can easily be attacked with man-in-the-middle and other attacks designed to corrupt or change the routing tables with the following results:
· Traffic redirection— enabling the attacker to modify traffic in transit or sniff packets · Traffic sent to a routing black hole— the attacker can send specific routes to null0, effectively kicking IP addresses off the network · Router denial-of-service (DoS)—attacking the routing process can crash the router or severe service degradation · Routing protocol DoS—Similar to the attack previously described against a whole router, a routing protocol attack could be launched to stop the routing process from functioning properly · Unauthorized route prefix origination—this attack aims to introduce a new prefix into the routing table that shouldn't be there. The attacker might do this to get a covert attack network to be routable throughout the victim network.