15 Questions
What is a commonly used method by web application hacking tools to enumerate files and directories?
Wordlists
What kind of malicious activity can be used to compromise systems using a pass-the-hash post-exploitation technique?
Lateral movement
What type of vulnerability enables a threat actor to leave a VM and obtain access to other virtual machines on the system or access to the hypervisor?
VM escape vulnerability
In a penetration tester's final report, which section describes technical details about any system exploitation and vulnerabilities found?
Findings
Which tool can be used to enumerate SMB shares and vulnerable Samba implementations?
Enum4linux
Which government agency provides guidance on how organizations should manage cryptographic keys in accordance with federal key management policies?
NIST
Which Linux distribution is based on Debian and focuses on penetration testing, digital forensics, and privacy protection?
Parrot OS
Which tool has the threat actor used to retrieve the password hash from the compromised system?
Mimikatz
Which action can mitigate session fixation attacks?
Encrypt the entire web session
In the context of the exhibit, what type of malicious activity is depicted when Paul and Steven are sharing materials for a college course they both teach?
Unauthorized data sharing
What tool could be used to enumerate SMB shares and vulnerable Samba implementations?
Responder
How can an organization mitigate session fixation attacks?
Encrypt the entire web session
In the context of the text, what action can a threat actor take if they have collected the password hash from a compromised system?
Use Mimikatz to retrieve the password hash
Which tool could an attacker use to manipulate the LLMNR service and poison the system of a victim?
Pacu
What Linux distribution is based on Debian and focuses on penetration testing, digital forensics, and privacy protection?
Parrot OS
Study Notes
Web Application Hacking
- A commonly used method by web application hacking tools to enumerate files and directories is through directory traversal.
Post-Exploitation Techniques
- Pass-the-hash is a post-exploitation technique that allows a threat actor to compromise systems by using a stolen password hash.
Virtual Machine Vulnerabilities
- A VM escape vulnerability enables a threat actor to leave a VM and obtain access to other virtual machines on the system or access to the hypervisor.
Penetration Testing Reports
- The section of a penetration tester's final report that describes technical details about any system exploitation and vulnerabilities found is the findings or vulnerability section.
SMB Enumeration
- The tool that can be used to enumerate SMB shares and vulnerable Samba implementations is Enum4linux.
Cryptographic Key Management
- The government agency that provides guidance on how organizations should manage cryptographic keys in accordance with federal key management policies is NIST.
Linux Distributions
- The Linux distribution that is based on Debian and focuses on penetration testing, digital forensics, and privacy protection is Kali Linux.
Password Hash Retrieval
- The tool that has been used to retrieve the password hash from the compromised system is likely Mimikatz.
Session Fixation Attacks
- The action that can mitigate session fixation attacks is to regenerate the session ID after a user logs in.
Malicious Activity
- In the context of the exhibit, the malicious activity depicted when Paul and Steven are sharing materials for a college course they both teach is a peer-to-peer sharing of copyrighted materials.
SMB Enumeration
- The tool that can be used to enumerate SMB shares and vulnerable Samba implementations is Enum4linux.
Mitigating Session Fixation
- An organization can mitigate session fixation attacks by regenerating the session ID after a user logs in.
Password Hash Exploitation
- If a threat actor has collected the password hash from a compromised system, they can use pass-the-hash to compromise other systems.
LLMNR Service Manipulation
- The tool that could be used to manipulate the LLMNR service and poison the system of a victim is Responder.
Linux Distributions
- The Linux distribution that is based on Debian and focuses on penetration testing, digital forensics, and privacy protection is Kali Linux.
Test your knowledge of web application security and hacking with questions about common hacking tools, malicious activities, and vulnerabilities.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
