Windows Password Hashing and Security

Questions and Answers

What is the primary advantage of password salting?

It increases the password length

It makes the password more complex

It makes it more difficult to reverse the hashes and defeats pre-computed hash attacks (correct)

It adds a second layer of encryption

What is the purpose of the PWDUMP tool?

To schedule password cracking tasks

To sniff the network for encrypted passwords

To crack passwords using rainbow tables

To extract LM and NTLM password hashes from the SAM database (correct)

What is the main difference between PWDUMP and FGdump?

FGdump extracts cached credentials (correct)

PWDUMP is used for password cracking

FGdump is used for remote network execution

PWDUMP is used for remote network execution

Which password cracking tool is based on rainbow tables?

Ophcrack

What is the limitation of password hashes in Windows?

They are not salted

What is the purpose of L0phtCrack?

To perform password auditing and recovery

What is the primary goal of a privilege escalation attack?

To gain administrative access to a system

What is the primary goal of using encryption techniques in defending against privilege escalation?

To protect sensitive data

What is the main difference between vertical and horizontal privilege escalation?

The level of access gained

Why can an attacker place a malicious DLL in an application directory to escalate privileges?

Because the application does not use a fully qualified path to load the DLL

What is the primary purpose of running users and applications on the least privileges?

To minimize the attack surface

What can an attacker do if they gain administrative privileges using a privilege escalation attack?

Reset the passwords of other non-administrative accounts

What is the primary function of RemoteExec?

To remotely install applications, execute programs/scripts, and update files and folders

What is the name of the tool that can be used to reset passwords using privileges?

Offline NT Password & Registry Editor

What is the primary purpose of patching the systems regularly?

To fix OS and application coding errors and bugs

What is the primary goal of executing malicious programs remotely in the victim's machine?

To gather information that leads to exploitation or loss of privacy

What is the name of the technique used to escalate privileges by placing a malicious DLL in an application directory?

DLL Hijacking

What is the primary function of PDQ Deploy?

To silently install any application or patch

What is the primary purpose of a keylogger?

To gather confidential information about a victim

What is the main difference between a hardware keylogger and a software keylogger?

One is installed on the OS, while the other is embedded in the keyboard

What type of keylogger is placed between the keyboard hardware and the OS?

Physical Keylogger

Which type of keylogger uses Wi-Fi or Bluetooth for transmission?

External Keylogger

What is a legitimate use of keyloggers for home users?

To monitor children's activity

What is the main risk of using an account with administrative privileges?

Undetected execution of malicious code

What is the primary purpose of NTFS Alternate Data Stream (ADS)?

To store metadata about files, such as attributes and access times

How can you delete NTFS streams?

Move the suspected files to a FAT partition

What is the primary goal of steganography?

To conceal data within an ordinary message

What type of utility can help maintain the integrity of an NTFS partition?

File integrity checker

What is the name of a hacking tool that can detect NTFS streams?

All of the above