ethical final

Front

Back

What is a DoS attack?

Denial-of-Service attack that reduces restricts or prevents accessibility of system resources to legitimate users

What is a DDoS attack?

Distributed DoS using multiple compromised systems (botnet) to flood a target

What are the three basic categories of DoS attack vectors?

Volumetric attacks; Protocol attacks; Application layer attacks

What is a UDP flood attack?

Attacker sends spoofed UDP packets at high rate to random ports causing server to check for non-existent applications

What is an ICMP flood attack?

Attacker sends large volumes of ICMP echo request packets with spoofed source addresses to saturate victim bandwidth

What is a Ping of Death attack?

Sending malformed or oversized ICMP packets exceeding 65535 bytes to crash or freeze target system

What is a Smurf attack?

Attacker spoofs victim's IP and sends ICMP ECHO requests to broadcast network causing all hosts to reply to victim

What is an NTP amplification attack?

Using botnet to send spoofed UDP packets to NTP server with monlist command enabled generating large response packets

What is a SYN flood attack?

Exploiting TCP three-way handshake by sending SYN requests with fake IPs filling victim's listen queue

What is a Fragmentation attack?

Flooding target with fragmented TCP/UDP packets that consume excessive resources during reassembly

What is a Spoofed Session Flood attack?

Creating fake TCP sessions with multiple SYN/ACK/RST/FIN packets to bypass firewalls and exhaust resources

What is an HTTP GET/POST attack?

Using time-delayed headers or incomplete message bodies to maintain HTTP connections and exhaust web server resources

What is a Slowloris attack?

Sending partial HTTP requests to keep connections open exhausting target server's maximum concurrent connection pool

What is a Multi-vector DDoS attack?

Using combinations of volumetric protocol and application-layer attacks launched sequentially or in parallel

What is a Peer-to-Peer attack?

Instructing P2P file sharing clients to disconnect and connect to victim's fake website using DC++ protocol flaws

What is a Permanent DoS or Phlashing attack?

Attacks causing irreversible hardware damage requiring replacement using fraudulent hardware updates

What is a TCP SACK panic attack?

Sending malformed SACK packets with low MSS to exploit Linux kernel integer overflow causing kernel panic

What is a DRDoS attack?

Distributed Reflection DoS using intermediary hosts to reflect attack traffic to target making source harder to trace

What tool is ISB (I'm so bored)?

Software utility for performing HTTP UDP TCP and ICMP flood attacks

What tool is UltraDDOS-v2?

GUI tool for entering target IP port and packet count to launch DDoS attacks

What tool is HOIC?

High Orbit Ion Cannon - HTTP-based DDoS attack tool

What tool is LOIC?

Low Orbit Ion Cannon - TCP/UDP/HTTP flood attack tool

What tool is HULK?

HTTP Unbearable Load King - generates unique requests to evade caching for DoS

What tool is UFONet?

Abuses OSI layer 7 using HTTP methods to launch DDoS via botnet of compromised web servers

What is Activity Profiling detection?

Monitoring average packet rate for network flows to detect abnormal deviations indicating attacks

What is Sequential Change-Point Detection?

Using Cusum algorithm to isolate changes in traffic statistics caused by attacks

What is Wavelet-Based Signal Analysis?

Filtering anomalous traffic flow input signals from background noise using spectral component analysis

What is Absorbing the Attack countermeasure?

Using additional capacity/bandwidth to absorb attack traffic requiring preplanning

What is Degrading Services countermeasure?

Identifying critical services to maintain while stopping non-critical services during attack

What is Shutting Down Services countermeasure?

Temporarily disabling all services until attack subsides

What is Egress Filtering?

Scanning headers of IP packets leaving network to prevent malicious traffic from exiting internal network

What is Ingress Filtering?

Preventing source address spoofing of Internet traffic entering network

What is TCP Intercept?

Router feature that intercepts and validates TCP connection requests to protect against SYN flooding

What is Rate Limiting?

Controlling rate of outbound or inbound traffic on network interface to reduce high-volume DDoS traffic

What is Black Hole Filtering?

Discarding packets at routing level without informing source that data didn't reach recipient

What is Load Balancing mitigation?

Distributing traffic across multiple servers to absorb additional attack traffic and provide failsafe protection

What is Throttling mitigation?

Setting routers to control incoming traffic levels to safe rates preventing server damage

What is Drop Requests mitigation?

Servers/routers dropping packets when load increases making requester solve puzzle before continuing

What is Traffic Pattern Analysis forensics?

Analyzing traffic patterns to develop new filtering techniques and update countermeasures

What is Packet Traceback forensics?

Reverse engineering technique to identify true source of attack for blocking further attacks

What is Event Log Analysis forensics?

Analyzing logs to identify source type and combination of DDoS attacks used

What is Cisco IPS Source IP Reputation Filtering?

Using reputation database to filter DoS traffic from known botnets and malware sources

Where are Windows password hashes stored?

SAM database or Active Directory database (never in clear text)

What command extracts SAM password hashes?

pwdump7 or Mimikatz

What is NTLM authentication protocol?

Microsoft protocol storing password hashes in SAM using hashing methods for authentication

What is Kerberos authentication?

Stronger Microsoft authentication protocol using KDC AS TGS and tickets for client/server applications

What is a Dictionary Attack?

Loading dictionary file into cracking application to try passwords against user accounts

What is a Brute-Force Attack?

Trying every combination of characters until password is broken

What is a Rule-based Attack?

Using attacker information about password to create customized rules for cracking

What command generates customized dictionary with John?

john --rules --wordlist=/path/to/rockyou.txt --stdout > /path/to/output.txt

What command cracks NTLM hashes with John?

john --format=NT /path/to/ntlm_hashes.txt

What is Hash Injection/Pass-the-Hash attack?

Injecting compromised hash into local session to validate network resources without cracking password

What is LLMNR/NBT-NS Poisoning?

Poisoning Windows name resolution to capture NTLMv2 hashes from victim authentication

What tool performs LLMNR/NBT-NS spoofing?

Responder

What is AS-REP Roasting?

Targeting Kerberos users without preauthentication to extract and crack TGT for password access

What command extracts AS-REP hashes?

GetNPUsers.py from Impacket suite

What is Kerberoasting?

Targeting service accounts in Active Directory to obtain and crack TGS ticket password hashes

What tool performs Kerberoasting?

Rubeus

What is Pass-the-Ticket attack?

Using stolen Kerberos TGT/ST tickets to authenticate without password using Mimikatz or Rubeus

What is NTLM Relay attack?

Intercepting and relaying NTLM authentication requests between client and server to impersonate client

What tools perform NTLM Relay?

Responder and ntlmrelayx

What command performs SSH brute force with Hydra?

hydra -l username -P wordlist.txt ssh://target_ip

What is password salting?

Adding random string to password before hashing to defeat pre-computed hash attacks

What is WES-NG?

Windows Exploit Suggester Next Generation - Python tool to discover exploits for Windows vulnerabilities

What command runs WES-NG?

wes systeminfo.txt (after running systeminfo > systeminfo.txt)

What is Metasploit Framework?

Exploit development platform supporting automated exploitation via known vulnerabilities and weak passwords

What command starts Metasploit?

msfconsole

What command generates payloads in Metasploit?

msfvenom

What is Exploit Module in Metasploit?

Basic module encapsulating exploit to target vulnerabilities across multiple platforms

What is Payload Module in Metasploit?

Establishes communication channel between Metasploit and victim host after successful exploit

What is Auxiliary Module in Metasploit?

Performs one-off actions like port scanning DoS fuzzing without exploitation

What is NOPS Module in Metasploit?

Generates no-operation instructions for blocking out buffers in exploits

What command generates NOP sled in Metasploit?

generate -t c 50 (for 50-byte C format NOP sled)

What is Encoder Module in Metasploit?

Encodes payloads to evade detection by antivirus IDS and security mechanisms

What is Evasion Module in Metasploit?

Modifies payload/exploit behavior to avoid detection by security systems

What is Post-exploitation Module in Metasploit?

Used after successful compromise to interact further with target system

What command shows available options in Metasploit?

show options

What command sets a payload in Metasploit?

set PAYLOAD payload_name

What command exploits a vulnerability in Metasploit?

exploit

What command backgrounds a session in Metasploit?

background

What command shows active sessions in Metasploit?

sessions

What command migrates a session in Metasploit?

migrate

What command kills a session in Metasploit?

kill

What is Nebula?

AI-powered tool using machine learning to help find vulnerabilities effectively

What is DeepExploit?

Fully automated AI tool using deep learning (A3C model) to identify and exploit vulnerabilities

What is malware?

Malicious software that damages/disables systems and gives control to creator for theft or fraud

What are examples of malware?

Trojans Backdoors Rootkits Ransomware Adware Viruses Worms Spyware Botnets Crypters

What is an Advanced Persistent Threat (APT)?

Network attack where attacker gains unauthorized access and remains undetected long-term to obtain sensitive information

What are APT lifecycle stages?

Preparation; Initial Intrusion; Persistence; Expansion; Search/Exfiltration; Cleanup

What is a Trojan?

Program containing malicious code inside apparently harmless program that gains control when user performs predefined actions

How do hackers use Trojans?

Delete OS files; Disable firewalls; Generate fake traffic; Record screenshots; Create backdoors; Use as botnet/proxy for attacks

What are Trojan infection steps?

Create packet (njRAT); Employ dropper/downloader; Employ wrapper; Employ crypter; Propagate via email/USB; Deploy; Execute damage routine

What is a virus?

Self-replicating program attaching to another program boot sector or document transmitted via downloads infected drives email attachments

What are virus infection indicators?

Constant antivirus alerts; Suspicious hard drive activity; Lack of storage space; Unwanted pop-ups

What are virus infection steps?

Create virus (JPS Virus Maker); Pack with binder; Send via email/chat/network; Execute on victim system

What is ransomware?

Malware restricting access to computer files/folders demanding online ransom payment to remove restrictions

What are ransomware families?

Mallox; Phobos; Xorist; LockBit Black; DarkSide; Conti; Cerber; Thanos; RansomEXX; NETWALKER; QNAPCrypt

What are ransomware infection steps?

Create with Chaos Builder; Transfer via email/physical media; Victim executes file; Files encrypted; Ransom note appears

What is a computer worm?

Malicious program independently replicating and spreading across network connections consuming resources without human interaction