Social Engineering
Social Cont'
Malware
Physical attacks
Cryptographic attacks
Application Attacks
100

What is Prepending?

What is adding code to the beginning of a presumably safe file.


100

What type of attack is this?

What is a Watering hole attack

100

What are Botnets?

A botnet is a distributed type of malware attack that uses several remotely controlled devices that malware has infected.

100

An attack that compromises your credit card information by recording it when the card is inserted into an ATM

What is Skimming

100

What type of attack tries the same password for several accounts called?

What is Password Spraying

100

What is a replay attack?

What is a replay attack, it is a retransmit of credentials back to a host, effectively allowing the attacker to impersonate the victim.

200

What is SPIM?

What is Spam over instant messaging (SPIM)

200

This is where Con artists have bought up many domains that differ just slightly from a legitimate site, preferably with a spelling mistake that people commonly make is called?

What is Typosquatting

200

A script is set to execute at a time or if certain events or circumstances take place on the system.

What are Logic Bombs?

200

This attack is when something is inserted into a system and not detected, commands can be sent and received, data exfiltrated, and malware delivered.

What is Malicious flash drive

200

You use brute force to run millions of hashes until you get one that collides.

What is a Collision

200

What is a SQL Injections?

What is The front-end application that accesses the database usually sends commands as a set of procedures for the database to run on the data so that it can return the required results. A malicious user can insert code into these procedures to run a query on the database to reveal or damage confidential data.

300

What is the difference between passive and active Reconnaissance?

What is passive always gathers without notice.  Active has a high risk of being discovered.

300

What is dumpster diving

300

What is a RAT?

What is Remote access Trojan (RAT):

(RATs) leave a back door that allows a hacker access to the client computer that bypasses any authentication. The RAT runs a service on the victim’s computer and opens a port (such as TCP/IP port 12345 in the case of the NetBus Trojan software) on the system to which the attacker can connect when he runs the control application from a remote location.

300

What is this a picture of?

What is shoulder surfing

300

In this Hashing attack, the goal here is to compare and find another identical hash.


What is a Birthday attack

300

What is  XSS?

What is Cross-site scripting: a type of website application vulnerability that allows malicious users to inject malicious code into dynamic websites that rely on user input.  An example of this would be a search engine website or user message forum that utilizes user input.  The malicious user can input a script or series of commands, such as JavaScript, within a legitimate input request that can provide the attacker with additional administrative access to hack user accounts and embed malicious code within cookies and other website code that can be downloaded by end users.

400

In one word each describe the target of Phishing, Spear Phishing, and Whaling?

What are generic, group, and Star

400

What is where someone masquerades as a valid network user, rather over e-mail, telephone, or social media, and convinces the victim that they work in the same organization called?

What is Impersonation

400

What is something left behind by developers called?

What is a backdoor

400

What is Card Cloning and give an example

Duplicating or any card.  

Access card

400

This attack makes a legitimate request to the Web server to use a weak, deprecated algorithm that’s easier to crack in hopes of then successfully getting keys, passwords, and so forth.

What is a Downgrade Attack

400

What is Secure Sockets Layer (SSL) stripping?

What is Secure Sockets Layer (SSL) stripping: SSL stripping attacks (also known as SSL downgrade or HTTP downgrade attacks) are a type of cyber attack in which hackers downgrade a web connection from the more secure HTTPS to the less secure HTTP

500

What is a Keylogger attack where a suspicious spouse, stalkers, or hackers looking to gain sensitive information, such as login credentials or credit card information called?

What is Credential harvesting

500

Describe Authority vs Intimidation?

Authority they pretend to be a figure of power, maybe a law figure or manager

Intimidation involves a threat of some type

500

What is Command and control in malware?



What is Command and control

Command and control servers serve as the source to disseminate commands that spread further malware, exfiltrate data, conduct DDoS attacks, and more.

500

What type of attack is where threat actors have been known to use the technique of placing a malicious flash drive near or inside an office building, tempting someone to pick it up and plug it in out of curiosity?

What is a Malicious flash drive

500

What is where attackers break into unsecured networks or unprotected server infrastructures, change source codes hiding malware in build and update processes called?



What is a Supply-chain attack?


500

What is XSRF?

What is Cross-site request forgery (XSRF or CSRF) is a type of attack that relies on the ability to use a user’s current web browsing state, including session cookie data and login identity credentials, and trick that user into navigating to a website that contains malicious code. At that point, the hacker’s code can use the session information to make unauthorized requests as the target user, change the user’s account information, or steal his credentials. XSRF vulnerabilities have been found on many major websites, including high-security banking sites.

600

What is Vishing?

Phishing on voice mail or phone

600

What is acting like you belong and you follow right behind someone else called?

What is Tailgating

600

What type of malware Encrypts user files and requires payment within a timeframe and if the ransom is not paid, the decryption key will be destroyed so that the files can never be unencrypted?  (Hint not ransomware)

What is Cryptomalware

600

What is it called when someone is hired to gain access to a facility?

What is Penetration testing

600

What is Two All Beef Patties, Special Sauce, Lettuce, Cheese, Pickles, and Onions all on a Sesame Seed Bun called?

What is a bigmac

600

What is an integer overflow?

What is an integer overflow is like a buffer overflow in that it simply cannot be handled within its allotted space; however, it is the result of a mathematical operation that creates a numeric value that is too large (or sometimes too small). The outcome of a successful integer overflow attack is like that of a buffer overflow attack. This type of attack can be prevented through input validation, of course, but also by implementing error-handling conditions in the web application programming that deal with such overflow conditions.

700

In this attack, the user is directed to a fake site through a link embedded in an e-mail.

What is Pharming

700

Describe Familiarity, Trust, and Urgency

Familiarity: You remember me from the Christmas party

Trust: Oh you know Mike in accounting too

Urgency: This has to be done or no one will get paid

700

What are Fileless virus?


An emerging type of virus called a fileless virus often piggybacks on legitimate scripts that are running and will execute their malicious commands under the cover of legitimacy. PowerShell is often used for this type of virus, which is particularly difficult for antivirus to detect due to the fact that it is resident in memory and not on the disk.

700

What is a cable that has an embedded Wi-Fi controller that allows a remote user to send it commands? 


What is a Malicious Universal Serial Bus (USB) cable

700

What is a pass-the-hash attack?

What is a pass the hash attack occurs when an attacker intercepts a hash and uses it to authenticate directly, rather than using the underlying plain text password.

700

What are   Request forgeries: Server-side, Cross-site

What is client-side request forgery allows a malicious user to submit arbitrary requests to an XSRF-protected endpoint, via a web browser or mobile device, by modifying the endpoint to which the client-side code makes an HTTP request with a valid XSRF token.   In a server-side request forgery (SSRF) attack, an attacker exploits the underlying functionality on a server to read or update internal resources that the attacker shouldn’t have access to, using URLs which the code running on the server will read or submit data to.

M
e
n
u