Session Hijacking Jeopardy Template

Session Hijacking Basics

Transport & Application Hijacking

DoS Attacks

DDoS & Botnets

Countermeasures & Tools

100

What is Session Hijacking?

This attack occurs when an attacker takes control of a valid user session.

100

What is the TCP Sequence Number?

Attackers use this value to maintain synchronization in TCP communication.

100

What is a Denial-of-Service (DoS) Attack?

_{This attack overwhelms a server to make services unavailable.}

100

What is a Botnet?

A collection of compromised devices controlled remotely is called this.

100

What is Session Hijacking?

Encrypting communication using HTTPS helps prevent this attack.

200

What is Transport Layer Hijacking?

This layer hijacking involves stealing TCP session information.

200

What is taking one party offline?

In transport hijacking, attackers first disable this to gain control.

200

What is a SYN Flood Attack?

This flooding attack abuses the TCP three-way handshake.

200

What is a Trojan?

This malware commonly spreads to create botnets.

200

What are Security Countermeasures?

Firewalls and IDS/IPS systems are examples of these.

300

What is Application Layer Hijacking?

Attackers capture cookies or tokens to impersonate users in this hijacking method

300

What is a Man-in-the-Browser Attack?

This browser-based malware modifies transactions within the browser.

300

What are Bandwidth Attacks?

These attacks consume network capacity using huge traffic volumes.

300

What are Command-and-Control (C2) Servers?

Attackers use these servers to control infected bots.

300

What are Bot Attacks?

CAPTCHA mechanisms help prevent this automated threat.

400

What is Session Sniffing?

This technique listens to network traffic to steal session information.

400

What are Predictable Session Tokens

Weakly generated session IDs are vulnerable because they are this.

400

What are Program and Application Attacks?

Crashing vulnerable software using malformed inputs is an example of this type of attack.

400

What is a Botnet?

Mirai is a famous example of this type of network.

400

What is Session Token Renewal?

This security practice regenerates session IDs after login.

500

What is a Man-in-the-Middle Attack?

This attack intercepts communication between two parties secretly.

500

What are Client-side Attacks?

XSS attacks are examples of these attacks targeting user browsers.

500

What is Distributed Denial of Service (DDoS)?

This attack uses multiple compromised systems against one target.

500

What is a Reflection/Amplification DDoS Attack?

This attack sends amplification traffic using misconfigured servers.

500

What are DoS/DDoS Attacks?

Rate limiting and traffic filtering help defend against these attacks.