Recon & OSINT
This type of reconnaissance gathers information without directly interacting with the target.
“What is passive reconnaissance?”
Enumeration is not just scanning; it is active ______ gathering.
“What is information?”
This program provides an interface to input commands into an operating system.
“What is a shell?”
This command is often the first step after getting a Windows shell to enumerate privileges.
“What is whoami /priv?”
This is the process of gaining higher permissions than originally granted.
“What is privilege escalation?”
This certificate transparency website is commonly used to discover subdomains.
“What is crt.sh?”
This command displays active network connections and listening ports on Linux.
“What is netstat -tulnp?”
A shell that connects back to the attacker’s machine is called this.
“What is a reverse shell?”
This privilege is abused by Juicy Potato and PrintSpoofer.
“What is SeImpersonatePrivilege?”
This Windows process is commonly targeted for credential dumping.
“What is LSASS?”
These DNS records often reveal email providers.
“What are MX records?”
SMTP servers sometimes expose usernames using this command.
“What is VRFY?”
This networking utility is heavily used for bind shells and reverse shells.
“What is Netcat?”
Attackers commonly abuse this privilege to dump LSASS memory.
“What is SeDebugPrivilege?”
According to the course introduction, cybersecurity skill development requires this type of learning rather than only passive learning.
“What is active learning?”
This search engine is commonly used for passive intelligence gathering on exposed devices and services.
“What is Shodan?”
This service on port 161 is often forgotten but can reveal running processes and network devices.
“What is SNMP?”
In offensive security, this delivers the shell after exploitation.
“What is a payload?”
This Windows group can read any file and dump the SAM database.
“What are Backup Operators?”
These two concepts were emphasized over memorization in the course introduction.
“What are principles and methodology?”
A public cloud bucket exposing these files could lead directly to password-less server access.
“What are SSH private keys (id_rsa)?”
According to the methodology slides, these are the three major enumeration levels.
“What are Infrastructure-Based, Host-Based, and OS-Based enumeration?”
This Linux command creates a named pipe used in many Netcat reverse shell one-liners.
“What is mkfifo?”
This Sysinternals tool is used to inspect named pipe permissions.
“What is accesschk.exe?”
This phrase summarizes the relationship between exploits, payloads, and shells:
“Exploits open doors. ______ walk us through them.”
“What are payloads?”