Real-World Attacks
This attack overwhelms a server with traffic traffic to make it vulnerable.
What is a DDoS attack?
This tool scans networks for open ports and services.
What is Nmap?
This protocol is used to securely send web pages.
What is HTTPS?
This kind of challenge often hides text in images.
What is steganography?
This type of hacker has permission to test systems for flaws.
What is a white hat hacker?
In this attack, the attacker inserts malicious input into a form to access backend data.
What is SQL injection?
This tool automates exploiting known vulnerabilities.
What is Metasploit?
This secure shell protocol encrypts remote terminal sessions.
What is SSH?
This base format encodes binary as ASCII text.
What is base64?
This rule means giving users only what access they need.
What is least privilege?
This attack involves intercepting or altering communication between two parties.
What is a Man-in-the-Middle (MITM) attack?
This cracking tool is often used to brute-force passwords offline.
What is John the Ripper?
This protocol is commonly used to send email.
What is SMTP?
This tool lets you inspect network traffic from .pcap files.
What is Wireshark?
A fake login page is often used in this type of social engineering.
What is phishing?
An attacker tricks a website into running unintended code in another user's browser.
What is Cross-Site Scripting (XSS)?
This tool captures WPA handshakes for wireless password cracking.
What is Aircrack-ng?
This protocol uses port 161 and helps monitor network devices.
What is SNMP?
The command strings is often used on these types of files.
What are binary (or executable) files?
This type of malware locks files and demands payment.
What is ransomware?
This attack type exploits the fact that users reuse passwords across multiple sites.
What is credential stuffing?
This tool is the ultimate tool that haker have.
What is the Internet?
This protocol translates domain names into IP addresses.
What is DNS?
This kind of “box” simulates a vulnerable machine in a lab.
What is a virtual machine (or CTF box)?
A flaw in code that’s unknown to vendors is called this.
What is a zero-day vulnerability?