Vocabulary
a network that connects computers and devices within a limited geographical area, such as a home, school, or office, to share resources and information.
LAN
Where most exploits occur?
Application Layer
What type of software is Wireshark?
Network protocol analyzer
Defines the structure and content of web pages.
HTML
Manages and queries relational databases.
SQL
a piece of code, tool, or technique used to take advantage of a vulnerability or flaw in a system, application, or network to perform unauthorized actions.
Exploit
To complete the XSS exploit where do you type in the script?
You type the malicious script into input fields on a web page that do not properly validate or sanitize user input, such as comment sections or search bars.
Checks connectivity to a host by sending ICMP echo requests
Ping command
Enables dynamic, interactive behavior on web pages (e.g., animations, form validation).
JavaScript
Injects malicious code to manipulate database queries and retrieve unauthorized data.
SELECT
hiding complex implementation details and exposing only the necessary functionality to the user. It helps reduce complexity and improve security by limiting access to sensitive operations or data
Abstraction
How does a cross-scripting exploit change a web page?
It injects malicious scripts into a web page, causing it to execute unintended actions such as stealing cookies, redirecting users, or displaying fake content.
What protocol is responsible for broadcast messages?
UDP (User Datagram Protocol)
Controls the styling and layout of web pages (e.g., colors, fonts)
CSS
Alters database contents by combining datasets or introducing malicious data
MERGE
The process of intercepting and analyzing data packets traveling over a network. It is commonly used for troubleshooting network issues or, in malicious contexts, to capture sensitive information.
Packet Sniffing
What do these represent:
Repeated failed login attempts.
Suspiciously high login activity.
Access attempts from unknown IPs
Brute force attack
How do you interrupt the ping command on the Linux system?
Press Ctrl + C to stop command
A versatile programming language for tasks like web development, data analysis, and automation.
Python
Combines results from two queries to gain access to hidden data.
UNION
a format used to store captured network traffic data. It is often analyzed using tools like Wireshark to troubleshoot network issues or investigate incidents.
PCAP File
How can you determine how long a handshake took?
By using packet capture tools like Wireshark to measure the timestamps between the SYN and ACK packets
Stores and transports data in a readable format for both humans and machines.
XML