Cyber Eagles Club Jeopardy Jeopardy Template

Security Principles

Misc.

Command Line

Networking

Malware

100

What is a fail-safe default?
A: An entity should be given explicit access to an object by default.
B: An entity should always be denied permission to objects
C: An entity should be denied access to the object unless it is specifically allowed

100

What network node is designed to block unauthorized access to the company’s local network?

Firewall

100

How can you send the output of a command or program to another command or program?

100

All of the following are valid encryption/security schemes for wireless networks except:
A:WEP
B:WPA
C:WPA-Enterprise
D:DES

D: DES

100

nmap can recognize and classify all the following except
A:Operating Systems
B:Machines infected with Stuxnet Worm
C:Wireless Clients
D:Open/Closed/Filtered Ports
E:Service Version

C:Wireless Clients

200

How does separation of privilege help to ensure that no single security breach can cause an entire security mechanism to fail?
A:By creating multiple user account for a system, we can properly audit all actions to make sure they are legitimate
B:By removing all administrator privileges from the system, we can ensure the most secure system possible
C:By creating multiple conditions for access, a single attack shouldn't be sufficient enough to compromise the system

200

What is the main purpose of a router?

To route traffic from point A to point B

200

What does the following command do? rm -rf /

recursively deletes all files from the root directory

200

What port is assigned to DNS?

200

Many malicious applications will call IsDebuggerPresent() Why?

This is just one way of determining if the process is being debugged. If it's being debugged, it probably means someone is trying to reverse engineer your virus. At that point the virus can do anything from killing its process to attempting to crash the system.

300

What is a characteristic of Psychological Acceptability?
A:simple user interface
B:It should ask for a password for every action to be most secure
C:requires a Microsoft Technician to install so that it would be really hard for a hacker to get in.
D:all of the above

300

What is the weakest link in any secured network?

Employees/People

300

How do you save changes and exit in vim from insert mode or emacs?

ESC, :wq Ctrl + X, Ctrl + S, Ctrl + X, Ctrl + C

300

What was the original purpose of port 0 on TCP before programmers could use raw sockets?

"Let the system choose a port for me"

300

Rootkits will hook the System Service Dispatch Table for various kernel routines such as
ZwCreateKey
ZwOpenProcess
NtLoadDriver
ZwQueryDirectoryFile

Why would they do this?
Does finding a hook on these calls automatically mean it's malicious?

The ZwQueryValueKey routine returns a value entry for a registry key.

A rootkit can hook this routine and give false readings of a registry value. Likewise, an antivirus can hook this routine to prevent malware from reading certain sensitive keys.

400

What is the difference between an encryption algorithm and a hashing algorithm?

The purpose of encryption is to transform data in order to keep it secret from others... Hashing serves the purpose of ensuring integrity...

400

What is Heartbleed? Explain the exploitation process.

A bug in OpenSSL that leaks memory to an attacker

400

What is X11

A windowing system for bitmap displays, common on UNIX-like computer operating systems.

400

How many channels are defined under 802.11 standard in the 2.4 GHz spectrum? How many are available the US?

400

The Intel x86 family of microchips use a concept called rings for access control. How many rings are there?

A rootkit or a virus is most dangerous when it gains access to ring #?

4,0

500

Match the following ciphers to their type:
A. Mono-alphabetic
B. Poly-alphabetic
C. Product

1. DES
2. Vigenère
3. Caesar

A-3
B-2
C-1

500

What are salted hashes?

Appending random data to a password before hashing it for extra security

500

What is the name of an Internet Browser that you can use on the command line?

lynx

500

Using a traditional one-for-all style rainbow table will not work for WPA and WPA2 because

“the 256 bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1”

500

Malware is often obfuscated using a packer. The code doesn't look malicious to the naked eye, but once you execute it, it will unpack/decrypt/decode the real malicious code. What is a modern day technique used by antivirus software to deal with this?

How might malware be able bypass these techniques?

Live sandboxing or Dynamic analysis.
dynamic analysis has a timeout limit and a resource limit for usability purposes.
for example:
Instead of

/* main entry */
int main( void )
{
decryptCodeSection(); // Decrypt the code
startShellCode(); // Call the Meterpreter shellcode in decrypted code
return 0;
}

Do

#define TOO_MUCH_MEM 100000000
int main()
{
char * memdmp = NULL;
memdmp = (char *) malloc(TOO_MUCH_MEM);
if(memdmp!=NULL)
{
memset(memdmp,00, TOO_MUCH_MEM);
free(memdmp);
decryptCodeSection();
startShellCode();
}
return 0;
}

Examples by Emeric Nasi