Security
This tool securely stores and generates strong passwords for all your accounts.
What is a password manager (e.g., Bitwarden)?
This device allows multiple devices to share one internet connection inside a local network.
What is a switch?
This tool is used to scan networks for open ports and identify running services on a target.
What is Nmap?
This service allows remote graphical access to a Windows desktop over a network and typically supports one active session per user.
What is Remote Desktop Protocol (RDP)?
This browser indicator shows that a website connection is encrypted between the user and the server.
What is HTTPS (padlock icon / TLS encryption)?
This is a software-based computer that runs an operating system like a physical machine.
What is a Virtual Machine (VM)?
This protocol allows secure remote access to a computer over a network.
What is SSH?
This tool is used to brute-force hidden directories and files on a web server using wordlists.
What is Gobuster?
This Linux directory contains logs such as authentication logs and system events.
What is /var/log/?
This is an attack technique where attackers trick users into clicking malicious links in emails or messages.
What is phishing?
This software layer allows multiple virtual machines to run on a single physical machine.
What is a hypervisor?
This service automatically assigns IP addresses to devices on a network.
What is DHCP?
A Linux service is running as root and has a writable configuration file owned by a normal user. What vulnerability does this create?
What is privilege escalation via misconfiguration?
This command is used to view active network connections on Linux.
What is ss or netstat?
Before entering credentials on a login page, a user checks the domain, certificate validity, and whether the site is using HTTPS. What security practice is being applied?
What is verifying TLS certificate validity and domain authenticity (or trust verification of a secure connection)?
This infrastructure setup splits a network into smaller segments to improve security and performance.
What is subnetting?
This directory service is used to manage and authenticate users in a network environment.
What is LDAP?
You find that a web app uses predictable session tokens. What is the primary security risk?
What is session hijacking?
You find a service listening on port 4444. What is this most likely?
What is a potential reverse shell or backdoor (often used by tools like Metasploit)?
A user receives a login page that looks identical to a real service, but the URL is slightly misspelled and the certificate is self-signed. What type of attack is this attempting to perform?
What is a credential phishing attack (or man-in-the-middle phishing site)?
This virtual hardware component gives each VM its own network identity on the same physical machine.
What is a virtual network interface (vNIC)?
This network function translates private IP addresses to a public IP address to allow multiple devices to share one (or more) external address.
What is NAT (Network Address Translation)?
This critical Active Directory vulnerability (CVE-2020-1472) allows attackers to completely compromise a domain controller by exploiting a flaw in Netlogon authentication.
What is Zerologon?
This Windows feature allows users or programs to run scripts and programs automatically at specific times or at system startup. Why is it dangerous in a security context?
What is Task Scheduler, which can be abused to maintain persistence or execute malicious code automatically?