Hacker Jeopardy (no not that one) Jeopardy Template

Sploitz

Saucy C2

My back hurts

RFCs

Crypto, no not that kind

100

This 2017 ransomware outbreak leveraged an NSA exploit leaked by the Shadow Brokers.

What is WannaCry?

100

Red team framework known for coining the term “beacons.”

Cobalt Strike

100

Hacker magazine named after a phone tone.

2600

100

A protocol for transmitting IP packets over avian carriers.

True

RFC 1149 (and RFC 2549 for QoS)

100

Vulnerability leaking 64 KB of OpenSSL memory.

Heartbleed

200

The SolarWinds backdoor malware discovered in 2020 was commonly referred to by this codename.

What is SUNBURST?

200

Metasploit payloads are called what?

Meterpreter

200

Hacker alias of Kevin Mitnick.

Condor

200

"The standard defining HTTP status code 418"

True
‘I’m a teapot’.”

200

TLS attack exploiting protocol downgrade named after a dog.

POODLE

300

This 2014 breach exposed over 3 billion user accounts after attackers gained access to a poorly protected internal admin tool.

What is the Yahoo breach?

300

Credential dumping tool by Benjamin Delpy.

Mimikatz

300

Old tool used to perform a Classic attack that maps IPs to MACs incorrectly.

Cain and Able

300

This RFC defines DNS queries over HTTPS with mandatory encryption.

What is DNS over HTTPS (DoH)?

300

Property that ensures past sessions remain secure if keys leak.

Forward Secrecy

400

The 2021 supply-chain attack abusing a Java logging library.

Log4Shell

400

Open-source C2 framework written in Go.

Sliver

400

The term for pirated software traded on BBSes.

Warez

400

RFC 9293

What RFC replaces earlier drafts and defines the transport protocol used by HTTP/3?

400

This attack recovers RSA private keys by exploiting differences in error messages during padding validation.

What is a Bleichenbacher attack?

500

This credit bureau exposed data on ~147 million Americans in 2017.

Equifax

500

What does Syswhispers 3 do differently from Syswhispers 2?

Runtime Syscall Resolution

500

The activity of scanning phone numbers to find modems.

Wardialing

500

This four-letter acronym titles thousands of internet standards documents, even though it famously means the documents are not final.

What is “Request for Comments”?

500

This class of vulnerabilities leaks secrets via power consumption rather than execution time.

What are power analysis attacks?