ON THE FRONTLINES
A review of an organization's security controls, policies, and procedures against a set of expectations.
What is a Security Audit?
This centralized facility is where a cybersecurity team monitors systems and responds to threats in real time, functioning as the hub of an organization’s digital defenses.
What is SOC?
These small text files stored in your browser help websites remember information—like session data or preferences—between page loads or visits.
What are Cookies?
A device that can create rogue access points and conduct advanced wireless network audits, famously used for man-in-the-middle attacks.
What is a WiFi-Pineapple?
This attack involves hijacking someone’s phone number by tricking or bribing a carrier into transferring it to a new SIM card, granting the attacker access to the victim’s text messages and calls.
What is SIM Swapping?
A record of events that occur within an organization's systems and networks.
What are Logs?
This vendor-neutral CompTIA certification tests fundamental cybersecurity skills and is widely viewed as a gateway into the field of information security.
What is Security+?
This web attack involves manipulating a database query via user input, often allowing unauthorized access to sensitive information if input validation is weak.
What is SQL Injection?
Nicknamed the "Swiss Army knife for hackers," this handheld, open-source device can emulate remotes, allowing you to open car doors of your next door neighbors from miles away.
What is Flipper Zero?
This malicious technique involves forging or impersonating another user, device, or address to trick systems or individuals into granting unauthorized access or revealing sensitive information.
What is Spoofing?
All the potential vulnerabilities that a threat actor could exploit?
What is an Attack Surface?
This aims to protect cardholder data and is enforced by major credit card brands for any organization that processes, stores, or transmits credit card information.
What is PCI-DSS?
(DOUBLE JEOPARDY) Developed by PortSwigger, this popular tool intercepts and analyzes web traffic, allowing security testers to identify and exploit vulnerabilities in web applications.
What is Burp Suite?
This seemingly harmless USB stick emulates a keyboard, injecting pre-programmed keystrokes into a target machine for quick exploits.
What is Rubber Ducky?
This process where criminals install hidden devices on legitimate card readers—like ATMs or gas pumps—that capture credit or debit card information without the user’s knowledge.
What is Card Skimming?
These platforms collect and analyzes log data to monitor critical activities in an organization?
What are SIEM Tools?
(DOUBLE JEOPARDY) Developed by the NSA, this flagship risk-based framework is organized around five core functions—Identify, Protect, Detect, Respond, and Recover—to help organizations manage cybersecurity risks.
What is NIST Cybersecurity Framework?
This calculated value is appended to data so that any corruption or tampering can be detected by comparing the original and received values.
What is Checksum?
This hardware-based security key provides strong two-factor authentication by generating unique codes and protecting logins from phishing and other attacks.
What is YubiKey?
This type of malware disguises itself as a legitimate program but secretly creates a backdoor or executes harmful actions once installed.
What is Trojan Horse?
Used by cybersecurity teams in the event of an incident, these help security teams respond to incidents by ensuring that a consistent list of actions are followed in a prescribed way, regardless of who is working on the case.
What is a Playbook?
Enacted in 1996, this U.S. federal law sets standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.
What is HIPAA
This web vulnerability allows attackers to trick a server into making unauthorized requests to internal or external resources, often bypassing network protections.
What is Server-Side Request Forgery (SSRF)?
This stealthy Hak5 device appears to be a simple Ethernet adapter but can conduct network reconnaissance, and even phone home for remote access.
What is LAN Turtle?
This stealthy type of malware burrows into an operating system at the kernel level, concealing its presence and enabling ongoing unauthorized access.
What is a Rootkit?