What's Your Password?
Defense and Stuff
Tools of the Trade
Bad Things
Figure it out
100

This attack consists of an attacker using automated scripts to try out possible passwords until the correct one works. They are very time consuming because they take a systematic approach to trying all possible permutation of characters in a sequence. The longer the password, the longer it takes.

What is a Brute-Force Attack?

100

This network security technology allows us to control the flow of traffic to and from the network.

What is a firewall?

100

This is a group of internet-connected devices, each of which are used to perform attacks, steal data, send spam, and allow the attack to access the device and its connection.

What is a botnet?

100

This type of malware misleads users of its true intent by disguising itself as a standard program.

What is a trojan?

100

MFA stands for this.

What is Multi-Factor Authentication?

200

This attack consists of an attacker putting lists of commonly used passwords into attack dictionaries. Threat actors typically use automated scripts to match the original password with the suggestions from the gathered attack dictionary.

What is a Dictionary attack?

200

This is a monitoring system that detects suspicious activities and generates alerts when they are detected.

What is an Intrusion Detection System?

200

This set of tools and techniques that attackers use to maintain communication with compromised devices following their initial exploitation is known as this.

What is Command and Control (C2)?

200

This type of malware is software that "spies" on its users, by recording and/or reporting their activities. This could include keylogging, recording how a user uses a program, browser history, etc.

What is spyware?

200

IDS stands for this.

What is Intrusion Detection System?

300

With this attack, bad actors take advantage of the tendency for users to reuse the same usernames and passwords for multiple accounts. By using credentials exposed in data breaches, the automate the process of trying those credentials on multiple sites at the same time.

What is Credential Stuffing Attack?

300

This term refers to a network of physical devices, vehicles, appliances, and other physical objects that are embedded with sensors, software, and network connectivity, allowing them to collect and share data.

What is IoT (Internet of Things)?

300

This DDOS tool was used by Anonymous for several attacks, targetting a site and flooding the server with TCP, UDP or HTTP packets. Has capabilities of allowing your host machine to join a voluntary botnet.

What is the Low Orbit Ion Cannon (LOIC)?

300

This is a type of malware that allows hackers to monitor and control your computer or network.

What is a RAT (Remote Access Trojan)?

300

*Daily Double*

TPM stands for this.

What is Trusted Platform Module?

400

This attack is a different mixture of password-cracking attacks. It's performed whenever the hacker knows a leaked password of yours and assumes you use a variation of it. The hacker uses a predefined list of phrases people often use to create passwords but extends them by adding variables - random symbols and numbers.

What is a Hybrid Attack?

400

This is a network security technology that detects suspicious activities and actively prevents identified threats from being carried out.

What is an Intrusion Prevention System?

400

This Windows-only password recovery tool handles an enormous variety of tasks, including recovering passwords by sniffing the network, cracking encrypted passwords using dictionary, brute-force and cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

What Cain and Abel?

400

This type of malware remains dormant for a period of time until triggered. They can be triggered by an event, or a specific data/time.

What is a Logic Bomb?

400

IOC stands for this.

What is Indicators of Compromise?

500

This type of attack uses password hashes that the bad actor has gathered. They can then see if it matches any of the precomputed hashes in their own database table.

What is a Rainbow Table Attack?

500

This is a type of security solution that provides real-time analysis of security alerts and events generated by network hardware and applications.

What is a SIEM (Security Information and Event Management)?

500

This DDOS tool specializes in shutting down hosts, network devices and servers by overwhelming them with different protocols such as UDP/TCP, ICMP, HTTP, L2CAP, ARP, and IEEE.

What is Raven-Storm?

500

This type of malware modifies the files in the kernel of the operating system, effectively becoming invisible to antivirus and anti-malware software.

What is a rootkit?

500

IAM stands for this.

What is Identity and Access Management?

M
e
n
u