Networking
This protocol, which acts at the application layer of the OSI model, is used to transfer web pages from servers to clients
What is HTTP?
Rather than an established shell, where a user connects to the server, this type of shell is when a server connects to a user.
What is a reverse shell?
As opposed to white box testing, this form of testing is more common for pentests and ensures the attacker does not get access to the source code or network configuration.
What is black box testing?
This feature in Active Directory allows administrators to enforce security settings, deploy software, and distribute configurations to users and computers in a Windows domain
What is Group Policy?
This program is a free and open-source reverse engineering tool developed by the National Security Agency of the United States.
What is Ghidra?
What is a logical subdivision, a segmented piece, of an IP network?
What is a subnet?
This tool does log ingestion and allows for log analysis. Splunk is a famous example.
What is a SIEM?
According to MITRE, Lockheed Martin, and many others, say that this is the first step of any attack or engagegement.
What is Reconnaissance?
This protocol, originally created at MIT, was adopted by Microsoft in 2000 to perform secure authentication between users, machines, and resources
What is Kerberos?
This type of malware is used to remotely manage a computer or computers. Often used in targeted attacks and botnets.
What is a RAT?
This device connects multiple devices within a local area network (LAN) and forwards data packets to their intended destination based on the MAC address.
What is a network switch?
Made by Mark Russinovich, this suite includes tools for logging, remote login, process inspection, and more.
What is the sysinternals suite?
This technique has two variants. In lateral, it allows an attacker to gain access to other resources on a network. In vertical, it allows the attacker to gain access to a more privileged user.
What is privilege escalation?
WMI is a network protocol used alongside RPC and SMB. What does WMI stand for?
Windows management instrumentation
This type of analysis analyses software or hardware without running it. (Hint: Using tools like PeStudio… )
What is Static Analysis?
This procedure connects an IP address to a fixed physical machine address (MAC address) in a local-area network (LAN)
What is ARP?
Auditd is a tool on Linux that allows for auditing processes, network connections, and more. This auditd flag, contained in the /etc/audit/auditd.conf file, allows for logging of file writes
What is -w?
As opposed to executing code from disk, this technique is used by many attackers to bypass detection. Hallmarks of this technique include the following Windows API functions: VirtualAllocEx, WriteProcessMemory, CreateRemoteThread
What is process injection?
This regular activity regularly occurs on domain controllers in a domain in order to ensure the information on them matches. It is also often used by attackers as a first step to dump the NTDS.dit file on a domain controller
What is DCSync?
What is a Windows API function commonly used in malware to “wait” before it reaches its main function? (Hint: This can make dynamic analysis difficult)
What is Sleep()?
This iptables module, part of the netfilter packet filtering framework, is used to search, list, and inspect tracked connections.
What is conntrack?
This advanced firewall and routing software, native to FreeBSD and considered highly flexible and customizable, is known for its performance and advanced features, including stateful packet inspection.
What is PF?
This famous tool, made by Benjamin Delpy, is used by many attackers to steal credentials from memory and other places on Windows machines. It has since been the basis for most windows credential software.
What is Mimikatz?
In Windows Server 2008, this feature allows for network admins to set up automatic configuration of group policies. It was later discovered to have a vulnerability in which all passwords were encrypted with the same private key, which had previously been published by Microsoft online.
What is GPP (Group Policy Preference)?
This person created a program in 1988 that replicated itself from one computer to another and denied each host it was duplicated on service. The program was released via MIT’s network and brought the internet to near collapse for several days.
Who is Robert Morris? (What was the Morris Worm?)