Intro to Offensive Security
A security team wants to identify vulnerabilities in their company's network before attackers can exploit them. They use a powerful scanning tool to detect misconfigurations and weaknesses across their systems.
What is Nessus?
A client sends these types of packets to a server, asking for a particular resource or action, such as accessing a webpage or submitting data.
What are request packets?
An attacker sets up this type of shell, where the exploited system establishes a connection back to the attacker, making it detectable by intrusion detection systems if not properly encrypted.
What is a reverse shell?
An attacker uses these payloads to break up malicious code into smaller chunks, making it harder to detect and evade security measures.
What are staged payloads?
A company requires its employees to use this security method to verify their identity, ensuring that they provide at least two factors, such as a password, a smartphone app, and a fingerprint scan.
What is Multi-Factor Authentication (MFA)?
An attacker gathers information about a target using publicly available resources like social media or website metadata, avoiding any direct interaction with the target system.
What is passive reconnaissance?
A client sends this HTTP method to modify an existing resource or create a new one on the server, depending on whether the resource is already present.
What is the PUT method?
An attacker uses this versatile networking utility to create a simple client-server connection, often for tasks like initiating shells or transferring files.
What is nc (Netcat)?
A security analyst uses a component within the Metasploit Framework to scan the network, gather information, and assess vulnerabilities in a target system to identify potential weaknesses.
What are Metasploit Auxiliary Modules?
A system administrator needs to access local user account details, including usernames, password hashes, and security settings, which are stored in this component on a Windows machine.
What is the SAM database?
A security analyst needs to map out active hosts and open ports on a company's network. They use this free and open-source tool for network discovery and security auditing.
What is Nmap?
A web server responds with this status code when it needs the client to take additional action, such as following a redirect to a different URL.
What is the 3XX status code?
An attacker uses this principle to manipulate targets by influencing them to follow actions or behaviors they observe others doing, increasing the likelihood of success.
What is social proof?
After gaining initial access to a target system, an attacker uses this component within the Metasploit Framework to perform further activities like data collection and privilege escalation.
What are Metasploit Post Modules?
An attacker exploits weak credentials to escalate privileges on a Windows system by using this command-line tool, which allows for remote execution of commands.
What is PSExec?
An organization is analyzing a cyberattack and identifies this seven stage attack model, which includes: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control (C2), and Actions on Objectives.
What is the Cyber Kill Chain?
An attacker exploits a vulnerability in a web application by inserting malicious code into input fields, allowing unauthorized access to the contents of a database.
What is SQL injection?
An attacker sends highly personalized deceptive emails to a specific individual or group, using gathered personal information to increase the likelihood of success.
What is spear phishing?
After an attacker gathers information about a target system during the reconnaissance phase, they prepare a malicious payload specifically tailored to exploit a vulnerability discovered in the system. This is the second step in the process.
What is weaponization?
An attacker gains access to a password hash from a compromised system and uses it to authenticate as a legitimate user without ever knowing the actual password.
What is passing the hash?
A cybersecurity team is hired to test a web application for vulnerabilities, using a controlled and defined approach to identify and exploit weaknesses within a set timeframe.
What is penetration testing?
This vulnerability occurs when a web application improperly includes files based on user-supplied input, often through parameters in the URL or form inputs.
What is a file inclusion vulnerability?
An attacker uses this tactic to gain unauthorized access by relying on the courtesy of others to hold doors open or not question someone following closely behind.
What is tailgating?
A security researcher uses this Metasploit Framework component to create malicious payloads like shellcode or trojans for penetration testing or exploitation activities.
What is msfvenom?
An attacker gains access to one system within a network and then uses that access to infiltrate additional systems, searching for sensitive data or higher privileges.
What is lateral movement?