Malware
A type of malware that can run without user intervention and replicate over network resources.
What is a Worm?
What is heartbleed?
A decentralized international hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology
Who is Anonymous?
This is a common tool for network scanning and mapping.
What is NMAP?
They develop cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public.
What is NIST? (National Institute of Standards and Technology)
A type of software application or script that performs automated tasks on command.
What is a Bot?
This vulnerability was discovered in 2021 and exploits a subprocess in versions of Apache that allow code execution, leading to stolen information, downloading malicious content, or complete device takeover. (Hint: Minecraft)
What is Log4J (Log4Shell)?
This company was recently hacked by an attack that claims they first gained access to company systems by targeting an individual employee and repeatedly sending them multifactor authentication login notifications. After more than an hour, the attacker claims, they contacted the same target on WhatsApp pretending to be an IT person for this company and saying that the MFA notifications would stop once the target approved the login.
What is Uber?
This tool is a webapp testers dream. It can capture requests via proxy and allow a tester to modify them through a variety of features.
What is burpsuite?
A framework created by The Center for Internet Security that has 18 controls.
What is CIS CSC? (CIS Critical Security Controls)
A class of malware that modifies system files, often at the kernel level, to conceal its presence.
What are Rootkits?
This vulnerability was created by the NSA and leaked by the Shadow Broker hacking group in 2017. It exploits the Server Message Block (SMB) in vulnerable Microsoft Windows Server versions.
A data breach as this retail store in 2013, that resulted in 40 million credit and debit records being stolen.
What is Target?
This is a pretty popular password cracking tool (with a very uncomfy name XD)
What is John the Ripper
An international standard on how to manage information security that was originally published in 2005. It's the only auditable standard that deals with the overall management of information security.
What is ISO 27001?
A malicious program or script that is set to run under particular circumstances or in response to a defined event.
What is a Logic Bomb?
This attack was a direct result of another vulnerability in this category. It was a type of ransomware that targeted Windows systems. The attackers would demand a ransom be paid in bitcoin.
What is WannaCry?
A hack at this company was a data breach that included names, home addresses, phone numbers, dates of birth, social security numbers, and driver's license numbers. The credit card numbers of approximately 209,000 consumers were also breached.
What is Equifax?
This paid pen-testing tool allows an attacker to deploy a beacon to a victim machine that allows the attacker to execute command injection, key logging, file transfer, priv-esc, and more.
What is cobalt strike?
A model first published in 2017 by the Australian Cyber Security Centre that is designed to protect Microsoft Windows-based internet-connected networks.
What is the Essential Eight Maturity Model?
Viruses that can dynamically change or obfuscate their code to evade detection
What is Polymorphic?
This vulnerability was discovered in 2021 and affects Microsoft Exchange servers. Successful exploitation allows arbitrary code execution which could lead to compromised mailboxes, passwords, and possible lateral network movement.
What is ProxyShell (ProxyLogOn)?
Employee and company proprietary information was recently leaked at this tech company by a ransomware operation known as "Lapsus$"
What is Nvidia?
This tool/service is used for threat hunting, endpoint protection, and other defense management systems/services.
What is CrowdStrike?
A cybersecurity control framework for cloud computing. It is composed of 197 control objectives covering all key aspects of cloud technology. It can be used as a tool for the systematic assessment of a cloud implementation, and provides guidance on which security controls should be implemented by which actor within the cloud supply chain.
What is CSA CCM? (Cloud Security Alliance Cloud Controls Matrix)