Show:
Security Principles
Misc.
Command Line
Networking
Malware
100
What is a fail-safe default?
A: An entity should be given explicit access to an object by default.
B: An entity should always be denied permission to objects
C: An entity should be denied access to the object unless it is specifically allowed
C
100
What network node is designed to block unauthorized access to the company’s local network?
Firewall
100
How can you send the output of a command or program to another command or program?
|
100
All of the following are valid encryption/security schemes for wireless networks except:
A:WEP
B:WPA
C:WPA-Enterprise
D:DES
D: DES
100
nmap can recognize and classify all the following except
A:Operating Systems
B:Machines infected with Stuxnet Worm
C:Wireless Clients
D:Open/Closed/Filtered Ports
E:Service Version
C:Wireless Clients
200
How does separation of privilege help to ensure that no single security breach can cause an entire security mechanism to fail?
A:By creating multiple user account for a system, we can properly audit all actions to make sure they are legitimate
B:By removing all administrator privileges from the system, we can ensure the most secure system possible
C:By creating multiple conditions for access, a single attack shouldn't be sufficient enough to compromise the system
C
200
What is the main purpose of a router?
To route traffic from point A to point B
200
What does the following command do? rm -rf /
recursively deletes all files from the root directory
200
What port is assigned to DNS?
53
200
Many malicious applications will call IsDebuggerPresent() Why?
This is just one way of determining if the process is being debugged. If it's being debugged, it probably means someone is trying to reverse engineer your virus. At that point the virus can do anything from killing its process to attempting to crash the system.
300
What is a characteristic of Psychological Acceptability?
A:simple user interface
B:It should ask for a password for every action to be most secure
C:requires a Microsoft Technician to install so that it would be really hard for a hacker to get in.
D:all of the above
A
300
What is the weakest link in any secured network?
Employees/People
300
How do you save changes and exit in vim from insert mode or emacs?
ESC, :wq Ctrl + X, Ctrl + S, Ctrl + X, Ctrl + C
300
What was the original purpose of port 0 on TCP before programmers could use raw sockets?
"Let the system choose a port for me"
300
Rootkits will hook the System Service Dispatch Table for various kernel routines such as
ZwCreateKey
ZwOpenProcess
NtLoadDriver
ZwQueryDirectoryFile

Why would they do this?
Does finding a hook on these calls automatically mean it's malicious?
The ZwQueryValueKey routine returns a value entry for a registry key.

A rootkit can hook this routine and give false readings of a registry value. Likewise, an antivirus can hook this routine to prevent malware from reading certain sensitive keys.
400
What is the difference between an encryption algorithm and a hashing algorithm?
The purpose of encryption is to transform data in order to keep it secret from others... Hashing serves the purpose of ensuring integrity...
400
What is Heartbleed? Explain the exploitation process.
A bug in OpenSSL that leaks memory to an attacker
400
What is X11
A windowing system for bitmap displays, common on UNIX-like computer operating systems.
400
How many channels are defined under 802.11 standard in the 2.4 GHz spectrum? How many are available the US?
14
400
The Intel x86 family of microchips use a concept called rings for access control. How many rings are there?

A rootkit or a virus is most dangerous when it gains access to ring #?
4,0
500
Match the following ciphers to their type:
A. Mono-alphabetic
B. Poly-alphabetic
C. Product

1. DES
2. Vigenère
3. Caesar
A-3
B-2
C-1
500
What are salted hashes?
Appending random data to a password before hashing it for extra security
500
What is the name of an Internet Browser that you can use on the command line?
lynx
500
Using a traditional one-for-all style rainbow table will not work for WPA and WPA2 because
“the 256 bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1”
500
Malware is often obfuscated using a packer. The code doesn't look malicious to the naked eye, but once you execute it, it will unpack/decrypt/decode the real malicious code. What is a modern day technique used by antivirus software to deal with this?

How might malware be able bypass these techniques?
Live sandboxing or Dynamic analysis.
dynamic analysis has a timeout limit and a resource limit for usability purposes.
for example:
Instead of

/* main entry */
int main( void )
{
decryptCodeSection(); // Decrypt the code
startShellCode(); // Call the Meterpreter shellcode in decrypted code
return 0;
}

Do

#define TOO_MUCH_MEM 100000000
int main()
{
char * memdmp = NULL;
memdmp = (char *) malloc(TOO_MUCH_MEM);
if(memdmp!=NULL)
{
memset(memdmp,00, TOO_MUCH_MEM);
free(memdmp);
decryptCodeSection();
startShellCode();
}
return 0;
}

Examples by Emeric Nasi