Networking Foundations
The OSI model layer where the NIC resides.
What is the Physical Layer (Layer 1)
This pillar of the CIA Triad ensures that data is kept secret and private.
What is Confidentiality?
The Nmap switch -sV is used to perform this action on open ports.
What is Service Version Detection?
The tool used to capture and analyze live network traffic, packet by packet.
What is Wireshark?
Its primary function is to act as a gatekeeper, allowing or blocking traffic based on a set of rules.
What is a Firewall?
The protocol where my nic receives information such as my gateway.
What is DHCP?
A threat actor, often young and unskilled, who uses pre-made tools to cause chaos or gain notoriety.
Who is a Script Kiddie?
The root cause of an SQL Injection vulnerability.
What is unsanitized user input?
The open-source firewall and router software that can turn a computer into an enterprise-grade security appliance.
What is pfSense?
The key difference between an IDS and an IPS is that an IPS can do this.
What is block (or prevent) an attack?
This is the packet that is sent from the attacker when the command nmap -sS is ran.
What is a SYN packet?
The stage of the Cyber Kill Chain where an attacker sends a phishing email to their target.
What is the Delivery stage?
A type of payload that makes the victim machine connect back to a listener on the attacker's machine, often bypassing firewalls.
What is a Reverse Shell?
The industry-leading commercial vulnerability scanner developed by Tenable.
What is Nessus?
In the PICERL framework, this phase involves isolating a compromised system to stop an attack from spreading.
What is Containment?
The private CLASS range that starts with 172.16.0.0 and ends with 172.31.255.255.
What is Class B?
This framework from MITRE is a global knowledge base of adversary tactics, techniques, and procedures (TTPs).
What is the ATT&CK framework?
The scoring system from 0.0 to 10.0 used to rate the severity of a vulnerability.
What is CVSS (Common Vulnerability Scoring System)?
The open-source framework used to perform memory forensics on a RAM dump.
What is the Volatility Framework?
The meticulous, chronological log that documents the handling of evidence to prove its integrity.
What is the Chain of Custody?
The natural weakening of a Wi-Fi signal as it passes through solid objects like walls and concrete.
What is Attenuation?
The most common way an "unintentional insider threat" is created, where an employee is tricked into giving up their credentials.
What is a phishing attack?
The key feature of Metasploit's Meterpreter payload that makes it so stealthy.
What is running entirely in memory?
The open-source platform that combines SIEM, HIDS, and XDR capabilities into a single security monitoring solution.
What is Wazuh?
According to the Order of Volatility, this is the first place an investigator should collect evidence from on a live system.
What are the CPU Registers and Caches?