Hardware & Virtual
"This type of memory is volatile and loses data when power is lost"
What is RAM
This phase of exploitation involves gathering information about a target system
What is reconnaissance (or information gathering)?
"This is the first stage of incident response where you determine if an incident has occurred"
"What is identification (or detection)?"
"This command displays the contents of a file in Linux"
"What is cat?"
"This Windows CLI command displays directory contents",
"What is dir?"
This hardware component is responsible for executing instructions and performing calculations"
What is the CPU (Central Processing Unit)?
This type of attack overwrites memory to inject malicious code
What is a buffer overflow?
"This volatile artifact contains running processes and network connections"
"What is RAM (or memory)?"
"This permission bit allows a file to be executed"
"What is the execute permission (or x)?"
This Windows file contains password hashes for local accounts",
"What is SAM (Security Account Manager)?"
This virtualization technology is lighter-weight than VMs and shares the host OS kernel
What are containers (or Docker)?
This tool framework is commonly used for developing and executing exploit code
What is Metasploit?
"This type of forensics investigation focuses on determining what happened after a security breach"
"What is incident response (or post-mortem investigation)?"
"This Linux command changes file permissions using numeric or symbolic notation"
"What is chmod?"
"This Windows command displays network configuration information"
"What is ipconfig?"
This type of hypervisor runs directly on hardware without a host OS
What is a Type 1 (or bare-metal) hypervisor?
This mitigation technique randomizes memory addresses to prevent exploitation
What is ASLR (Address Space Layout Randomization)?
"This forensic artifact in Windows tracks recently accessed files and applications
"What is prefetch (or prefetch files)?"
"This file contains the user account information in Linux"
"What is /etc/passwd?"
"This Windows permission allows users to modify file contents but not delete them"
"What is Modify (or Write) permission?"
This advantage of virtualization allows multiple OS instances to run on a single physical machine
What is resource consolidation (or server consolidation)?
This post-exploitation technique involves escalating from a normal user to administrator
What is privilege escalation?
"This post-exploitation goal involves moving from one compromised system to another in the network"
"What is lateral movement?"
"This command shows active network connections and listening ports in Linux"
"What is netstat (or ss)?"
"This Windows networking feature allows name resolution without DNS"
"What is NetBIOS (or WINS)?"