Show:
Networking
Cyber-attacks
Linux
Concepts & Tools
Random or Riddle
100

This device connects multiple devices on the same network and forwards data based on MAC addresses.

What is a switch?

100

This common type of attack tricks users into giving up personal information through fake emails or websites.

What is phishing?

100

This command displays your current working directory - useful for confirming where you are in the file system.

What is pwd?

100

This framework maps attacker tactics and techniques across the intrusion lifecycle

What is MITRE ATT&CK?

100

9+10?

What is 21?

200

This layer of the OSI model is responsible for logical addressing and routing packets across networks.

What is the Network Layer (Layer 3)?

200

This attack floods a system or network with traffic, making it unavailable to legitimate users.

What is a Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attack?

200

Attackers often use this command to list all files, including hidden ones (those beginning with a dot), in a directory.

What is ls -a?

200

This security model limits user access to only what’s necessary for their job.

What is the Principle of Least Privilege?

200

Feed me any message and I return a fixed-size fingerprint. I’m easy to compute, hard to reverse, and perfect for checking integrity.

What is a cryptographic hash?

Hashing is a one-way function that converts data into a fixed-length string, while salting is the process of adding a unique, random string (the "salt") to the data before hashing it.

300

This protocol is used to automatically assign IP addresses to devices on a network.

What is DHCP (Dynamic Host Configuration Protocol)?

300

In this type of attack, a hacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other.

What is a Man-in-the-Middle (MitM) attack?

300

This command temporarily grants administrative privileges to execute a single command, often targeted for privilege escalation.

What is sudo?

300

This open-source SIEM platform collects, searches, and visualizes log data for threat detection and analysis.

What is ELK Stack (Elasticsearch, Logstash, Kibana)?

300

If you type rm -rf / on a Linux system as root, what happens next?

What is you delete your entire system (and cry)?

rm = remove (deletes files) , -r = recursive (delete everything inside subdirectories), -f = force (don’t ask for confirmation), / = the root directory — basically the entire file system

400

When analyzing network traffic, this TCP flag combination indicates that a connection is being terminated between two hosts.

What is FIN + ACK?

The TCP flags FIN and ACK are used to gracefully terminate a connection, while the RST flag is used for abrupt termination. A typical, graceful connection close involves a four-way handshake where both sides send a FIN flag to signal they are done sending data, and an ACK flag is sent in response to acknowledge this.  

400

In this attack, an attacker corrupts a DNS cache or response so users are redirected to a malicious website instead of the legitimate one.

What is DNS Spoofing or DNS Cache Poisoning?

400

This command shows all active network connections and listening ports, commonly used to detect backdoors or malware communications.

What is netstat -tulnp (or ss -tulnp)?

Netstat is a general command, while netstat -tulnp is a specific combination of flags that shows only tcp, udp, and listening ports, with their corresponding process information (p) and numerical addresses (n). Netstat provides all network connections, while netstat -tulnp filters the output to show only the ports a system is actively listening on.  

400

This tool analyzes volatile memory dumps to extract running processes, network connections, and injected code.

What is Volatility?

WinPmem cannot analyze the memory dump itself; its function is to capture a volatile memory dump, not to analyze it. The dump created by WinPmem must then be analyzed using a separate tool like Volatility, which can extract information such as running processes, network connections, and injected code from the captured memory image.  

400


What is "It's Clobberin time! ~ " ?

500

In a network with the IP address 192.168.10.0/26, how many usable host addresses are available per subnet?

What is 62?

500

This advanced attack technique abuses legitimate administrative tools like PowerShell or WMI to perform malicious actions while blending in with normal activity.

What is a Living-off-the-Land Attack?

In a LotL attack, adversaries use tools and features that are already installed on a target system (such as PowerShell, Windows Management Instrumentation, PsExec, or CertUtil) to carry out their objectives, rather than introducing custom, malicious software that might trigger security alerts.

500

This file, if misconfigured, can allow attackers to escalate privileges by running commands as root without a password.

What is /etc/sudoers?

If misconfigured with the NOPASSWD option, can allow attackers to escalate privileges by running commands as root without a password. A common misconfiguration is an entry like:
username ALL=(ALL) NOPASSWD: ALL

500

This tool allows secure storage, rotation, and access control of secrets and encryption keys used by applications and infrastructure.

What is HashiCorp Vault?

Cloud Key Management - Manages encryption keys for AWS services and customer data. Cloud-based alternative often confused with Vault.  

Password Managers securely store user passwords — not infrastructure secrets, but often confused due to the word “vault.”

500

What color is the sky usually?

Blue