Always Listening
I'm Angry and I'm Scanning
Does Your Client Bite?
The Ol' Switcheroo
Is The Host In The Room With Us?
100

This command is able to query the DNS servers for resource records. Applicicable in both Windows and Linux. (Hint: can be ran in both interactive and non-interactive mode)

What is nslookup?

100

This information gathering tool actively scans a network to determine open ports and corresponding services, amongst other information, by analyzing raw IP packets sent to a target system

What is NMAP?

100

This targeted social engineering attack chooses a website that is frequently visited where, once compromised, the attacker waits for users to connect to infect the site's visitors with malware

What is a watering hole?

100

This attack attempts to overload a switch by sending the targeted switch network random source MAC addresses

What is MAC flooding?

100

McAfee, Symantec Endpoint Protection, and Kaspersky are examples of this type of software

What is anti-malware?

200

This reconaissaince technique involves establishing a numeric understanding of a target.

What is enumeration?

200

This is the GUI based alternative to NMAP

What is Angry IP Scanner?

200

This injection exploit occurs when an attacker sends malicious code through a web application

What is Cross-Site Scripting (XSS)?

200

This application layer protocol runs on UDP and is used to manage network devices that run on the IP Layer (FULL NAME, NOT JUST ACRONYM)

What is Simple Network Management Protocol (SNMP)?

200

This malicious program was first discovered in 1971, capable of self-replicating and displayed the message "I'M THE _______. CATCH ME IF YOU CAN!" (Part of the message redacted for obvious reasons. Bonus 50 pts if you can identify the malware type) 

What is the Creeper Program? // What is a worm?

300

This section of the Cyber-Kill Chain uses tools like beacons, or RATs, to establish persistence on a compromised network (MUST include the number of the phase and it's name)

What is Phase 6: Command and Control (C2)?

300

This security concept involves the set of points on the boundary of a system, system element, or an environment where an adversary can try to enter, cause an effect on, or extract data from

What are attack surfaces?

300

This cyber offensive tool provides attackers with client-side attack vectors, exploiting vulnerabilities within the browser that the user is utilizing on a host machine on the target network

What is BeEF (Browser Exploitation Framework)?

300

Not to be confused with the Men in Black, this virtual hierarchical structure is used by SNMP to internally facilitate network objects

What is Management Information Database (MIB)

300

This type of software is responsible for aggregating log and event data generated from an IDS, IPS, or other security application/system, and brings it into a centralized location

What is Security Information and Event Management (SIEM)?

400

This Dig option will display only the desired info if placed behind a request

What is +short?

400

This reconnaissance method is used by attackers and security teams to obtain information about network computer systems and services running on ports, including software names and versions/OS. (NMAP is an example of this)

What is banner grabbing?

400

This attack is represented by the following scenario: John is browsing his computer when he tries to visit his bank's website. Little does he know, the site is compromised. It appears legitimate to him, so he does not notice. It prompts him to login and enter his credentials, but refuses to actually give him access. At this point the attacker now has his login credentials.

What is content spoofing/HTML injection?

400

This utility within Dsniff is capable of conducting a MAC flooding attack

What is Macof?

400

This IDS evasion technique occurs when an attacker edits an exploit's known signatures to remain undetected while still maintaining the function of the original exploit

What is pattern change?

500

(WRITE OUT ON WHITEBOARD) This command, if typed into a terminal, will query Google for all possible DNS records.

What is "nslookup -query=any www.google.com"

500

This reconnaissance process sends normal (or malformed) packets and monitors it's response in order to group information that can be used to identify network characteristics. 

What is active fingerprinting?

500

This attack occurs when the database is vulnerable but configured to suppress error messages: statements are generated in an effort to prompt a response

What is Blind SQL Injection?

500

This active reconnaissance technique allows an attacker to obtain a better understanding of what protocols a firewall will allow

What is Firewalking?

500

This evasion technique manipulates a server's ability to store packets and/or reassemble the frames in order to bypass the IDS or impact system resources

What is fragmentation?