Current Events
Reveal Sec
AppSec
Misc
100

The combination of sensitive information about a user such as email, address, phone number, SSN

What is Personally Identifiable Information (PII)?

100

The team responsible for architecture reviews, code reviews, and internal pen testing 

What is Application Security?

100

A way to manipulate the database queries to return unintended data or actions to an unauthorized user.

ex: ' OR 1=1; --

What is SQL injection?

100

TV show about a socially anxious, clinically depressed, drug addict cyber security engineer by day and a hacker by night

What is Mr. Robot?

200

Major company with 8 known zero-day exploits this year so far

What is Google?

200

The team that releases bi weekly cyber security news letters to all Reveal employees

What is the TVM (Threat Vulnerability Management) team?

200

An organization that releases a list of the top 10 most critical security risks to web applications

What is OWASP?

200

A fruity physical device that uses a rogue access point to perform man in the middle attacks on public wifi networks

What is a Wifi Pineapple?

300

The day Microsoft, Oracle, Adobe, and other major brands release security updates for their software

What is Patch Tuesday?

300

The name of the Jira project where general security inquiries go

What is Infosec Revealed (IR)?

300

An exercise in which security-minded engineers diagram potential attacks on a system's architecture in order to preemptively add safeguards and countermeasures

What is Threat Modeling?

300

A usb-style device that presents itself as a trusted keyboard to a computer, but executes malicious keystrokes and scripts on a victim's device

What is a Rubber Ducky?

400

Major product brand that has recently suffered attacks because sending an email with a forged address is easier than previously thought through forward-based spoofing

What is Microsoft Outlook?

400

The target timeframe for mitigating a Medium security vulnerability

What is 90 days?

400

A method of attack where a bad actor sends malicious code to a user that is executed in the browser. Most commonly client-side javascript. 

ex: <script>src="http://badwebsite.com/badscript.exe</script>

What is cross-site scripting (XSS)?

400

A three-letter acronym denoting a competitive event where participants flex their security muscles by finding strings that are hidden in purposefully vulnerable websites. 

ex string: "^FLAG^b7a587c18411d13b7b9c07463f750cbad148a7795e476963fcb0373e81fd168b$FLAG$"

What is CTF (Capture the Flag)?

500

Zero day exploit found in April of this year that allows remote code execution to bypass sandbox authentication to access files outside their designated limits

What is CrushFTP?

500

The three toolsets that Github Advanced Security uses for code scanning

What are Dependabot, Secret Scanner, and CodeQL

500

A header that is used to protect against iframe attacks

What is X-Frame-Options?
500

Erin's favorite show, a groundbreaking cybersecurity drama series that follows the ethical hacking adventures of Mark Shepherd and friends as they take on cyber threats in far-flung parts of the globe. 8.2/10 on IMDB

What is The Inside Man?