Networking
Blue Teaming
Red Teaming
Windows & Active Ditectory
Malware & Reverse Engineering
100

This protocol, which acts at the application layer of the OSI model, is used to transfer web pages from servers to clients

What is HTTP?

100

Rather than an established shell, where a user connects to the server, this type of shell is when a server connects to a user.

What is a reverse shell?

100

 As opposed to white box testing, this form of testing is more common for pentests and ensures the attacker does not get access to the source code or network configuration.

What is black box testing?

100

This feature in Active Directory allows administrators to enforce security settings, deploy software, and distribute configurations to users and computers in a Windows domain

What is Group Policy?

100

This program is a free and open-source reverse engineering tool developed by the National Security Agency of the United States.

What is Ghidra?

200

What is a logical subdivision, a segmented piece, of an IP network?

What is a subnet?

200

This tool does log ingestion and allows for log analysis. Splunk is a famous example.

What is a SIEM?

200

According to MITRE, Lockheed Martin, and many others, say that this is the first step of any attack or engagegement.

What is Reconnaissance?

200

This protocol, originally created at MIT, was adopted by Microsoft in 2000 to perform secure authentication between users, machines, and resources

What is Kerberos?

200

This type of malware is used to remotely manage a computer or computers. Often used in targeted attacks and botnets.

What is a RAT?

300

This device connects multiple devices within a local area network (LAN) and forwards data packets to their intended destination based on the MAC address.

What is a network switch?

300

Made by Mark Russinovich, this suite includes tools for logging, remote login, process inspection, and more.

What is the sysinternals suite?

300

This technique has two variants. In lateral, it allows an attacker to gain access to other resources on a network. In vertical, it allows the attacker to gain access to a more privileged user.

What is privilege escalation?

300

WMI is a network protocol used alongside RPC and SMB. What does WMI stand for?

Windows management instrumentation

300

This type of analysis analyses software or hardware without running it. (Hint: Using tools like PeStudio… )

What is Static Analysis?

400

This procedure connects an IP address to a fixed physical machine address (MAC address) in a local-area network (LAN)

What is ARP?

400

Auditd is a tool on Linux that allows for auditing processes, network connections, and more. This auditd flag, contained in the /etc/audit/auditd.conf file, allows for logging of file writes

What is -w?

400

As opposed to executing code from disk, this technique is used by many attackers to bypass detection. Hallmarks of this technique include the following Windows API functions: VirtualAllocEx, WriteProcessMemory, CreateRemoteThread

What is process injection?

400

This regular activity regularly occurs on domain controllers in a domain in order to ensure the information on them matches. It is also often used by attackers as a first step to dump the NTDS.dit file on a domain controller

What is DCSync?

400

What is a Windows API function commonly used in malware to “wait” before it reaches its main function? (Hint: This can make dynamic analysis difficult)

What is Sleep()?

500

This iptables module, part of the netfilter packet filtering framework, is used to search, list, and inspect tracked connections.

What is conntrack?

500

This advanced firewall and routing software, native to FreeBSD and considered highly flexible and customizable, is known for its performance and advanced features, including stateful packet inspection.

What is PF?

500

This famous tool, made by Benjamin Delpy, is used by many attackers to steal credentials from memory and other places on Windows machines. It has since been the basis for most windows credential software.

What is Mimikatz?

500

In Windows Server 2008, this feature allows for network admins to set up automatic configuration of group policies. It was later discovered to have a vulnerability in which all passwords were encrypted with the same private key, which had previously been published by Microsoft online.

What is GPP (Group Policy Preference)?

500

This person created a program in 1988 that replicated itself from one computer to another and denied each host it was duplicated on service. The program was released via MIT’s network and brought the internet to near collapse for several days.

Who is Robert Morris? (What was the Morris Worm?)