504.4

Question 1

Metasploit Framework

Answer 1

A flexible collection of tools to attack, exploit, and harvest data from targets

Question 2

Exploit

Answer 2

Takes advantage of a flaw in a target program

Question 3

Payload

Answer 3

Makes the target do something the attacker wants

Question 4

Auxiliary Modules

Answer 4

Performs all kinds of tasks, including port scans, vulnerability scans, DOS tools and fuzzers to find flaws

Question 5

Bind Shell to Arbitrary Port

Answer 5

This opens a command shell listener on any tcp port of the attackers choosing

Question 6

Reverse Shell

Answer 6

This payload shovels a shell back to the attacker on a TCP port. The attacker will likely have
a Netcat listener waiting to receive the shell.

Question 7

Windows VNC Server DLL Inject

Answer 7

This payload allows the attacker to remotely control the GUI of the victim machine, using the Virtual Network Computing (VNC) tool, sent as a payload. VNC runs inside the victim process so it doesn’t need to be installed on the victim machine. Instead, it is inserted as a DLL inside the vulnerable process.

Question 8

Create local admin user

Answer 8

This payload creates a new user in the administrators group with a name and password specified by the attacker.

Question 9

Drive By Attacks

Answer 9

AKA Client side attacks, target normal web browsing activity allowing an attacker to gain access to a client device

Question 10

Watering Hole Attack

Answer 10

Same technique as Drive By Attacks except it involves a targeting element against a specific vertical industry or other organization such as the Gov, political party, etc

Question 11

Code-Executing Microsoft Office Files

Answer 11

Execute code in a microsoft-office file. Requires macro support file type

Question 12

MsfVenom

Answer 12

A tool that is included in the Metasploit Framework that takes any Metasploit payload and
converts it to a standalone file

Question 13

System Resource Usage Monitor (SRUM)

Answer 13

Built-in windows service, maintains a 30 day historical record of system activity including programs executed, wifi networks joined, network use statistics by executable, system energy usage and more.

Question 14

SRUM-Dumo

Answer 14

Utility that extracts the data from the SRUDB.dat file and HKLM\SOFTWARE registry key, writing the data to an accessible spreadsheet. Can operate on a live workstation or read from an offline archive.

Question 15

Command Stacking

Answer 15

The use of command separators to run multiple commands in one line

Question 16

Command Injection

Answer 16

A web application exploitation technique to run arbitrary commands on the web server. The attacker identifies an application that accepts input and the input is used to form a command line that is executed on the server.

Question 17

Reflected XSS

Answer 17

Targeted attack where the attacker crafts a link with malicious code to send to the victim. Victim clicks on the link and goes to the vulnerable site which will render content delivered from a crafted URL sent by the attacker.

Question 18

Stored XSS

Answer 18

Malicious content from the attacker is stored and delivered from the server. Any user who visits the server webpage storing the malicious content will render it. More opportunistic because anyone who visits the webpage renders the malicious code.

Question 19

Cross Site Scripting

Answer 19

An attack against users as opposed to servers. Exploits a vulnerability in the server input or output validation. Allows an attacker to send custom commands on behalf of the server to the victim

Question 20

Server Content Security Policy (CSP)

Answer 20

Server declares which dynamic resources are permitted to load in the browser e.g JavaScript, CSS, images etc.

Question 21

Structured Query Language (SQL) Injection

Answer 21

Web attack technique that exploits input validation flaws on applications that accept user input to interact with databases. The attacker supplies a crafted string that is accepted by the web server and applied as part of a SQL statement used to interact with a backend database.

Question 22

SQL Verb

Answer 22

The part of the SQL statement that identifies what action is taken, such as SELECT to query a database, UPDATE to change one or more database entries, and DELETE to remove one of more database rows.

Question 23

SQL Source

Answer 23

The part of the SQL statement indicates one or more table names that the verb is applied to.

Question 24

SQL Refinement

Answer 24

The part of the SQL statement used to limit the scope of the action beyond the table name by identifying specific columns or values that should be used. Not always present.

Question 25

sqlmap.py

Answer 25

Automate testing for sql injection vulnerabilities via database enumeration tasks

Question 26

Server Side Request Forgery

Answer 26

Web servers can take user input and create web requests on behalf of the client. An attacker can manipulate the input to get the server to make arbitrary HTTP requests and compromise the server.

Question 27

Internet Metadata Service (IMDS)

Answer 27

A system used by popular cloud providers to provide dynamic metadata about a cloud instance. Can be leveraged to obtain sensitive information.