1
Q
The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.
A
Data Exfiltration
2
Q
A Windows-based remote access service that doesn’t require setup on the host being accessed remotely. Also this is a lightweight program that is part of the Sysinternals suite that provides interactivity for CLI programs.This tool uses Server Message Block (SMB) to issue commands to a remote system without having to manually install client software.
While this tool is a convenient option for network administrators, this tool can be used along with Mimikatz to allow a malicious actor to move laterally within a system and issue commands
A
PsExec
Pentesting
flashcards
Decks in class (56)
# Cards
-
1A: Define Organizational Pentesting14
-
1B: Acknowledge Compliance Requirements13
-
1C: Compare Standards and Methodologies9
-
2A: Assess Environmental Considerations4
-
2B: Outline the Rules of Engagement8
-
2C: Prepare Legal Documents7
-
3A: Discover the Target2
-
3C: Compile Website Information2
-
3D: Discover Open-Source Intelligence Tools1
-
4A: Exploit the Human Psyche14
-
4B: Summarize Physical Attacks8
-
5A: Plan the Vulnerability Scan7
-
5B: Detect Defenses3
-
5C: Utilize Scanning Tools2
-
6A: Scan Identified Targets3
-
6B: Evaluate Network Traffic4
-
6C: Uncover Wireless Assets4
-
7A: Discover Nmap and NSE6
-
7B: Enumerate Network Hosts2
-
7C: Analyze Output from Scans4
-
8A: Avoid Detection9
-
8B: Use Steganography to Hide and Conceal5
-
8C: Establish a Covert Chanel2
-
9B: Attack LAN Protocols5
-
9C: Compare Exploit Tools3
-
9D: Discover Cloud Vulnerabilities2
-
9E: Cloud-Based Attacks7
-
10A: Discover Wireless Attacks10
-
10B: Explore Wireless Tools10
-
11A: Recognize Mobile Device Vulnerabilities9
-
11B: Launch Attacks on Mobile Devices3
-
11C: Outline Assessment Tools for Mobile Devices2
-
12A: Identify Attacks on the IoT3
-
12B: Recognize Other Vulnerable Systems4
-
12C: Explain Virtual Machine Vulnerabilities6
-
13A: Recognize Web Vulnerabilities1
-
13B: Launch Session Attacks9
-
13C: Plan Injection Attacks14
-
13D: Identify Tools13
-
14A: System Hacking5
-
14B: Use Remote Access Tools5
-
14C: Analyze Exploit Code12
-
15A: Analyzing Scripts and Code Samples10
-
15B: Create Logic Constructs7
-
15C: Automate Penetration Testing2
-
16A: Test Credentials14
-
16B: Move Throughout the System2
-
16C: Maintain Persistence7
-
17A: Define the Communication Path3
-
17B: Communication Triggers6
-
18A: Identify Report Audience4
-
18B: List Report Contents10
-
19A: Employ Technical Controls10
-
19B: Administrative and Operational Controls6
-
20A: Post Engagement Cleanup1
-
20B: Follow Up Actions3
