Attacks and Exploits

Question 1

• Scan Active Directory for user accounts with service principal names (SPNs) set.
• Request service tickets using the SPNs.
• Extract the service tickets from memory and save to a file.
• Conduct an offline brute-force attack against the passwords in the service tickets.

Answer 1

Kerberoasting

Question 2

• Implemented in motherboards made by some manufacturers for diagnostic and testing purposes
• With the right equipment, a penetration tester can connect to this port and capture data directly from the running motherboard.

Answer 2

JTAG Port

Question 3

Occurs when an attacker manipulates an egress sensor to unlock a door.

Answer 3

Egress sensor bypass

Question 4

An exploit that causes the return address of a subroutine to be replaced by the address of a subroutine that is already present in a processes’ memory

Answer 4

Ret2libc

Question 5

A client-side security misconfiguration that allows a script running within a browser to write data to a client-side cookie.

Answer 5

Cookie manipulation

Question 6

Assigning an executable on Linux this permission allows it to run with the permissions of the file’s owner.

Answer 6

SUID

Question 7

Assigning an executable on Linux this permission allows it to run with the permissions of the group owning the asset

Answer 7

SGID

Question 8

• A process that runs on a Windows system to enforce the security policy on the system
• Verifies users that log on to the system, manages user password changes, creates access tokens, and makes entries to the Security log.

Answer 8

Local Security Authority Subsystem Service (LSASS)

Question 9

Used to remotely manage Macintosh systems over a network connection using a graphical user interface

Answer 9

Apple Remote Desktop (ARD)

Question 10

Used to apply rotational pressure to the lock (in the unlock direction)

Answer 10

Tension Wrench

Question 11

Used to apply rotational pressure to the lock (in the unlock direction)

Answer 11

Tension Wrench

Question 12

• Attempts to enumerate user accounts through null sessions
• If a tester specifies a password file, it will automatically attempt to brute force the user accounts when it’s finished enumerating

Answer 12

RID cycling attack

Question 13

• Protocol loosely based on the DNS packet format

- Allows IPv4 and IPv6 hosts to perform name resolution for other hosts on the same local network without a DNS server

Answer 13

Link-Local Multicast Name Resolution (LLMNR)

Question 14

• Wireless exploit, an unauthorized Bluetooth connection is established with a wireless device
• Connection is then used to steal information from that device.

Answer 14

Bluesnarfing

Question 15

• When an attacker sends unsolicited messages over Bluetooth devices
• Allows an individual to send anonymous messages to Bluetooth-enabled devices within a certain radius

Answer 15

Bluejacking

Question 16

Occurs when an intruder tags along with an authorized person through a physical barrier, such as a locking door or a turnstile

Answer 16

Tailgating

Question 17

• An extension to X.509 that allows various values to be associated with a security certificate using a ________ field.
• These values include email addresses, IP addresses, URLs, DNS names, and directory names.

Answer 17

Subject Alternative Name (SAN)

Question 18

• Invokes services/actions on a remote computer
• PsExec – Utility for Windows OS that allows for the execution of processes on remote systems
• WMI (Window Management Instrumentation) – A part of PowerShell used for monitoring Remote Window devices
• Scheduled tasks – When a job run a remote connect

Answer 18

Remote Procedure Call (RPC)/Distributed Component Object Model (DCOM)

Question 19

• Attacks rely on following employees in through secured doors or other entrances.

Answer 19

Piggybacking