CHP 13

Question 1

WMI

Answer 1

Windows Management Instrumentation (WMI)

Question 2

VBA

Answer 2

Visual Basic for Applications (VBA)

Question 3

DLL

Answer 3

A Dynamic Link Library (DLL) is a file used in Windows operating systems that contains code and data that can be used by multiple programs simultaneously.

Question 4

Third Party Cookies

Answer 4

third-party cookies can be used to record web activity, track the user’s IP address, and harvest various other metadata, such as search queries and information about the browser software and configuration.

Question 5

Super Cookie

Answer 5

A supercookie is a type of tracking mechanism used by websites and advertisers to collect information about your online activities. Unlike regular cookies, which are stored in your web browser and can be easily deleted or blocked, supercookies use less obvious methods to track you, making them harder to detect and remove.

Question 6

A Beacon

Answer 6

A beacon, often referred to as a web beacon or tracking pixel, is a small, invisible image embedded into a website or an email. It’s typically just 1x1 pixel in size, making it virtually undetectable to users. Despite its tiny size, it plays a significant role in tracking and collecting data about user interactions.

Question 7

Spyware technique

Answer 7

another spyware technique is to perform DNS redirection to pharming sites.

Question 8

UAC

Answer 8

User Account Control (UAC) is a security feature in Windows that helps prevent unauthorized changes to the operating system.

Question 9

Concurrent Session Usage

Answer 9

A potential indicator of malicious activity where an account has started multiple sessions on one or more hosts.

Question 10

SYN Flood Attack

Answer 10

A DoS attack where the attacker sends numerous SYN requests to a target server, hoping to consume enough resources to prevent the transfer of legitimate traffic.
Think “Too many handshakes for the computer to handle”

Question 11

Asymmetric Threat

Answer 11

An asymmetric threat is a type of security challenge where a threat actor (like a hacker or a terrorist) can cause significant damage or disruption despite having fewer resources, less technology, or weaker capabilities compared to their target (like a government or a large organization).

Question 11

Amplification Attack

Answer 11

An amplification attack is a type of cyberattack where an attacker exploits certain protocols or services to amplify the amount of traffic they send to a target, causing a denial of service (DoS) or distributed denial of service (DDoS) attack.

Question 12

CLDAP

Answer 12

Connectionless Lightweight Directory Access Protocol (CLDAP) is a protocol used to query and manage directory services (like user databases) without establishing a dedicated connection. Here’s a simple breakdown:

Purpose: Allows quick lookups of information (like user names, emails) from a directory service

Question 12

NTP

Answer 12

Network Time Protocol (NTP) is a protocol used to synchronize the clocks of computers over a network.

Question 13

AitM

Answer 13

An Adversary-in-the-Middle (AitM) attack, also known as a Man-in-the-Middle (MitM) attack, is a type of cyberattack where the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other.

Question 13

ARP Attack

Answer 13

An Address Resolution Protocol (ARP) attack, also known as ARP spoofing or ARP poisoning, is a type of cyberattack where an attacker sends false ARP (Address Resolution Protocol) messages over a local network. This misleads the network devices to associate the attacker’s MAC (Media Access Control) address with the IP address of another device, typically the default gateway. As a result, the attacker can intercept, modify, or stop data being sent across the network.

Question 14

DNS Poisoning

Answer 14

DNS poisoning, also known as DNS spoofing, is a type of cyberattack where an attacker corrupts the Domain Name System (DNS) cache with false information. This causes DNS servers to return incorrect IP addresses, redirecting users to malicious websites without their knowledge. The goal of DNS poisoning is often to steal sensitive information, distribute malware, or disrupt services.

Question 15

Disassociation Attack

Answer 15

A disassociation attack is a type of denial-of-service attack that targets wireless networks. The attacker sends forged disassociation frames to disconnect devices from the network, disrupting their communication and causing service interruptions.

Question 16

Online Password Attack

Answer 16

An online password attack occurs when an attacker attempts to gain access to a system by interacting directly with the login interface in real-time. This type of attack involves trying different passwords or password combinations directly against a live system.

Question 17

Offline Password Attack

Answer 17

An offline password attack occurs when an attacker has gained access to a database or file containing encrypted or hashed passwords and attempts to crack them without interacting with the live system.

An offline attack means that the attacker has managed to obtain a database of password hashes, such as %SystemRoot%\System32\config\SAM , %SystemRoot%\NTDS\NTDS.DIT or /etc/shadow

Question 18

Arbitrary Code Execution

Answer 18

Arbitrary code execution is a serious security vulnerability that allows an attacker to run any code or commands on a target system.

Question 19

Vertical privilege escalation

Answer 19

When an attacker can perform functions that are normally assigned to users in higher roles, and often explicitly denied to the attacker.

Question 20

Horizontal privilege escalation

Answer 20

When a user accesses or modifies specific resources that they are not entitled to.

Question 21

CSRF

Answer 21

Cross-Site Request Forgery (CSRF) is a type of web security vulnerability where an attacker tricks a user into performing actions on a web application in which they are authenticated. This is done without the user’s knowledge or consent, leading to unintended actions like changing account details, making unauthorized transactions, or changing passwords

Question 22

SSRF

Answer 22

Server-Side Request Forgery (SSRF) is a type of security vulnerability where an attacker tricks a server into making unauthorized requests to external or internal resources on behalf of the attacker. This can lead to unauthorized access to internal systems, data leakage, and other security issues.

SSRF attacks are often targeted against cloud infrastructure

Question 23

Server-side attack

Answer 23

A server-side attack causes the server to do some processing or run a script or query in a way that is not authorized by the application design. Most server-side attacks depend on some kind of injection attack.

Question 24

XXE Attack

Answer 24

An XML External Entity (XXE) attack is a type of vulnerability that arises when an XML input containing a reference to an external entity is processed by a weakly configured XML parser.
<?xml version=”1.0” encoding=”UTF-8”?>

<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY bar SYSTEM “file:///etc/config”> ]>

<bar>&bar;</bar>