Misc

Question 1

CIAAN: C?

Answer 1

Confidentiality, only authorized users

Question 2

CIAAN: I?

Answer 2

Integrity, the message is not manipulated, unchanged, no MITM

Question 3

CIAAN: AA?

Answer 3

Availability: If the message is not available, it can’t be read.

EX. servers need to be up.

Authenticity: A genuine message.

Question 4

CIAAN: N?

Answer 4

Non-repudiation: The sent message can’t be denied at a later stage.

Question 5

Hacker role: Red Team?

Answer 5

Attackers

Question 6

Hacker role: Blue Team?

Answer 6

Defenders

Question 7

Hacker role: Purple team?

Answer 7

A mix of attackers and defenders

Question 8

Name 2 attack types?

Answer 8

Targeted attack / planned attack

Opportunistic attack

Question 9

What is a supply chain attack?

Answer 9

Attack on a customer to a customer to reach the final goal.

Domino effect hack

Question 10

Hacker value?

Answer 10

Political power, money, information

Question 11

Digital warfare?

Answer 11

Espionage, vote manipulation, behaviour modification of people online, spreading misinformation, attack infrastructure

Question 12

Defense in depth?

Answer 12

Holistic security. Secure the least secure first then moving to the next least secure and so on.

Question 13

Zero trust?

Answer 13

Minimize security holes though thinking that everything is unsecure. EX. Do not give access levels to those who do not explicitly needed.

Question 14

Triangle of security?

Answer 14

Security, Function and user experience. The sweet spot is very situational.

Question 15

Ethics and moral?

Answer 15

Thou shall only do:
What is legal.
What you have permission to do.
With a good cause.
Without destroying anything.

Question 16

Responsible disclosure?

Answer 16

In case of a found vulnerability, please disclose responsibly! Make public no less than 90 days later. In the meantime, inform the affected party.

Question 17

Risks and the weakest link?

List three things.

Answer 17

Many risks and vulnerabilities shouldn’t exist and is easily avoidable.

Humans are always the weakest link.

Education of staff is important.

Question 18

Risk equation?

Answer 18

Risk = (Threat x Vulnerability) x Consequence

Probability

Question 19

What is defined as a Risk?

Answer 19

The possibility of hurting consequences.

Question 20

Threat?

Answer 20

The planning of executing drastic measures or violence.

Question 21

What is a vulnerability?

Answer 21

Something that exposes a system to attack.

Question 22

Risk management options?

Answer 22

Avoid
Minimize
Move the responsibility
Accept

Question 23

Imagined threats vs factual threats?

Answer 23

Both is relevant. Related to safety, knowledge, staff education.

Question 24

Hacker philosophy?

Answer 24

Use a hacker’s mindset (Attacker viewpoint)

Question 25

What is important regarding risk management?

List 4 things.

Answer 25

1. Define risks in an organization
   Identify business critical risks
2. Brainstorm all risk scenarios, also the “impossible”, then prioritize them.
3. Involve every relevant staff
4. Risk analysis is not a one-time thing. It’s an ongoing process.

Question 26

Risk analysis quotes?

Answer 26

“It is better to remove a risk from the list than finding it when it is too late”

“Take decisions based on facts, instead of assumptions”

“Look beyond company policies and procedures, Hackers will do exactly that!”

Question 27

Policy for hackers?

Answer 27

Be mindful of explaining risks to decisionmakers.

If we don’t follow policies, risks emerges.

Question 28

What is the steps of a regular pentest?

5 steps.

Answer 28

1. Recon & footprinting
2. Scanning & enumeration
3. Gaining access / run exploit
4. Maintaining access / install backdoor
5. Covering steps / manipulate logs