user

Scenaro : 1. Victim opens the attacker’s web site. 2. Attacker sets up a web site which contain interesting and attractive content like ‘Do you want to make $1000 in a day? 3. Victim clicks to the interesting and attractive content URL. 4. Attacker creates a transparent ‘iframe’ in front of the URL which the victim attempts to click, so the victim thinks that he/she clicks on the ‘Do you want to make $1000 in a day?’ URL but actually he/she clicks on the content or URL that exists in the transparent ‘iframe’ which is setup by the attacker. What is the name of the attack which is mentioned in the scenario?

Scenaro : 1. Victim opens the attacker’s web site. 2. Attacker sets up a web site which contain interesting and attractive content like ‘Do you want to make $1000 in a day? 3. Victim clicks to the interesting and attractive content URL. 4. Attacker creates a transparent ‘iframe’ in front of the URL which the victim attempts to click, so the victim thinks that he/she clicks on the ‘Do you want to make $1000 in …

Scenaro : 1. Victim opens the attacker’s web site. 2. Attacker sets up a web site which contain interesting and attractive content like ‘Do you want to make $1000 in a day? 3. Victim clicks to the interesting and attractive content URL. 4. Attacker creates a transparent ‘iframe’ in front of the URL which the victim attempts to click, so the victim thinks that he/she clicks on the ‘Do you want to make $1000 in a day?’ URL but actually he/she clicks on the content or URL that exists in the transparent ‘iframe’ which is setup by the attacker. What is the name of the attack which is mentioned in the scenario? Read More »

whitelisting

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting?

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non – whitelisting programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting? Option 1 : Phishing malware Option 2 : File-less malware …

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting? Read More »

session ID

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee click on the link, all the sensitive payment details entered in a form are linked to Boney’s account. What is the attack performed by Boney in the above scenario?

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID link the target employee to Boney ‘s account page without disclosing any information to the victim. When the target employee click on the link, all …

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee click on the link, all the sensitive payment details entered in a form are linked to Boney’s account. What is the attack performed by Boney in the above scenario? Read More »

credentials

Sam, a professional hacker, targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legimate employee. Moreover, he sent phishing emails to steal the AWS IAM credentials and further compromise the employee’s account What is the technique used by Sam to compromise the AWS IAM credentials?

Sam, a professional hacker, targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legimate employee. Moreover, he sent phishing emails to steal the AWS IAM credentials and further compromise the employee’s account What is the technique used by Sam to compromise the AWS IAM credentials? Option 1: Reverse engineering Option 2: Social engineering Option 3: …

Sam, a professional hacker, targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legimate employee. Moreover, he sent phishing emails to steal the AWS IAM credentials and further compromise the employee’s account What is the technique used by Sam to compromise the AWS IAM credentials? Read More »

container

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier conatiner technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture is Abel currently working in?

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture is Abel currently …

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier conatiner technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture is Abel currently working in? Read More »

application

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario?

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario? Option 1 : Denial of service Option 2 : Cross-site scripting Option 3 : SQL injection Option 4 : Directory traversal   1. Denial of service The Denial of …

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario? Read More »

IDS

Kevin, a professional hacker, wants to penetrate CyberTech Inc.’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packet, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system?

Kevin, a professional hacker, wants to penetrate CyberTech Inc.’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packet, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system? Option 1 : Desynchronization Option 2 : Obfuscating Option 3 : Session splicing Option 4 : Urgency flag 1. Desynchronization The number of security breaches is …

Kevin, a professional hacker, wants to penetrate CyberTech Inc.’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packet, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system? Read More »

user

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password?

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password? Option 1 : .bashrc Option 2 : .bash_history Option 3 : .profile Option 4 : .XSession-log 1. .bashrc The .bashrc file may be a script file that’s executed …

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password? Read More »

penetration tester

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit?

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit? Option 1 : AP misconfiguration Option 2 : Key reinstallation attack Option 3 : Dragonblood Option 4 : Cross-site request forgery 1. AP misconfiguration The Misconfigured APs are …

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit? Read More »