Bawsset

Front 1

Most common (traditional) method for creating a sled

Back 1

NOOP sled

Front 2

2 types of NOOP sleds

Back 2

90 or 9000 in hex

Front 3

one-byte NOOP sleds use what opcode?

Back 3

0x42

Front 4

multi-byte NOOP equivalent sled

Back 4

uses multi-byte opcodes to perform same sled effect

Front 5

sled that jumps directly to the shell regardless of what byte the return pointer hits

Back 5

trampoline sled

Front 6

trampoline sled uses what hex?

Back 6

08/eb/06/eb/04

Front 7

shell code that sockets on target system back to the attacker

Back 7

connect back

Front 8

SADMIN is always what shell code

Back 8

connect back

Front 9

Kaht is always what shell code

Back 9

port bind

Front 10

LSASS is always what shell code

Back 10

both

Front 11

what shell code has "refer" in the ASCII?

Back 11

drive-by download

Front 12

MItM allows the attacker to :

Back 12

read and possible modify messages between two parties

Front 13

MItM indicator :

Back 13

double syn packets, same IP and different MAC

Front 14

IP spoof attack :

Back 14

change source IP to masquerade as another host or hosts

Front 15

IP spoof indicator :

Back 15

multiple syn packets, different IP and same MAC

Front 16

#1 attack on IPv6

Back 16

Neighbor Discovery Protocol

Front 17

neighbor discovery protocol :

Back 17

intercept traffic or cause congested links to become overloaded

Front 18

Routing headers :

Back 18

add arbitrary numbers of routing headers to IPv6 packets

Front 19

a type 0 routing header is what?

Back 19

an attack

Front 20

trespassing takes advantage of what?

Back 20

neighbor discovery protocol

Front 21

substitution boxes (s-boxes) :

Back 21

utilizes bit substitution

Front 22

compression :

Back 22

compresses plain text to alleviate language redundency

Front 23

permutation :

Back 23

changes relative order of plain text. AKA transposition

Front 24

expansion :

Back 24

expands plain text by adding more bits

Front 25

symmetric key algorithms :

Back 25

same key to perform encryption and decryption, is also faster than asymmetric

Front 26

2 modes of operation for 3DES

Back 26

3DES-EEE and 3DES-EDE

Front 27

2 examples of symmetric key encryptions :

Back 27

blowfish and twofish

Front 28

asymmetric key algorithm :

Back 28

uses two keys, public and private and are mathematically related

Front 29

example of a key exchange method :

Back 29

diffie hellman

Front 30

MD algorithms do what

Back 30

generate special numbers that are effectively hash codes

Front 31

MD algorithms :

Back 31

MD5 and SHA

Front 32

PKI is based on what?

Back 32

asymmetric encryption

Front 33

private key :

Back 33

portion of the key you actually use to sign into something

Front 34

public key :

Back 34

portion of the key that is available to other people

Front 35

digital certificates are issued by :

Back 35

CA's, certificate authorities

Front 36

certificate authorites :

Back 36

trusted third-party to provide authentication

Front 37

digital certificate standard :

Back 37

X.509

Front 38

type of digital certificate that is self-signed

Back 38

root certificates

Front 39

intermediate certificates provide :

Back 39

authority to sign server, personal publisher or other immediate CA's

Front 40

4 types of certificates :

Back 40

certificate authority, server, personal, publisher

Front 41

certificate authority :

Back 41

contains public key of a particular CA

Front 42

server :

Back 42

contains public key of web server

Front 43

personal :

Back 43

contains individuals public keys to verify user identity

Front 44

publisher :

Back 44

contains public keys of individuals or vendors representing a program

Front 45

a CAC is roughly the size of ___________ and stores how much data?

Back 45

standard credit card, 144k

Front 46

access to CAC requires :

Back 46

PIN number, system access to secure CAC applications

Front 47

CAC's store what kinds of data?

Back 47

data relating to work functions or benefits and privileges provided as a uniformed service memeber

Front 48

CAC's use what type of authentication?

Back 48

two-factor authentication

Front 49

two-factor authentication uses what?

Back 49

physical code and passcode

Front 50

SSH uses asymmetric keys to :

Back 50

create a secret key shared between client and server

Front 51

by default client and server in SSH must support what?

Back 51

3DES

Front 52

3 possible authentication methods :

Back 52

.rhosts, .rhosts and RSA, password

Front 53

SSL provides what?

Back 53

secure communications through the world wide web

Front 54

SSL uses what port and resides with HTTP in what layer?

Back 54

443, application layer

Front 55

SSL security features :

Back 55

authentication, data integrity, privacy/confidentiality

Front 56

authentication :

Back 56

ensures client and server identity

Front 57

data integrity :

Back 57

SSL data is sent out via record layer in SSL

Front 58

privacy/confidentiality :

Back 58

data is compressed and encrypted with stream and block cipher

Front 59

file infector virus :

Back 59

infects files

Front 60

boot sector virus :

Back 60

infects boot sector

Front 61

multipartite virus :

Back 61

infects multiple files in the system

Front 62

polymorphic virus :

Back 62

produces varied but operational copies of itself

Front 63

macro virus :

Back 63

infects data files, normally microsoft office applications

Front 64

hoax virus :

Back 64

displays warnings of viruses that are non-existent

Front 65

difference between viruses and worms :

Back 65

worms spread without user interaction

Front 66

most infamous worm :

Back 66

Stuxnet

Front 67

remote access trojan (RAT) :

Back 67

grant remote access, installed on target system with a listening port

Front 68

security disabler trojan :

Back 68

designed to disable user's security features

Front 69

downloader trojan :

Back 69

stealthily download and run other files

Front 70

data destruction trojan :

Back 70

destroys data on target system

Front 71

adware :

Back 71

software that displays advertisements

Front 72

spyware :

Back 72

steals personal data

Front 73

between spyware and adware, which is malicious?

Back 73

spyware

Front 74

smurf attack :

Back 74

attacker changes IP to that of the victim and pings their broadcast

Front 75

NBTStream attack :

Back 75

attacks windows NT 4.0, windows 2000 and XP, it is a NETBIOS session request flooder

Front 76

teardrop attack :

Back 76

sends overlapping fragmented UDP packets

Front 77

bonk and boink attack :

Back 77

reverse concept of teardrop, bonk attacks UDP port 53, boink can attack a range

Front 78

fraggle attack :

Back 78

same as smurf, but attacker uses UDP instead of ICMP. dest port will usually be 7 (echo) or 19 (chargen)

Front 79

implements a distributed network DoS tool :

Back 79

tribe flood network (TFN)

Front 80

conducts DDos without attacker knowing what is really going on

Back 80

LOIC

Front 81

more powerful version of LOIC

Back 81

HOIC

Front 82

what is social engineering?

Back 82

form of exploitation that plays on human behavior to obtain info

Front 83

what is pretexting?

Back 83

act of creating a scenario to persuade victim to provide information that assists in exploiting a target

Front 84

what is spear phishing?

Back 84

same as phishing, but targeting a specific individual, company or entity

Front 85

what is a road apple?

Back 85

leaving a thumb drive or floppy disk in target area hoping somebody will find and put into a system

Front 86

quid pro quo :

Back 86

representing oneself as somebody from a company to try to get username and password to go on system and upgrade it

Front 87

True or false : different operating systems have native commands

Back 87

true

Front 88

different between IDS and IPS

Back 88

IDS just detects and sends alarm while IPS prevents

Front 89

IDS technology : pattern matching

Back 89

scans packet for specific byte sequences and compares to database of known attacks

Front 90

IDS technology : traffic anomoly

Back 90

scans packets for unusual activity

Front 91

IDS technology : protocol anomoly

Back 91

scans packets for any deviations from standard RFC's

Front 92

IDS technology : statistical anomaly

Back 92

scans packets for deviations from baseline of normal traffic

Front 93

IDS technology : stateful matching

Back 93

scans packets for signatures in context of traffic

Front 94

2 modes of an IDS

Back 94

passive and active

Front 95

passive mode :

Back 95

monitors the potential attack and alerts/logs activity

Front 96

active mode :

Back 96

tears down connection and acts like an IPS

Front 97

2 types of IDS components :

Back 97

detectors and monitors

Front 98

detectors :

Back 98

workhorse behind the IDS, monitor traffic coming across the wire

Front 99

monitors :

Back 99

designed to process and control your detectors

Front 100

an IPS is placed where?

Back 100

in-line with flow of the network

Front 101

what is snort?

Back 101

flexible open source network IDS/IPS

Front 102

3 modes of snort :

Back 102

sniffer mode, packet logger mode, intrusion detection mode

Front 103

sniffer mode :

Back 103

captures network traffic similar to TCPDump

Front 104

packer logger mode :

Back 104

captures network traffic and saves it to directories

Front 105

network intrusion detection mode :

Back 105

captures network traffic and analyzes it against known attacks (most popular)

Front 106

how does finger appear in a TCP stream? (used in snort rule)

Back 106

"/W"

Front 107

3 files snort uses :

Back 107

snort.conf, snort.log, *.rules

Front 108

false positives :

Back 108

triggers an alarm when no malicious activity is involved

Front 109

false negative :

Back 109

no alarm when malicious activity is going on

Front 110

triggers for false positive :

Back 110

protocol violations, new applications, equipment-related alarms, poorly written signatures

Front 111

triggers for false negative :

Back 111

network design problems, improperly written signatures

Front 112

true statements required for a effective firewall :

Back 112

all traffic inside to outside and vice-versa must be parsed, only authorized traffic can pass through, system/host must be resistant to penetration

Front 113

types of firewalls :

Back 113

stateless packet filtering, stateful packet filtering, application level gateway, hyprid

Front 114

stateless packet filtering firewall :

Back 114

examines packet header information

Front 115

stateful inspection packet filtering firewall :

Back 115

keeps track of communication packets over time

Front 116

application level gateway firewall :

Back 116

operates in the application layer

Front 117

hybrid firewall :

Back 117

uses a combination of other firewalls

Front 118

firewall topologies :

Back 118

simple firewall with one choke, classic firewall, belt and suspenders firewall, dual firewall, multi-homed firewall

Front 119

simple firewall with one choke :

Back 119

1 layer of protection

Front 120

classic firewall :

Back 120

2 layers of protection

Front 121

belt and suspenders firewall :

Back 121

3 layers of protection, DMZ is before firewall

Front 122

dual firewall :

Back 122

4 layers of protection, DMZ between firewalls

Front 123

multi-homes firewall

Back 123

3 layers of protection, DMZ is on webserver off of firewall

Front 124

packet sniffer detection methods :

Back 124

local host detection, latency test, ARP method, ping method, DNS queries. LLAPD (local LAPD)

Front 125

vulnerability identification, retina :

Back 125

tells you the problem and how to fix it, but DOES NOT fix the problem