Exploits & Attacks

Question 1

Exploits

Answer 1

A piece of software or a sequence of commands that takes advantage of a vulnerability in a computer system to cause unexpected behavior to occur.

Question 2

netstat

Answer 2

A command-line tool used for showing network statistics, specifically the ports and IP addresses on your computer system that can communicate with other hosts on the network

Question 3

DDoS attack

Answer 3

A (distributed) denial of service attack that targets websites and web servers with the intention of bringing the services they provide to a halt. If one host is involved in the attack, the attack is considered to be a DoS attack. If multiple hosts are involved, it is a DDoS attack.

Question 4

Botnet

Answer 4

Software that replicates and infects many computers, turning the computer into a “zombie”. Zombie devices are remotely controlled by an attacker for malicious purposes.

Question 5

Keylogger

Answer 5

Software and hardware that track all keyboard clicks, including backspaces, to discover usernames, passwords, credit card numbers, and other sensitive information.

Question 6

Man-in-the-Middle (MITM)

Answer 6

A human-based attack in which the malicious user intercepts communication between the victim’s computer and the internet.

Question 7

Ransomware

Answer 7

Software that locks your computer and makes it inoperable, requiring you to pay someone to remove it. Ransomware can spread like a virus, worm, or trojan horse.

Question 8

Rootkit

Answer 8

Software running with elevated privileges to control a computer or to gain access to restricted accounts and data.

Question 9

Forceful Directory Browsing

Answer 9

When hackers can use their knowledge of a web server’s directory structure to craft URL addresses and navigate to locations that are unreferenced and unlinked in a website.

Question 10

FTP (File Transfer Protocol)

Answer 10

Lets computers copy files to and from devices on a network. If malicious users are able to “FTP” to your computer, they can deliver malware to it

Question 11

SMTP (Simple Mail Transfer Protocol)

Answer 11

A communication protocol for electronic mail transmission. It has a history of vulnerabilities and weaknesses.

Question 12

Loose-lipped errors

Answer 12

When HTTP requests fail or when systems crash, the system often provides some feedback as to why. Error messages can provide instructive information to a user, but also can be a rich source of intelligence to potential hackers.

Question 13

Cross-site scripting (XSS)

Answer 13

A type of exploit in which the attacker inserts malicious client-side code into web pages to steal data, take control of a computer, run malicious code, or achieve a phishing scam.

Question 14

XSS Stored Attack

Answer 14

Similar to an XSS-reflected attack with one major difference: This exploit permanently stores the malware script in the database.

Question 15

Command Execution (Injection) attack

Answer 15

an attack in which the goal is the execution of arbitrary commands on the host operating system via a vulnerable application.