FORMATIVE 8 Flashcards
(25 cards)
Which resource is a Windows utility that combines the old CMD functionality with a new scripting/cmdlet instruction set with built-in system administration functionality?
Socat
Wsc2
PowerShell
Twittor
PowerShell
Refer to the exhibit. An attacker opens a port or a listener on the compromised system and waits for a connection. The goal is to connect to the victim from any system, execute commands, and further manipulate the victim. What type of malicious activity is being performed?
reverse shell
horizontal privilege escalation
bind shell
vertical privilege escalation
bind shell
Which resource is a lightweight and portable tool that allows the creation of bind and reverse shells from a compromised host?
WMImplant
WSC2
BloodHound
Netcat
Netcat
A cybersecurity student is learning about Netcat commands that could be used in a penetration testing engagement. Which Netcat command is used to connect to a TCP port?
nc -nv
nc -lvp
nc -z
nc -nv
nc -nv
Which Meterpreter command is used to execute Meterpreter commands that are listed inside a text file and also to help accelerate the actions taken on the victim system?
search
execute
resource
shell
resource
Which two resources are C2 utilities? (Choose two.)
Socat
Empire
BloodHound
Netcat
Twittor
Socat
Twittor
What kind of channel is created by a C2 with a system that has been compromised?
wireless channel
encrypted channel
covert channel
command channel
covert channel
Which living-off-the-land post-exploitation technique can get directory listings, copy and move files, get a list of running processes, and perform administrative tasks?
PowerShell
Sysinternals
WMI
BloodHound
PowerShell
Which resource is an open-source framework that allows rapid deployment of post-exploitation modules, including keyloggers, bind and reverse shells, and adaptable communication to evade detection?
BloodHound
Sysinternals
WMI
Empire
Empire
Which resource is a single-page JavaScript web application that can be used to find complex attack paths in Microsoft Azure?
Empire
Netcat
BloodHound
Sysinternals
BloodHound
Which utility can be used to write scripts or applications to automate administrative tasks on remote computers and can also be used by malware to perform different activities in a compromised system?
WMI
PowerShell
Empire
BloodHound
VMI
Which Sysinternals tool is used by penetration testers to modify Windows registry values and connect a compromised system to another system?
PsInfo
PsLoggedOn
PsGetSid
PsExec
PsExec
Which three tools are living-off-the-land post-exploitation techniques? (Choose three.)
Twittor
PowerSploit
Socat
WMImplant
WinRM
Empire
PowerSploit
WinRM
Empire
An attacker wants to allow further connections to a compromised system and maintain persistent access. The attacker uses the Windows system command Enable-PSRemoting -SkipNetworkProfileCheck – Force. What tool is being enabled using this command?
WinRM
BloodHound
PsExec
WMImplant
WinRM
What kind of malicious activity is performed by a lower-privileged user who accesses functions reserved for higher-privileged users?
horizontal privilege escalation
steganography
bind shell
vertical privilege escalation
vertical privilege escalation
What task can be accomplished with the steghide tool?
to modify Windows registry values and to connect a compromised system to another system
to find complex attack paths in Microsoft Azure
to obfuscate, to evade and to cover the attacker tracks
to allow administrators to control a Windows-based computer from a remote terminal
to obfuscate, to evade and to cover the attacker tracks
After compromising a system during a penetration testing engagement, all penetration work should be cleaned up, including extra files, system changes, and modified logs. The media sanitation methodology should be discussed with the client and the owner of the affected systems. What document guides media sanitation?
NIST SP 800-88
OWASP ZAP
OSSTMM
PCI DSS
NIST SP 800-88
What procedure should be deployed to protect the network against lateral movement?
Database backups
VPNs
Strong passwords for user accounts
VLANs
VLANs
What is the main advantage of Remote Desktop over Sysinternals?
It can upload, execute, and interact with executables on compromised hosts.
It can run commands revealing information about running processes, and services can be killed and stopped.
It can use PsExec to remotely execute anything that can run on a Windows command prompt.
It gives a full, interactive GUI of the remote compromised computer.
It gives a full, interactive GUI of the remote compromised computer.
An attacking system has a listener (port open), and the victim initiates a connection back to the attacking system. What type of vulnerability does this situation describe?
reverse shell
horizontal privilege escalation
bind shell
vertical privilege escalation
reverse shell
A cybersecurity student is learning about Netcat commands that could be used in a penetration testing engagement. The student wants to use Netcat as a port scanner. What command should be used?
nc -nv
nc -lvp
nc -z
nc -nv
nc -z
Which C2 utility is a PowerShell-based tool that leverages WMI to create a C2 channel?
Socat
WMImplant
WSC2
TrevorC2
VMImplant
Which two C2 utilities are Python-based? (Choose two.)
TrevorC2
Socat
DNSCat2
Wsc2
Twittor
TrevorC2
Wsc2
After the exploitation phase, it is necessary to maintain a foothold in a compromised system to perform additional tasks. Which way could maintain persistence?
performing ARP scans and ping sweeps
performing additional enumeration of users, groups, forests, sensitive data, and unencrypted files
creating a bind or reverse shell
using local system tools
creating a bind or reverse shell
