PenTest Tools

Question 1

What is Frida used for?

Answer 1

Mobile devices, dynamic analysis, runtime hooking (injecting scripts, intercepting function calls, and manipulating runtime data)

Question 2

What is ADB used for?

Answer 2

Command-line tool for communicating with Android devices. Allows app installs, file access, and debugging.

Question 3

What is Drozer used for?

Answer 3

Android vulnerability assessment.

Question 4

What are the three C2 frameworks?

Answer 4

Covenant, Empire, Mythic

Question 5

What is Empire?

Answer 5

A post exploration framework that uses powershell and python. Keylogging, C2.

Question 6

What is covenant?

Answer 6

A .net based c2 framework designed specifically to leverage the .net framework on multiple platforms.

Question 7

What is Mythic?

Answer 7

Cross platform CLI-based, open source C2 framework. Very modular. Heavy API support with many payloads.

Question 9

What is a commonly exploited piece of SOAP Service Oriented Architecture Protocol?

Answer 9

XML. SOAP is frequently used for remote procedure calls (RPC) and typically uses HTTP/SMTP for transport.

Question 10

What are the steps of NIST SP 800-115?

Answer 10

Planning, Discovery, Analysis/Reporting

Question 11

What is hping?

Answer 11

An open source packet crafting tool, allows for custom TCP/IP packets.

Question 12

What is MDK4?

Answer 12

A wi-fi testing tooo. Deauth, stress testing, fuzzing.

Question 13

What is reaver?

Answer 13

A tool for exploiting WPS.

Question 14

What is Kismet?

Answer 14

Wi-Fi detection mainly.

Question 15

What is GLBA?

Answer 15

Financial Institution regulation.

Question 16

What is Frida used for vs MobSF?

Answer 16

Software debugging and manipulation on mobile devices.