SECFND 10: Common Endpoint Attacks

Question 1

Local Exploit

Answer 1

requires prior access to the vulnerable system

Question 2

Remote Exploit

Answer 2

works over the network without any prior access to the target system.

Question 3

Best buffer overflow avoidance

Answer 3

Patching

Question 4

Idle Scan

Answer 4

Uses an idle “zombie” host to veil recon from attacking system.

Question 5

Password spraying

Answer 5

Using very weak passwords one or two times to not generate a lockout

Question 6

IRC

Answer 6

Often used to control botnets

Question 7

Smishing

Answer 7

SMS Phishing

Question 8

XSS consequences

Answer 8

Steal session cookies, redirecting the victim to another site, or retrieve data from the victim’s computer

Question 9

Exploit kit

Answer 9

automated framework attackers use to discover and exploit vulnerabilities in an endpoint, infect it with malware, and execute malicious code on it

Question 10

Domain shadowing

Answer 10

compromising domain registration information for legitimate domains, and registering malicious second-level subdomains such as ek.example.com.

Question 11

Web based exploit kit

Answer 11

Typically uses PHP scripts hosted on exploit kit server and provides management console to attacker

Question 12

Exploit kit functionality

Answer 12

Scans host for vulns. Once identified, it sends request to server for exploit code to compromise vuln SW. Code then connects victim to download server to download payload.

Question 13

../ in uri

Answer 13

Indication of directory traversal

Question 14

whoami

Answer 14

show the user account and domain information as applicable

Question 15

netstat -anop

Answer 15

how all active, listening, and closed network connections.

Question 16

quser

Answer 16

list the users who are logged on to system.

Question 17

tasklist

Answer 17

list all the running processes.

Question 18

schtasks

Answer 18

show all the tasks set to run on the system at certain intervals.

Question 19

sc

Answer 19

list all the services set to run on the system.

Question 20

net start

Answer 20

Start services to run on a system.

Question 21

Metasploit

Answer 21

Pentesting tool

Question 22

Meterpreter

Answer 22

Payload within the Metasploit Framework that provides control over an exploited target host. Resides completely in memory.

Question 23

Mimikatz

Answer 23

Meterpreter script. Credential theft inc. plaintext passwords, hashes, PIN’s, and Kerberos tickets.

Question 24

Angler gates

Answer 24

Redirection sites to get someone to the final Angler landing page.

Question 25

Angler proxy servers

Answer 25

People interact with these. Provide actual compromise of victims

Question 26

Angler exploit servers

Answer 26

Contain exploit code. Exploit code sent to proxy server

Question 27

Angler status server

Answer 27

Tracks HTTP connections

Question 28

Angler Master Server

Answer 28

Contains connection and log data