hex code for directory traversal attack
%2E%2E%2F
What is executing a script to inject a remote file into the web app or the website
Remote File Inclusion (RFI)
What is adding a file to the web app or website that already exists on the hosting server
Local File Inclusion (LFI)
Type of web attack where an attacker tricks a victum into making an unwanted request
CSRF
Type of attack where the attacker tricks the server into making requests to unintended locations
SSRF (Server-Side Request Forgery)
responder command to enable a SMB relay attack
-r
MAC address is on which layer
2
A shell where a listening port is opened on the victim’s machine is
Bind Shell
A command-line tool in Kali that is used to poison NetBIOS, LLMNR and mDNS name resolution requests
Responder
Automated, all-in-one mobile application pentesting framework that can perform static and dynamic analysis
MobSF
Open-source tool that provides powerful capabilities for Pent Testing across various mobile operating systems
Frida
Which mobile tool can: Dump process memory, Perform in process fuzzing, detect anti-jailbreak and Alter a program;s behaviour
Frida
A mobile security tool that provides a comprehensive security and attack framework for Android
Drozer
Versatile command-line tool that allows testers to communicate with an Android device
Android Debug Bridge (ADB)
______________________ is an open-source Python library (with a collection of example scripts) that implements low-level network protocols used by Microsoft Windows — things like SMB/CIFS, MS-RPC, DCE/RPC, NetBIOS, LDAP, Kerberos, NTLM, and others.
Impacket
Schedules Tasks and Cron Jobs are for which respective OS
Windows and Linux
Certificate stapling allows a webserver to perform certificate status checking instead of having the
browser perform the checking.
Tool for misconfigured AD certificates services
Certify
What is a master key that creates valid Kerberos tickets for any user, giving the ability to impersonate anyone in the domain
Golden Ticket
Tool to use for Kerberos ticket manipulation
Rubius
A remote administration tool that allows users to execute processes on other systems
PsExec
A Critical vulnerability that allows attackers to run malicious code on a target system
Arbitrary Code Excution
Tool that looks for security problems in Kubernetes clusters
Kube-Hunter
Tool that checks the Docker setup against best practice for securing Docker containers
Docker Bench
-
Governance, Risk and Compliance23
-
Collaboration & Communication Activities7
-
Testing Frameworks & Methodologies26
-
Reporting and Remediation6
-
Reconnaissance & Enumeration13
-
Applying Enumeration Techniques12
-
Discovering & Analyzing Vulnerabilities13
-
Authentication Attacks14
-
Authentic attacks12
-
Wireless & Social Engineering Attacks18
-
Establishing Persistence29
-
Staging & Data Exfiltration13
-
LP - Exam Questions26
-
Nmap Commands21
-
CompTIA Mastery Course40
-
CompTIA Questions #237
-
THM - Course11
-
Post Exam Material84
-
Udemy Exams44
-
Udemy Videos83
-
Dion Training #242
