What is DNS lookup?

Write down the command to perform OSINT using theHarvester while targeting google.com using all of the search engines available to the tool and output the results into a file called theHarvester_google.html.

What is the purpose of Shodan?

Can we use -Pn and -sn Nmap switches in the same command?

Which of these tools can be used to perform URL enumeration?

What’s the difference between Nmap’s -sS and -sT scans?

Name the Nmap’s timing options from 0-5.

What are the file formats Nessus can export its report into?

What tool would we use to perform website scraping, and which one for website crawling?

Is it possible to run the following Nmap command: nmap -Pn -sn -p- -T5 -O -A -sS -sT -sUV?

Is there a way to ensure validity of exploits found on Exploit DataBase?

Name a good resource to keep yourself updated with the latest developments in the cyber security industry.

What is the main difference between John the Ripper and Hashcat in the way they crack passwords?

Can a NIC’s MAC address be changed?

What is the difference between an LHOST and an RHOST in Metasploit Framework?

Create an SQLi query that would read the contents of all the other columns while the 'user' column contains the value of 'admin' from the table 'users' within the current database.

What are some of the main types of attacks we can perform after leveraging an XSS vulnerability?

Which of these are we most commonly looking for when testing for vulnerabilities using a web proxy?

When giving complex parameters to SQLMap how do we ensure they are interpreted correctly by the tool?

Besides the preinstalled wordlists found in Kali what other, major wordlist pack can we install?

What’s the difference between phishing, spear phishing and whaling when it comes to social engineering?

Which of these can be achieved through a watering hole attack?

What is the name of a tool that can greatly increase the impact of our XSS attacks?

What other tools does PowerShell Empire integrate well with?

BloodHound presents data to us using?

Which Windows tools/services can we piggyback on through CrackMapExec?

If / is allowed but no other command on a target system how can we escape from a restricted shell?

Write the command to create a Trojan using MSFVenom, LHOST being ATTACKER and the LPORT being PORT. The target machine is Linux, architecture x86 and the output file called VIRUS

Which of the following can be used to create reverse or bind shells to a target system?

How do we cover our tracks if the shell we have is Meterpreter?

Which of the following are steganography tools?

Write a Bash loop that will print all numbers from 56 to 128 in increments of 5.

What are “conditionals” in programming?

What does the following command do:

nikto -h https://www.apple.com -Format html -o nikto_apple -Tuning 1

How do we deal with Cookie based authentication on a target URL called TARGET when using Wapiti?

Which particular item is necessary to make the most out of WPScan?

Which of the following are services that THC-Hydra can attack?

When using a debugger for exploit development, ideally we want to achieve consistent control over which registry?

Name at least 3 wireless analysis and exploitation tools.

Which of the following is the wireless parameter most commonly needed in wireless attacks?

What is SSH?

Write a command to run a basic Nmap port scan against a machine with the IP address of TARGET , but send the scan through a proxy.

There are two ways how you can “install” and run Powersploit on a Windows target. What are they?

In order to capture credentials using Responder what condition needs to be met?

Which of the following can be used to achieve Remote Code Execution (RCE) on a Windows target with known credentials using Impacket?