Bash, the Crucial Exams Chat Bot
AI Bot
Vulnerabilities and Exploits (CEH) Flashcards
Certified Ethical Hacker (CEH) Flashcards
| Front | Back |
| ARP Spoofing | An attack that sends fake ARP messages to associate a malicious MAC address with a legitimate IP address. |
| Broken Authentication | A vulnerability in which authentication functions allow attackers to compromise account data or sessions. |
| Brute Force Attack | An attack method that involves systematically guessing passwords or keys. |
| Buffer Overflow | An exploit where attackers overwrite memory locations to execute malicious code. |
| Clickjacking | An attack that tricks users into clicking on an element disguised as something else. |
| Command Injection | An exploit that allows attackers to execute arbitrary commands on a host operating system. |
| Credential Reuse | A vulnerability where users' reused credentials are exploited across multiple services. |
| Cross-Site Request Forgery (CSRF) | An exploit that tricks users into performing actions without their intent on authenticated websites. |
| Cross-Site Scripting (XSS) | A vulnerability allowing attackers to inject malicious scripts into web applications viewed by other users. |
| Denial of Service (DoS) | An attack designed to make a system or network unavailable to its intended users. |
| Directory Traversal | A method of accessing files or directories outside of the intended directory scope. |
| Distributed Denial of Service (DDoS) | An attack where multiple compromised systems target a single system to overload it and cause disruption. |
| DNS Spoofing | A technique where DNS responses are manipulated, redirecting victims to malicious sites. |
| Exploit Kits | Prepackaged software used by hackers to exploit known vulnerabilities. |
| Insecure Deserialization | A vulnerability where untrusted data is used to manipulate or exploit application logic. |
| Keylogger | Malicious software or hardware used to capture and record a victim's keystrokes. |
| Malware Injection | An attack where malicious software is introduced into a system or application. |
| Man-in-the-Middle (MITM) | An attack where an attacker intercepts and potentially alters communication between two parties. |
| Password Spraying | A variation of brute force attacks that uses one password on many accounts instead of many passwords on one account. |
| Phishing | An exploit that tricks users into providing sensitive information via fake emails or websites. |
| Pivoting | An exploitation technique where an attacker uses a compromised system to attack additional systems in a network. |
| Privilege Escalation | A method of gaining higher-level permissions on a system or network. |
| Remote Code Execution (RCE) | A vulnerability that allows attackers to remotely execute malicious code on a system. |
| Rogue Access Point | An unauthorized wireless access point installed in a network to exploit Wi-Fi security gaps. |
| Session Hijacking | An attack where an active session is taken over without the user's consent. |
| Social Engineering | The use of deception to manipulate individuals into divulging confidential information. |
| SQL Injection | An attack where malicious SQL statements are inserted into a query to manipulate or access the database. |
| Unsecured APIs | A flaw where unsecured APIs expose sensitive data or functions to unauthorized users. |
| Vulnerable Third-Party Libraries | Security issues introduced by using outdated or flawed third-party code libraries. |
| Zero-Day Vulnerability | A vulnerability unknown to the vendor and potentially exploited before a fix is released. |
Front
Cross-Site Scripting (XSS)
Click the card to flip
Back
A vulnerability allowing attackers to inject malicious scripts into web applications viewed by other users.
Front
Command Injection
Back
An exploit that allows attackers to execute arbitrary commands on a host operating system.
Front
Credential Reuse
Back
A vulnerability where users' reused credentials are exploited across multiple services.
Front
Zero-Day Vulnerability
Back
A vulnerability unknown to the vendor and potentially exploited before a fix is released.
Front
Unsecured APIs
Back
A flaw where unsecured APIs expose sensitive data or functions to unauthorized users.
Front
Distributed Denial of Service (DDoS)
Back
An attack where multiple compromised systems target a single system to overload it and cause disruption.
Front
Remote Code Execution (RCE)
Back
A vulnerability that allows attackers to remotely execute malicious code on a system.
Front
Broken Authentication
Back
A vulnerability in which authentication functions allow attackers to compromise account data or sessions.
Front
Denial of Service (DoS)
Back
An attack designed to make a system or network unavailable to its intended users.
Front
Brute Force Attack
Back
An attack method that involves systematically guessing passwords or keys.
Front
Privilege Escalation
Back
A method of gaining higher-level permissions on a system or network.
Front
Clickjacking
Back
An attack that tricks users into clicking on an element disguised as something else.
Front
Pivoting
Back
An exploitation technique where an attacker uses a compromised system to attack additional systems in a network.
Front
Man-in-the-Middle (MITM)
Back
An attack where an attacker intercepts and potentially alters communication between two parties.
Front
Directory Traversal
Back
A method of accessing files or directories outside of the intended directory scope.
Front
Phishing
Back
An exploit that tricks users into providing sensitive information via fake emails or websites.
Front
Password Spraying
Back
A variation of brute force attacks that uses one password on many accounts instead of many passwords on one account.
Front
DNS Spoofing
Back
A technique where DNS responses are manipulated, redirecting victims to malicious sites.
Front
Buffer Overflow
Back
An exploit where attackers overwrite memory locations to execute malicious code.
Front
Exploit Kits
Back
Prepackaged software used by hackers to exploit known vulnerabilities.
Front
Malware Injection
Back
An attack where malicious software is introduced into a system or application.
Front
Session Hijacking
Back
An attack where an active session is taken over without the user's consent.
Front
Rogue Access Point
Back
An unauthorized wireless access point installed in a network to exploit Wi-Fi security gaps.
Front
Cross-Site Request Forgery (CSRF)
Back
An exploit that tricks users into performing actions without their intent on authenticated websites.
Front
Keylogger
Back
Malicious software or hardware used to capture and record a victim's keystrokes.
Front
SQL Injection
Back
An attack where malicious SQL statements are inserted into a query to manipulate or access the database.
Front
Social Engineering
Back
The use of deception to manipulate individuals into divulging confidential information.
Front
Insecure Deserialization
Back
A vulnerability where untrusted data is used to manipulate or exploit application logic.
Front
Vulnerable Third-Party Libraries
Back
Security issues introduced by using outdated or flawed third-party code libraries.
Front
ARP Spoofing
Back
An attack that sends fake ARP messages to associate a malicious MAC address with a legitimate IP address.
1/30
This deck highlights key vulnerabilities in systems, applications, and networks, along with examples of exploits used by ethical hackers in penetration testing.