Bash, the Crucial Exams Chat Bot
AI Bot
Vulnerabilities and Exploits (CEH) Flashcards
Certified Ethical Hacker (CEH) Flashcards
Study our Vulnerabilities and Exploits (CEH) flashcards for the Certified Ethical Hacker (CEH) exam with 30+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| ARP Spoofing | An attack that sends fake ARP messages to associate a malicious MAC address with a legitimate IP address. |
| Broken Authentication | A vulnerability in which authentication functions allow attackers to compromise account data or sessions. |
| Brute Force Attack | An attack method that involves systematically guessing passwords or keys. |
| Buffer Overflow | An exploit where attackers overwrite memory locations to execute malicious code. |
| Clickjacking | An attack that tricks users into clicking on an element disguised as something else. |
| Command Injection | An exploit that allows attackers to execute arbitrary commands on a host operating system. |
| Credential Reuse | A vulnerability where users' reused credentials are exploited across multiple services. |
| Cross-Site Request Forgery (CSRF) | An exploit that tricks users into performing actions without their intent on authenticated websites. |
| Cross-Site Scripting (XSS) | A vulnerability allowing attackers to inject malicious scripts into web applications viewed by other users. |
| Denial of Service (DoS) | An attack designed to make a system or network unavailable to its intended users. |
| Directory Traversal | A method of accessing files or directories outside of the intended directory scope. |
| Distributed Denial of Service (DDoS) | An attack where multiple compromised systems target a single system to overload it and cause disruption. |
| DNS Spoofing | A technique where DNS responses are manipulated, redirecting victims to malicious sites. |
| Exploit Kits | Prepackaged software used by hackers to exploit known vulnerabilities. |
| Insecure Deserialization | A vulnerability where untrusted data is used to manipulate or exploit application logic. |
| Keylogger | Malicious software or hardware used to capture and record a victim's keystrokes. |
| Malware Injection | An attack where malicious software is introduced into a system or application. |
| Man-in-the-Middle (MITM) | An attack where an attacker intercepts and potentially alters communication between two parties. |
| Password Spraying | A variation of brute force attacks that uses one password on many accounts instead of many passwords on one account. |
| Phishing | An exploit that tricks users into providing sensitive information via fake emails or websites. |
| Pivoting | An exploitation technique where an attacker uses a compromised system to attack additional systems in a network. |
| Privilege Escalation | A method of gaining higher-level permissions on a system or network. |
| Remote Code Execution (RCE) | A vulnerability that allows attackers to remotely execute malicious code on a system. |
| Rogue Access Point | An unauthorized wireless access point installed in a network to exploit Wi-Fi security gaps. |
| Session Hijacking | An attack where an active session is taken over without the user's consent. |
| Social Engineering | The use of deception to manipulate individuals into divulging confidential information. |
| SQL Injection | An attack where malicious SQL statements are inserted into a query to manipulate or access the database. |
| Unsecured APIs | A flaw where unsecured APIs expose sensitive data or functions to unauthorized users. |
| Vulnerable Third-Party Libraries | Security issues introduced by using outdated or flawed third-party code libraries. |
| Zero-Day Vulnerability | A vulnerability unknown to the vendor and potentially exploited before a fix is released. |
About the Flashcards
Flashcards for the Certified Ethical Hacker (CEH) exam provide a concise review of critical cybersecurity threats and defense concepts students must master. Each card defines a specific vulnerability or attack-such as buffer overflows, SQL injection, or ARP spoofing-so you can quickly recall how these exploits operate and why they endanger modern systems.
The deck also reinforces broader security principles tested on the exam, including privilege escalation pathways, denial-of-service techniques, remote code execution, and human-focused tactics like phishing and social engineering. By practicing with these cards, you will sharpen recognition of attack signatures, understand mitigation strategies, and strengthen the terminology needed to analyze real-world incidents.
Topics covered in this flashcard deck:
- Web application exploits
- Network interception attacks
- Denial-of-service tactics
- Privilege escalation methods
- Social engineering & phishing
- Malware and exploit kits