Bash, the Crucial Exams Chat Bot
AI Bot
Vulnerabilities and Exploits (CEH) Flashcards
Certified Ethical Hacker (CEH) Flashcards
| Front | Back |
| ARP Spoofing | An attack that sends fake ARP messages to associate a malicious MAC address with a legitimate IP address. |
| Broken Authentication | A vulnerability in which authentication functions allow attackers to compromise account data or sessions. |
| Brute Force Attack | An attack method that involves systematically guessing passwords or keys. |
| Buffer Overflow | An exploit where attackers overwrite memory locations to execute malicious code. |
| Clickjacking | An attack that tricks users into clicking on an element disguised as something else. |
| Command Injection | An exploit that allows attackers to execute arbitrary commands on a host operating system. |
| Credential Reuse | A vulnerability where users' reused credentials are exploited across multiple services. |
| Cross-Site Request Forgery (CSRF) | An exploit that tricks users into performing actions without their intent on authenticated websites. |
| Cross-Site Scripting (XSS) | A vulnerability allowing attackers to inject malicious scripts into web applications viewed by other users. |
| Denial of Service (DoS) | An attack designed to make a system or network unavailable to its intended users. |
| Directory Traversal | A method of accessing files or directories outside of the intended directory scope. |
| Distributed Denial of Service (DDoS) | An attack where multiple compromised systems target a single system to overload it and cause disruption. |
| DNS Spoofing | A technique where DNS responses are manipulated, redirecting victims to malicious sites. |
| Exploit Kits | Prepackaged software used by hackers to exploit known vulnerabilities. |
| Insecure Deserialization | A vulnerability where untrusted data is used to manipulate or exploit application logic. |
| Keylogger | Malicious software or hardware used to capture and record a victim's keystrokes. |
| Malware Injection | An attack where malicious software is introduced into a system or application. |
| Man-in-the-Middle (MITM) | An attack where an attacker intercepts and potentially alters communication between two parties. |
| Password Spraying | A variation of brute force attacks that uses one password on many accounts instead of many passwords on one account. |
| Phishing | An exploit that tricks users into providing sensitive information via fake emails or websites. |
| Pivoting | An exploitation technique where an attacker uses a compromised system to attack additional systems in a network. |
| Privilege Escalation | A method of gaining higher-level permissions on a system or network. |
| Remote Code Execution (RCE) | A vulnerability that allows attackers to remotely execute malicious code on a system. |
| Rogue Access Point | An unauthorized wireless access point installed in a network to exploit Wi-Fi security gaps. |
| Session Hijacking | An attack where an active session is taken over without the user's consent. |
| Social Engineering | The use of deception to manipulate individuals into divulging confidential information. |
| SQL Injection | An attack where malicious SQL statements are inserted into a query to manipulate or access the database. |
| Unsecured APIs | A flaw where unsecured APIs expose sensitive data or functions to unauthorized users. |
| Vulnerable Third-Party Libraries | Security issues introduced by using outdated or flawed third-party code libraries. |
| Zero-Day Vulnerability | A vulnerability unknown to the vendor and potentially exploited before a fix is released. |
This deck highlights key vulnerabilities in systems, applications, and networks, along with examples of exploits used by ethical hackers in penetration testing.