#Quiz 8

1. Which of the following statements details a Cross-Site Scripting (XSS) attack?
a) A client-side attack where malicious JavaScript is executed in the victim's browser
b) A server-side attack where malicious JavaScript is executed in the application
c) A client-side attack where malicious JavaScript is executed in the application
d) A server-side attack where malicious JavaScript is executed in the victim's browser

2. Which of the following is an invalid PowerShell execution policy?
a) AllSigned
b) Unrestricted
c) RemoteSigned
d) LocalSigned
e) Restricted
f) Bypass

3. Which TWO of the below statements are true?
a) Red team engagements are assurance based and pentests are objective based
b) Pentests are assurance based and red team engagements are objective based
c) Vulnerability assessments are better for identifying potential impact than pentests
d) Pentests are better for identifying potential impact than vulnerability assessments

🤓 Submit your answers below! 🤓

||1:c, 2:f, 3:a/c||

|| 1: A, 2: D, 3: B/D ||

||

1. a
2. d
3. b & d
   ||

||1. C
Client side attack where malicious code is executed in the app. Here’s an example. You’re browsing the comment section of downloadmoreram.com and out of curiosity you discover a vulnerability that enables script injection, this type of activity is typically seen in the app itself rather that the browser. So you go like <script>Alert(“TX princess is awesome”)</script>

2: D - No explanation other that it doesn’t ring a bell.

3:
B& D
Red team engagements are meant to evaluate the Information Security posture of your organization. E.g: how does your SOC respond to a certain event.
Pentests are better for identifying potential impact. For example (this is a very stupid example) let’s say you manage to compromise the distributed engine and database server of a PAM solution, what would happen if you manage to have access to every single credential stored?||

I want more ram 😂, examples for 1st one are killing me xD

Bestavintheworld.org.cn

😮 something in me wants to click that link 🤣

Then there is another part that wants to create that page with it’s only content being TX answer to 1st question 😂

Thank you!

I checked that website and it downloaded several files. Then rebooted my machine. I saw a cmd prompt window that quickly disappeared. After the second reboot, I’m getting a red screen with a message saying my files have been encrypted and something about bitcoin payment. I’m confused.

Sorry about the confusion! I actually wrote a guide to sort out the red screen. A few steps. Easy to follow. You can grab it at www.nevergonnagiveyouupnevergonnaletyoudown.com.biz.org.ru.cc

@exotic nest

Baha

Thanks for the tag.

I should have thought to do that. Moar coffee needed.

The answers are... 1A, 2D, 3B/D!

**1A **
XSS is a client-side attack as code is executed in the victim browser, not the application (even though an application is used to facilitate the delivery of the malicious code to trigger it).

2D
Not a lot to say here, it's not a policy! I'd normally explain all the policies at this point, but MS will do a much better job https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.3

3B/D
A pentest is assurance based.
It's designed to identify as many potential ways in as possible (like a vulnerability assessment) across a network/web app etc., but, then attempts to exploit as many of them as possible within the (generally small) timeframe to see what's possible and ultimately what the potential businss impact could be.

A red team is objective based.
It's not designed to find as many vulnerabilities/ways in as possible and exploit them (like a pentest), but to find the best (and often quickest) way to achieve their objective. The red team's objective can vary, but it's often what's most important to the org, their crown jewels, their most precious IP, what they're most worried about and what they're threat modelling to protect (hence the requirement of a red team). A red team objective generally isn't getting domain admin to compromise the network (again like a pentest often ends up with), in fact it usually isn't. It could be a specific application, a database, a device/hardware residing in a secured room, compromising a physical location, etc, etc. The piece of IP the org wants to protect more than anything can differ greatly and the red team needs to find the best way to get to that.

To address answer D, pentests identify potential impact by exploiting vulnerabilities to see what potential harm it can cause the business. Vulnerability assessments generally highlight lots of potential ways in (automated signaure-based scanner only) but can't demonstrate the ultimate impact to the business.

Yeah baby!

Well done to everyone! 👏

Good job @tight granite

💯

Thanks, just happy I got them. I knew the PowerShell one straight away, the others I had to think. Pleased overall.