Skip to main content

Set One

  1. If there is no outbound network access, what methods are available? Apart from techniques such as reg, what other methods exist for obtaining a reverse shell?

  2. Delegation within an Active Directory domain

  3. Explain the DPAPI mechanism. What can it be used for?

  4. FastJSON exploitation in scenarios with no outbound network access

  5. Types of Shiro vulnerabilities, the principle of Shiro-721, and what precautions should be taken when exploiting Shiro-721?

  6. What types of WebLogic vulnerabilities exist, and what are their underlying principles?

  7. DLL hijacking and DLL injection

  8. Which ports are prioritised for brute‑force testing in an internal network, and why? If only port 3389 is open, what is the practical impact of brute‑forcing RDP?

  9. Why do FRP and NPS fail to function on Windows Server 2003?

  10. Phishing methods and techniques – besides double‑clickable executables, what other approaches exist?

  11. Methods for obtaining a shell from Redis on Windows

  12. Techniques, methods and principles for bypassing UAC (User Account Control)

  13. In‑memory webshells (e.g., filter‑based shells)

  14. In‑depth principle of Pass‑the‑Hash (PTH) and the conditions required for its exploitation

  15. Methods for extracting hashes – what can be done if antivirus software prevents hash capture?

  16. The security mechanism of Windows Defender

  17. Why are captured hashes sometimes not stored as plaintext?

  18. Describe each of the three major types of vulnerabilities commonly targeted during HVV (Hunting Vulnerability and Defense drills).

  19. Has Cobalt Strike been subjected to secondary development? Have any CNA scripts been written?