Set One
-
If there is no outbound network access, what methods are available? Apart from techniques such as reg, what other methods exist for obtaining a reverse shell?
-
Delegation within an Active Directory domain
-
Explain the DPAPI mechanism. What can it be used for?
-
FastJSON exploitation in scenarios with no outbound network access
-
Types of Shiro vulnerabilities, the principle of Shiro-721, and what precautions should be taken when exploiting Shiro-721?
-
What types of WebLogic vulnerabilities exist, and what are their underlying principles?
-
DLL hijacking and DLL injection
-
Which ports are prioritised for brute‑force testing in an internal network, and why? If only port 3389 is open, what is the practical impact of brute‑forcing RDP?
-
Why do FRP and NPS fail to function on Windows Server 2003?
-
Phishing methods and techniques – besides double‑clickable executables, what other approaches exist?
-
Methods for obtaining a shell from Redis on Windows
-
Techniques, methods and principles for bypassing UAC (User Account Control)
-
In‑memory webshells (e.g., filter‑based shells)
-
In‑depth principle of Pass‑the‑Hash (PTH) and the conditions required for its exploitation
-
Methods for extracting hashes – what can be done if antivirus software prevents hash capture?
-
The security mechanism of Windows Defender
-
Why are captured hashes sometimes not stored as plaintext?
-
Describe each of the three major types of vulnerabilities commonly targeted during HVV (Hunting Vulnerability and Defense drills).
-
Has Cobalt Strike been subjected to secondary development? Have any CNA scripts been written?