Ethical Hacking Cheat Sheet 2026
The 30 highest-yield Ethical Hacking facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
125 questions
240 min time limit
70.00% to pass
- Which OWASP Top 10 vulnerability occurs when untrusted data is sent to an interpreter as part of a command? → Injection
- What is a 'rogue access point' in the context of wireless penetration testing? → An unauthorized AP set up to intercept or provide unauthorized access to a network
- What does placing a wireless adapter in 'monitor mode' allow a penetration tester to do? → Passively capture all wireless frames in range without associating with an AP
- What tool is used by ethical hackers to capture WPA2 handshakes for offline cracking? → Aircrack-ng suite (airodump-ng)
- What type of malware is specifically designed to hide its presence and maintain persistent privileged access on a compromised system? → Rootkit
- Which authentication attack uses precomputed hash tables to reverse password hashes? → Rainbow table attack
- What is a 'backdoor' malware? → Malware that provides persistent remote access to a compromised system
- Which technique involves sending malformed packets to crash or reveal information about a target system? → Fuzzing
- What is 'key exchange' in cryptography and which protocol is most commonly used? → Securely establishing a shared secret over an untrusted channel; Diffie-Hellman
- Which attack attempts every possible key combination to decrypt encrypted data? → Brute force attack
- Which behavior is a strong indicator of ransomware activity on a network? → Mass file renaming and encryption combined with a ransom note creation
- What does a keylogger do? → Records keystrokes to capture passwords and sensitive input
- What is directory traversal in web application hacking? → Accessing files outside the web root by manipulating path variables
- When a hacker impersonates a legitimate user on a system, what is the term for it? → Impersonation
- Which persistence mechanism involves adding registry entries under Windows Run keys to execute malicious code automatically each time the system starts? → Registry Run key persistence (e.g., HKLM\Software\Microsoft\Windows\CurrentVersion\Run)
- Which Metasploit command is used to search for available exploit modules? → search
- What does TTL (Time to Live) value in a ping response help a penetration tester determine? → Operating system type
- What is 'fileless malware' and why is it harder to detect? → Malware that resides only in memory without writing to disk, evading file-based detection
- Which tool is used for wireless packet injection and monitoring in penetration tests? → Aircrack-ng
- What is a CSRF attack? → Forging requests from an authenticated user's browser
- Which symmetric encryption algorithm is considered the current US government standard and is used widely in security applications? → AES
- What is a 'watering hole attack'? → Infecting websites frequently visited by the target organization
- Which process injection technique inserts malicious code into a legitimate running process to evade detection? → DLL injection
- Which wireless attack exploits the WPS PIN by targeting a vulnerability in the pseudo-random number generator used during offline authentication? → Pixie Dust attack
- What is 'HTTP verb tampering' in web security testing? → Sending unexpected HTTP methods like PUT or DELETE to bypass access controls
- During a penetration test, what does 'enumeration' primarily involve? → Gathering detailed information about network resources, users, and services
- Which of the following is a buffer overflow countermeasure? → Bounds checking
- What is 'clickjacking' in web application security? → Embedding a target page in an iframe to trick users into clicking hidden elements
- What is the default port used by the SMB protocol that penetration testers frequently target? → 445
- Which Windows subsystem service stores user credentials in memory to support single sign-on and is a primary target for credential dumping tools like Mimikatz? → LSASS (Local Security Authority Subsystem Service)
Turn these facts into recall: