The HTTP status code messages can be in the following ranges: - Messages in the 100 range are informational. - Messages in the 200 range are related to successful transactions. - Messages in the 300 range are related to HTTP redirections. - Messages in the 400 range are related to client errors. - Messages in the 500 range are related to server errors.
Side-channel attacks are often based on information gained from the implementation of the underlying computer system (or cloud environment) instead of a specific weakness in the implemented technology or algorithm.
Lateral movement (also referred to as pivoting) is a post-exploitation technique that can be performed using many different methods. The main goal of lateral movement is to move from one device to another to avoid detection, steal sensitive data, and maintain access to these devices to exfiltrate the sensitive data.
The CompTIA PenTest+ blueprint lists the following use cases for penetration testing tools: - Reconnaissance - Enumeration - Vulnerability scanning - Credential attacks - Persistence - Configuration compliance - Evasion - Decompilation - Forensics - Debugging - Software assurance (including fuzzing, static application security testing [SAST], and dynamic application security testing [DAST])
Reflected XSS attacks (non-persistent XSS attacks) occur when malicious code or scripts are injected by a vulnerable web application using any method that yields a response as part of a valid HTTP request.
Lateral movement (also referred to as pivoting) is a post-exploitation technique that can be performed using many different methods. The main goal of lateral movement is to move from one device to another to avoid detection, steal sensitive data, and maintain access to these devices to exfiltrate the sensitive data.
The following TCP ports are used in the most common email protocols: - TCP port 25: The default port used in SMTP for non-encrypted communications. - TCP port 465: The port registered by the Internet Assigned Numbers Authority (IANA) for SMTP over SSL (SMTPS). SMTPS has been deprecated in favor of STARTTLS. - TCP port 587: The Secure SMTP (SSMTP) protocol for encrypted communications, as defined in RFC 2487, using STARTTLS. Mail user agents (MUAs) use TCP port 587 for email submission. STARTTLS can also be used over TCP port 25 in some implementations. - TCP port 110: The default port used by the POP3 protocol in non-encrypted communications. - TCP port 995: The default port used by the POP3 protocol in encrypted communications. - TCP port 143: The default port used by the IMAP protocol in non-encrypted communications. - TCP port 993: The default port used by the IMAP protocol in encrypted (SSL/TLS) communications.