Hi, Can I ask you if you only watched his videos or you bought his courses? What other materials have you studied? I am preparing for the exam .. Thank you
Are these pretty close to what the PBQs on the test look like. That’s the part I’m having trouble studying for because the class I’m taking doesn’t really cover PBQs.
very weird answers though, Q2 since it is using known wordlist and not random string it should be dictionary attack type password attack. As far as protection against it, I am sketchy about 3FA on Oracle DB 19c and Amazon Linux since they need to be connected to an IdP solution to do, so I would have gone with complex password. We can put 3FA on Amazon account in cloud but not to this application or service directly. None of them were using randomly generated characters for password cracking rather using some wordlist so, in Q3 also it eliminates hybrid attack (since random character-based bruteforcing is not there) but that can be rainbow attack since popular pwned password and their SHA1 hash file is used.
Hello, I believe there may be a mix-up with the video titles. This video appears to be more appropriately titled "Password Attacks and Knowledge-Based Authentication - Security+ PBQ 6." Conversely, the title currently used for this video seems to fit the other video better. Thank you.
Thanks for taking the time sharing this content! It says Attacker 2 is "leveraging password/hash reference database files built-in to several penetration testing applications". And the "Files used" section mentions "rockyou.txt.gz and captured_hash.txt". The fact they're using a list of words seems to imply it's a "dictionary" attack and not just a "brute force" attack. Does that make sense?
Also - Isn't a Dictionary Attack a Brute Force attack in it self (just using the specific list)? - I too think the answer should be Dictionary Attack alone XD - Id love to hear from @cyberkraft about this
@@gijojojo You are both correct in my mind, they do say "can be cracked in hours when leveraging built in password/hash files" that is a dictionary attack! Brute force is known for being S L O W and would not reference files, if it did, it would be a hybrid attack.
You already helped me get my Security+ but I still watch your videos to remain fresh and informed.
Hi,
Can I ask you if you only watched his videos or you bought his courses? What other materials have you studied? I am preparing for the exam .. Thank you
Are these pretty close to what the PBQs on the test look like. That’s the part I’m having trouble studying for because the class I’m taking doesn’t really cover PBQs.
@@joshmurray8953 sorry for the late reply. Yes, the PBQs that he goes over are very similar to the kind you’ll see on the exam.
@@JDDrct thanks for the reply!
Thanks for the lesson!
very weird answers though,
Q2 since it is using known wordlist and not random string it should be dictionary attack type password attack. As far as protection against it, I am sketchy about 3FA on Oracle DB 19c and Amazon Linux since they need to be connected to an IdP solution to do, so I would have gone with complex password. We can put 3FA on Amazon account in cloud but not to this application or service directly.
None of them were using randomly generated characters for password cracking rather using some wordlist so, in Q3 also it eliminates hybrid attack (since random character-based bruteforcing is not there) but that can be rainbow attack since popular pwned password and their SHA1 hash file is used.
thank you for these great videos
Hello, I believe there may be a mix-up with the video titles. This video appears to be more appropriately titled "Password Attacks and Knowledge-Based Authentication - Security+ PBQ 6." Conversely, the title currently used for this video seems to fit the other video better. Thank you.
Thanks for taking the time sharing this content! It says Attacker 2 is "leveraging password/hash reference database files built-in to several penetration testing applications". And the "Files used" section mentions "rockyou.txt.gz and captured_hash.txt". The fact they're using a list of words seems to imply it's a "dictionary" attack and not just a "brute force" attack. Does that make sense?
Also - Isn't a Dictionary Attack a Brute Force attack in it self (just using the specific list)? - I too think the answer should be Dictionary Attack alone XD - Id love to hear from @cyberkraft about this
@@gijojojo You are both correct in my mind, they do say "can be cracked in hours when leveraging built in password/hash files" that is a dictionary attack! Brute force is known for being S L O W and would not reference files, if it did, it would be a hybrid attack.
I highkey hope I dont get this one
Problem is even this professional is taking 20 minutes per pbq in reality you have like 1-2 minutes to complete the pbqs lol...
if you spent 1 min on the mult choice q's it would give you more like 5-7 min for each pbq... but i get ya. and they are always so ambiguous smh
🐐