Ethical Hacking Essentials Practice Test

Which technique exploits pre-installed tools in Windows to execute malicious code without traditional file usage?

• A. Network propagation
• B. Native applications
• C. Executable file infection
• D. Script-based attack

The correct answer is: Native applications

The focus of this question is on a technique that takes advantage of the capabilities of the Windows operating system and its pre-installed tools to run malicious actions while avoiding traditional file usage. The correct choice, which refers to native applications, highlights how these built-in tools can be exploited for executing malicious code. Native applications in Windows, such as PowerShell and Command Prompt, provide a rich environment where attackers can employ various commands and scripts directly, often without needing to introduce new files onto the system. This technique can help circumvent many traditional security measures that are designed to detect or block unfamiliar executable files, as the native tools are already a part of the operating system. For example, an attacker might use PowerShell to execute malicious commands that exploit existing trusted applications and frameworks. This approach allows malicious activities to be disguised as legitimate processes, making detection more challenging. In contrast, the other options do not effectively convey the same concept. Network propagation typically refers to how malware spreads across systems over a network, while executable file infection implies altering existing files, which is more traditional and involves introducing new code. A script-based attack, while relevant, focuses specifically on the use of scripts rather than leveraging the built-in capabilities of the operating system itself to execute actions, which is the