1 - Intro to Ethical Hacking Flashcards

1
Q

What is Hack Value?

A

The notion that hackers determine something is worth doing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a Vulnerability?

A

Existence of a weakness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is an exploit?

A

A breach of an IT system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a payload?

A

Part of the exploit code that performs the malicious action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a Zero Day?

A

An exploit that doesn’t have a patch available for it yet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Daisy Chaining?

A

Gaining access to one network or computer then using the same info to gain access to multiple networks or computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is doxing?

A

Publishing personal identifiable information about someone collected from public DB’s or social media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a bot?

A

A software application that can be controlled remotely to execute or automate predefined tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the elements of security?

A
  • Confidentiality:
    • Assurance that the information is only accessible only to those who have access.
      • Techniques Include:
        • Data Classification
        • Access Control Lists
  • Integrity:
    • Trustworthiness that the data hasn’t been tampered with
      • Techniques Include:
        • Using a hash value to check for changes
        • Access Control
        • File Integrity Checkers
  • Availability:
    • Assurance that the systems that are responsible for storing, processing, and delivering data are accessible.
      • Techniques Include:
        • Redundant data disk arrays
        • Back-ups
  • Authenticity:
    • Ensures that a communication, data, or document is genuine.
      • Techniques Include:
        • Digital Certificates
        • Biometrics
  • Non-Repudiation:
    • Guarantee that the sender of a message cannot deny sending the message nor can the recipient deny receiving the message.
      • Techniques Include:
        • Digital Certificates
        • Message Receipts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the Security, Functionality, and Usability Triangle?

A
  • Security:
    • Restrictions imposed on accessing components of a system.
  • Functionality:
    • Set of features provided by the system
  • Usability:
    • Ease of use
    • GUI components
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are security attacks composed of?

A

Attacks = Motives + Method + Vulnerability

  • Motives (Goal):
    • The notion that the target system stores or processes something valuable.
    • Attackers try various tools/techniques to exploit vulnerabilities in a system/policy/control to achieve their goal.
    • Common Motives:
      • Monetary
      • Disruption of business
      • Theft
      • Chaos
      • etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some attack vectors?

A
  • Cloud Computing:
    • Cloud computing is the on-demand delivery of IT services where the sensitive data for companies is stored.
    • A flaw in this could allow attackers to attain access to critical data to potentially multiple customers data.
  • Advanced Persistent Threats:
    • Attack where an attacker is stealing information from a victim’s machine without the victim knowing.
  • Viruses and Worms:
    • Malicious software that could infect a network in seconds.
  • Ransomware:
    • Malicious software that restricts access to a computer’s system files and demands payment for the return of the access.
    • Payment doesn’t guarantee you will get access in a lot of cases.
  • Mobile Threats:
    • Due to the increased proliferation of mobile devices used for business and personal purposes which generally have less restrictive security.
  • Botnet:
    • Network of compromised systems used by an intruder to perform various attacks.
  • Insider Attack:
    • Attack performed by an entrusted person who has an authorized access.
  • Phishing:
    • The act of sending an illegitimate email falsely claiming to be from a legitimate site in an attempt to gain access or account/user information.
  • Web Application Threats:
    • Targeting web applications to steal creds, set up phishing sites, or acquire private information
  • IoT Threats:
    • Iot devices contain software that access the device remotely.
    • Flaws could allow attackers access into this device.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the threat categories?

A
  • Network Threats:
    • As information travels from one network to another, a malicious actor could break into the communication channel and steal the information traveling over the network.
    • Techniques:
      • Sniffing
      • Spoofing
      • DNS and ARP Poisoning
      • Password-Based attacks
      • FW and IDS attacks
  • Host Threats:
    • Threats target a particular system on which valuable information resides.
    • Techniques:
      • Malware
      • Profiling
      • Password Attacks
      • Foot Printing
      • Privilege Escalation
      • Backdoor attacks
      • Physical Security Attacks
  • Application Threats:
    • Attackers exploit the vulnerabilities present in an application to steal or destroy data.
    • Techniques:
      • Improper Data Validation
      • Authentication Attacks
      • Security Misconfig
      • Improper Error Handling
      • Hidden-Field manipulation
      • Broken Session Management
      • Buffer Overflow issues
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the types of attacks on a system?

A
  • OS Attacks:
    • Attackers search for vulnerabilities in the system’s design, installation, or configuration and exploit them to gain access to a system.
    • Today’s OS’ are increasingly complex. Extensive tweaking is required to lock them down.
    • Most OS installation programs install a large number of services and open ports.
    • OS Vulnerabilities:
      • Buffer Overflow
      • Bugs in the OS
      • Unpatched OS
  • Misconfiguration Attacks:
    • Misconfig vulnerabilities affect web servers, application platforms, databases, networks, or frameworks that may result in illegal access or possible owning of the system.
    • Admins should change the default config of the devices before deploying them in the production network.
    • Remove any unneeded services or software.
  • Application-Level Attacks:
    • Attackers exploit the vulnerabilities in applications running on org’s information system to gain unauthorized access and steal or manipulate data.
    • Attacks:
      • Buffer Overflow
      • Cross-site scripting
      • SQL injecting
      • Man in the middle
      • session hijacking
      • Denial of Service
  • Shrink-Wrap Code Attacks:
    • Attackers exploit default configuration and settings of the off-the-shelf libraries and code.
    • Developers need to customize and fine-tune every part of their code in order to make it not only more secure but make it different enough where the same exploit will not work.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is information warfare and what are the different types?

A
  • The use of information and communication technologies (ICT) to take competitive advantages over an opponent.
  • Defensive Information Warfare:
    • Refers to all strategies and actions to defend against attacks on ICT assets.
    • Techniques:
      • Prevention
      • Deterrence
      • Alerts
      • Detection
      • Emergency Preparedness
      • Response
  • Offensive Information Warfare:
    • Refers to information warfare that involves attacks against ICT assets of an opponent.
    • Techniques:
      • Web App Attacks
      • Web Server Attacks
      • Malware Attacks
      • MitM Attacks
      • System Hacking
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the categories of information warfare?

A
  • Command and Control warfare (C2 warfare):
    • The impact an attacker possesses over a compromised system.
  • Intelligence-based Warfare:
    • Warfare that consists of the design, protection, and denial of systems that seek sufficient knowledge to dominate the battle space
  • Electronic Warfare:
    • Use of Radio and Cryptographic techniques to degrade information.
    • Radio electronic method attacks the physical means of sending information.
    • Cryptographic method uses bits and bytes to disrupt the means of sending information.
  • Psychological Warfare:
    • The use of various techniques such as propaganda and terror to demoralize one’s adversary in an attempt to succeed in the battle.
  • Hacker Warfare:
    • Can vary from shutdown of systems, data errors, theft of info & services, system monitoring, false messaging, and access to data.
    • Hackers generally use viruses, logic bombs, Trojan horses, and sniffers to perform these attacks.
  • Economic Warfare:
    • Can effect the economy of a business or nation by blocking the flow of information.
  • Cyber Warfare:
    • The use of information systems against the virtual personas of individuals or groups.
17
Q

What is Hacking?

A
  • The exploitation of system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to the system resources.
  • Involves modifying system or application features to achieve a goal outside of the creator’s original purpose.
  • Hacking can be used to steal, pilfer, and redistribute intellectual property leading to business loss.
18
Q

Who is a hacker?

A
  • A person who breaks into a system or network without any authorization to destroy, steal sensitive data, or performs malicious attacks.
  • Intelligent individuals with excellent computer skills with the ability to create and explore into the computer’s software and hardware
  • For some, hacking is a hobby to see how many computers or networks they can compromise.
  • Intentions can be for knowledge, illegal motives, malicious, etc.
19
Q

What are the classes of hackers?

A
  • Black Hats:
    • Individuals with extraordinary computing skills resorting to malicious or destructive activities (aka Crackers)
  • White Hats:
    • Individuals professing hacker skills and using them for defensive purposes and are also known as security analysts.
    • Permission from the system owner
  • Gray Hats:
    • Individuals who work both offensively and defensively at various times
  • Suicide Hackers:
    • Individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms or any other kind of punishment
  • Script Kiddies:
    • An unskilled hacker who compromises system by running scripts, tools, and software developed by real hackers.
  • Cyber Terrorists:
    • Individuals with wide range of skills, motivated by religious or political beliefs to create fear by large scale disruption
  • State Sponsored Hackers:
    • Individuals employed by the government to penetrate and gain top-secret info and to damage info systems of other governments.
  • Hacktivists:
    • Individuals who promote a political agenda by hacking.
20
Q

What are the phases of hacking?

A
  • Reconnaissance:
    • Refers to prepatory phase where an attacker seeks to gather information about a target prior to launching an attack.
    • Could be the future point of return.
    • The target range may include the target organization’s clients, employees, operations, networks, and systems.
    • May involve social engineering and dumpster diving
    • Recon types:
      • Passive:
        • Involves acquiring information without directly interacting with the target.
        • E.g. news releases , public records
      • Active:
        • Involves interacting with the target directly by any means.
        • Attackers use this technique when there is low probability of detection.
  • Scanning:
    • Phase immediately preceding the attack.
    • The attacker uses the details gathered during recon to scan the network for specific information.
    • Scanning can include use of dialers, network mappers, ping tools, vulnerability scanners, etc.
    • Attackers extract information such as live machines, port, port status, OS details, device type, system uptime, etc. to launch an attack.
  • Gaining Access:
    • Attackers use vulnerabilities identified during the recon and scanning phases to gain access to the target system and network.
    • Gaining Access refers the point where the attacker obtains access to operating system or applications on the computer or network.
    • An attacker can gain access at the operating system level, application level, or network level.
    • Once an attacker gains access to the target system, he/she then tries to escalate privileges in order to take complete control of the target system.
      • In the process, intermediate systems are also compromised.
    • Examples include password cracking, stack based buffer overflows, denial of service, and session hijacking
  • Maintaining Access:
    • Phase where attacker tries to maintain their ownership (as root/admin).
    • Attackers can use the system and its resources at will and can either use system as a launching pad to other systems or keep a low profile.
    • Attackers may prevent other attackers from owning the system by utilizing Backdoors, Rootkits, or Trojans.
      • Rootkits gain access at the OS level.
      • Trojans gain access at the application level.
      • Both Rootkits and Trojans require users to install them locally.
    • Attackers can upload, download, or manipulate data, applications, and configs on the owned system.
    • Attackers use the compromised system to launch further attacks.
  • Clearing Tracks:
    • Attackers usually attempt to erase all evidence of their actions.
    • Trojans and Rootkits can be used to delete/replace critical system and log files
    • Steganography is the process of hiding data in other data like image and sound files.
    • Tunneling is taking advantage of transmission protocol by carrying one protocol over another.
21
Q

What is Ethical Hacking?

A

The practice of employing computer and network skills in order to assist org’s in testing their network security for possible loopholes and vulnerabilities.

22
Q

What is an Information Security Control?

A

Controls prevent the occurrence of unwanted events and reduce risk to the organizations info assets.

23
Q

What is Information Assurance?

A

The assurance of the integrity, availability, confidentiality, and authenticity of information and information systems during usage, processing, storage, and transmission of information.

24
Q

What is a Information Security Management Framework?

A

Combination of well-defined policies, processes, procedures, standards, and guidelines to establish the required level of infosec.

25
Q

What are the different network zones?

A
  • Internet:
    • Untrusted
    • Outside boundaries of an org
  • Internet DMZ:
    • Controlled
    • Internet facing
    • Contains web servers and email gateways
    • Acts a barrier between org’s private network and its public network
    • Has FW at each face
  • Production Network Zone:
    • Known as a restricted zone
    • Supports functions for which access should be limited
  • Intranet Zone:
    • Controlled zone
    • Contains hosts in an org’s network located behind a single FW or set of FW’s
  • Management Network Zone or Secured Zone:
    • Access is limited
    • Access to one area of zone doesn’t mean access to another area applies
    • Secured with strict policies
26
Q

What is Defense in Depth?

A
  • A security strategy in which several protection layers are placed throughout an information system.
  • Helps prevent direct attacks
  • Military principle of its more difficult to defeat a complex and multi-layered defense system than to penetrate a single barrier.
27
Q

What is Risk?

A
  • Risk refers to a degree of uncertainty or expectation that an adverse event may cause damage to the system
  • Risk = Threat x Vulnerability x Impact
  • Risk is the combination of the following two factors:
    • Probability of the occurrence of an adverse event
    • Consequence of that event
  • Risk Levels:
    • Level of Risk = Consequence x Likelihood
    • Extreme/High:
      • Immediate measures should be performed to combat risk
    • Medium:
      • Immediate action is not required but a resolution should happen quickly
    • Low:
      • Take preventative steps to mitigate the effects of risk.
28
Q

WHat is Risk Management?

A

The process of reducing and maintaining risk at an acceptable level

29
Q

What are the Phases of Risk Management?

A
  • Identification
    • Identifies sources, consequences, etc of risks affecting org.
  • Assessment
    • Assesses org’s risk and provides an estimate on the likelihood and impact of the risk
  • Treatment
    • Selects and implements appropriate controls
  • Tracking
    • Ensures appropriate controls are implemented
  • Review
    • Evaluates the performance of the implemented risk management strategies.
30
Q

What is Incident Management?

A

A set of defined processes to identify, analyze, prioritize, and resolve security incidents.

31
Q

What is a SIEM?

A

Security Incident and Event Management (SIEM).

Performs real time SOC functions related to security incidents

Tracks suspicious end-user behavior

Combines Security Information Management (SIM) and Security Event Management (SEM)

SIM supports permanent storage, analysis, and reporting of log data.

SEM deals with real time monitoring and analysis of events

32
Q

What are the classification of attacks?

A
  • Passive Attacks: Involve intercepting and monitoring network traffic and data flow on the target network and do not tamper with the data.
  • Active Attacks: Tamper with the data in transit or disrupt communication or services between the systems to bypass or break into secured systems.
  • Close-In Attacks: When the attacker is in close physical proximity with the target system or network.
  • Insider Attack: Performed trusted persons who have physical access to the critical assets of the target.
  • Distribution Attacks: When attackers tamper with hardware or software prior to installation.
33
Q

What is the Cyber Kill Chain Methodology?

A
  • Reconnaissance: Gather data on the target to probe for weak points.
  • Weaponization: Create a deliverable malicious payload using an exploit and a backdoor
  • Delivery: Send weaponized bundle to the victim using email, USB, etc.
  • Exploitation: Exploit a vulnerability by executing code on the victim’s system
  • Installation: Install malware on the target system
  • Command and Control: Create a command and control channel to communicate and pass data back and forth
  • Actions on Objective: Perform actions to achieve intended objectives/goals.
34
Q

What is Tactics, Techniques, and Procedures (TTPs) referring to?

A

The Patterns of activities and methods associated with specific threat actors or groups of threat actors.

  • Tactics: The guidelines that describe the way an attacker performs the attack from beginning to the end. Info gathering, privilege escalation, and lateral movement.
  • Techniques: The technical methods used by an attacker to achieve intermediate results during the attack. Initial exploitation, setting up and maintaining command and control channels.
  • Procedures: Organizational approaches that threat actors follow to launch an attack.
35
Q

What is Adversary Behavioral Identification?

A

The identification of the common methods or techniques followed by an adversary to launch attacks on or to penetrate an organization’s network.

  • Internal Reconnaissance: Once inside network, enumeration of resources
  • Use of PowerShell: Can be used as a tool for automating data exfil and launching further attacks.
  • Unspecified Proxy Activities: Adversary can create and configure multiple domains pointing to the same host allowing an adversary to switch quickly between the domains to avoid detection.
  • Use of Command-Line Interface: Adversary cam make use of the CLI to interact with the target system, browse the files, read and modify the file content, create new accounts,, connect to the remote system, and download and install malicious code.
  • HTTP User Agent: server identifies the connected HTTP client using the user agent field.
  • Command and Control Server: Use CC servers to communicate remotely with comprised systems through an encrypted session.
  • Use of DNS Tunneling: Use DNS tunneling to obfuscate malicious traffic in the legitimate traffic carried by common protocols used in the network.
  • Use of Web Shell: Manipulate the web server by creating a shell within a website; it allows an adversary to gain remote access to the functionalities of a server.
  • Data Staging: After successful penetration into a target’s network, the adversary uses data staging techniques to collect and combine as much data as possible.
36
Q

What are Indicators of Compromise (IoCs)?

A

The clues, artifacts, and pieces of forensic data found on the network or OS of an organization that indicate a potential intrusion or malicious activity in the organization’s infrastructure. **They are not intelligence**

37
Q

What is Cyber Threat Intelligence?

A

The collection and analysis of information about threats and adversaries and the drawing of patterns that provide the ability to make knowledgeable decisions for preparedness, prevention, and response actions against various cyber-attacks.

  • Strategic: High level info on changing risks
  • Tactical: Information on attackers TTPs
  • Operational: Information on specific incoming attack
  • Technical: Info on specific IoCs.
38
Q

What is Incident Handling and Response?

A

The process of taking organized and careful steps when reacting to a security incident or cyberattack.

  • Steps:
    • Preparation
    • Incident Recording and Assignment
    • Incident Triage
    • Notification
    • Containment
    • Evidence Gathering and Forensic Analysis
    • Eradication
    • Recovery
    • Post Incident Activities
39
Q

How can AI and ML prevent cyber attacks?

A
  • Password Protection/Authentication
  • Phishing Detection and Prevention
  • Threat Detection
  • Vulnerability Management
  • Behavioral Analytics
  • Network Security
  • AI-based Antivirus
  • Fraud Detection
  • Botnet Detection
  • AI to Combat AI Threats