1 - Intro to Ethical Hacking Flashcards
What is Hack Value?
The notion that hackers determine something is worth doing.
What is a Vulnerability?
Existence of a weakness
What is an exploit?
A breach of an IT system.
What is a payload?
Part of the exploit code that performs the malicious action.
What is a Zero Day?
An exploit that doesn’t have a patch available for it yet.
What is Daisy Chaining?
Gaining access to one network or computer then using the same info to gain access to multiple networks or computers.
What is doxing?
Publishing personal identifiable information about someone collected from public DB’s or social media.
What is a bot?
A software application that can be controlled remotely to execute or automate predefined tasks.
What are the elements of security?
-
Confidentiality:
- Assurance that the information is only accessible only to those who have access.
- Techniques Include:
- Data Classification
- Access Control Lists
- Techniques Include:
- Assurance that the information is only accessible only to those who have access.
-
Integrity:
- Trustworthiness that the data hasn’t been tampered with
- Techniques Include:
- Using a hash value to check for changes
- Access Control
- File Integrity Checkers
- Techniques Include:
- Trustworthiness that the data hasn’t been tampered with
-
Availability:
- Assurance that the systems that are responsible for storing, processing, and delivering data are accessible.
- Techniques Include:
- Redundant data disk arrays
- Back-ups
- Techniques Include:
- Assurance that the systems that are responsible for storing, processing, and delivering data are accessible.
-
Authenticity:
- Ensures that a communication, data, or document is genuine.
- Techniques Include:
- Digital Certificates
- Biometrics
- Techniques Include:
- Ensures that a communication, data, or document is genuine.
-
Non-Repudiation:
- Guarantee that the sender of a message cannot deny sending the message nor can the recipient deny receiving the message.
- Techniques Include:
- Digital Certificates
- Message Receipts
- Techniques Include:
- Guarantee that the sender of a message cannot deny sending the message nor can the recipient deny receiving the message.
What is the Security, Functionality, and Usability Triangle?
-
Security:
- Restrictions imposed on accessing components of a system.
-
Functionality:
- Set of features provided by the system
-
Usability:
- Ease of use
- GUI components
What are security attacks composed of?
Attacks = Motives + Method + Vulnerability
- Motives (Goal):
- The notion that the target system stores or processes something valuable.
- Attackers try various tools/techniques to exploit vulnerabilities in a system/policy/control to achieve their goal.
- Common Motives:
- Monetary
- Disruption of business
- Theft
- Chaos
- etc.
What are some attack vectors?
-
Cloud Computing:
- Cloud computing is the on-demand delivery of IT services where the sensitive data for companies is stored.
- A flaw in this could allow attackers to attain access to critical data to potentially multiple customers data.
-
Advanced Persistent Threats:
- Attack where an attacker is stealing information from a victim’s machine without the victim knowing.
-
Viruses and Worms:
- Malicious software that could infect a network in seconds.
-
Ransomware:
- Malicious software that restricts access to a computer’s system files and demands payment for the return of the access.
- Payment doesn’t guarantee you will get access in a lot of cases.
-
Mobile Threats:
- Due to the increased proliferation of mobile devices used for business and personal purposes which generally have less restrictive security.
-
Botnet:
- Network of compromised systems used by an intruder to perform various attacks.
-
Insider Attack:
- Attack performed by an entrusted person who has an authorized access.
-
Phishing:
- The act of sending an illegitimate email falsely claiming to be from a legitimate site in an attempt to gain access or account/user information.
-
Web Application Threats:
- Targeting web applications to steal creds, set up phishing sites, or acquire private information
-
IoT Threats:
- Iot devices contain software that access the device remotely.
- Flaws could allow attackers access into this device.
What are the threat categories?
-
Network Threats:
- As information travels from one network to another, a malicious actor could break into the communication channel and steal the information traveling over the network.
- Techniques:
- Sniffing
- Spoofing
- DNS and ARP Poisoning
- Password-Based attacks
- FW and IDS attacks
-
Host Threats:
- Threats target a particular system on which valuable information resides.
- Techniques:
- Malware
- Profiling
- Password Attacks
- Foot Printing
- Privilege Escalation
- Backdoor attacks
- Physical Security Attacks
-
Application Threats:
- Attackers exploit the vulnerabilities present in an application to steal or destroy data.
- Techniques:
- Improper Data Validation
- Authentication Attacks
- Security Misconfig
- Improper Error Handling
- Hidden-Field manipulation
- Broken Session Management
- Buffer Overflow issues
What are the types of attacks on a system?
-
OS Attacks:
- Attackers search for vulnerabilities in the system’s design, installation, or configuration and exploit them to gain access to a system.
- Today’s OS’ are increasingly complex. Extensive tweaking is required to lock them down.
- Most OS installation programs install a large number of services and open ports.
- OS Vulnerabilities:
- Buffer Overflow
- Bugs in the OS
- Unpatched OS
-
Misconfiguration Attacks:
- Misconfig vulnerabilities affect web servers, application platforms, databases, networks, or frameworks that may result in illegal access or possible owning of the system.
- Admins should change the default config of the devices before deploying them in the production network.
- Remove any unneeded services or software.
-
Application-Level Attacks:
- Attackers exploit the vulnerabilities in applications running on org’s information system to gain unauthorized access and steal or manipulate data.
- Attacks:
- Buffer Overflow
- Cross-site scripting
- SQL injecting
- Man in the middle
- session hijacking
- Denial of Service
-
Shrink-Wrap Code Attacks:
- Attackers exploit default configuration and settings of the off-the-shelf libraries and code.
- Developers need to customize and fine-tune every part of their code in order to make it not only more secure but make it different enough where the same exploit will not work.
What is information warfare and what are the different types?
- The use of information and communication technologies (ICT) to take competitive advantages over an opponent.
-
Defensive Information Warfare:
- Refers to all strategies and actions to defend against attacks on ICT assets.
- Techniques:
- Prevention
- Deterrence
- Alerts
- Detection
- Emergency Preparedness
- Response
-
Offensive Information Warfare:
- Refers to information warfare that involves attacks against ICT assets of an opponent.
- Techniques:
- Web App Attacks
- Web Server Attacks
- Malware Attacks
- MitM Attacks
- System Hacking
What are the categories of information warfare?
-
Command and Control warfare (C2 warfare):
- The impact an attacker possesses over a compromised system.
-
Intelligence-based Warfare:
- Warfare that consists of the design, protection, and denial of systems that seek sufficient knowledge to dominate the battle space
-
Electronic Warfare:
- Use of Radio and Cryptographic techniques to degrade information.
- Radio electronic method attacks the physical means of sending information.
- Cryptographic method uses bits and bytes to disrupt the means of sending information.
-
Psychological Warfare:
- The use of various techniques such as propaganda and terror to demoralize one’s adversary in an attempt to succeed in the battle.
-
Hacker Warfare:
- Can vary from shutdown of systems, data errors, theft of info & services, system monitoring, false messaging, and access to data.
- Hackers generally use viruses, logic bombs, Trojan horses, and sniffers to perform these attacks.
-
Economic Warfare:
- Can effect the economy of a business or nation by blocking the flow of information.
-
Cyber Warfare:
- The use of information systems against the virtual personas of individuals or groups.
What is Hacking?
- The exploitation of system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to the system resources.
- Involves modifying system or application features to achieve a goal outside of the creator’s original purpose.
- Hacking can be used to steal, pilfer, and redistribute intellectual property leading to business loss.
Who is a hacker?
- A person who breaks into a system or network without any authorization to destroy, steal sensitive data, or performs malicious attacks.
- Intelligent individuals with excellent computer skills with the ability to create and explore into the computer’s software and hardware
- For some, hacking is a hobby to see how many computers or networks they can compromise.
- Intentions can be for knowledge, illegal motives, malicious, etc.
What are the classes of hackers?
-
Black Hats:
- Individuals with extraordinary computing skills resorting to malicious or destructive activities (aka Crackers)
-
White Hats:
- Individuals professing hacker skills and using them for defensive purposes and are also known as security analysts.
- Permission from the system owner
-
Gray Hats:
- Individuals who work both offensively and defensively at various times
-
Suicide Hackers:
- Individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms or any other kind of punishment
-
Script Kiddies:
- An unskilled hacker who compromises system by running scripts, tools, and software developed by real hackers.
-
Cyber Terrorists:
- Individuals with wide range of skills, motivated by religious or political beliefs to create fear by large scale disruption
-
State Sponsored Hackers:
- Individuals employed by the government to penetrate and gain top-secret info and to damage info systems of other governments.
-
Hacktivists:
- Individuals who promote a political agenda by hacking.
What are the phases of hacking?
-
Reconnaissance:
- Refers to prepatory phase where an attacker seeks to gather information about a target prior to launching an attack.
- Could be the future point of return.
- The target range may include the target organization’s clients, employees, operations, networks, and systems.
- May involve social engineering and dumpster diving
- Recon types:
- Passive:
- Involves acquiring information without directly interacting with the target.
- E.g. news releases , public records
- Active:
- Involves interacting with the target directly by any means.
- Attackers use this technique when there is low probability of detection.
- Passive:
-
Scanning:
- Phase immediately preceding the attack.
- The attacker uses the details gathered during recon to scan the network for specific information.
- Scanning can include use of dialers, network mappers, ping tools, vulnerability scanners, etc.
- Attackers extract information such as live machines, port, port status, OS details, device type, system uptime, etc. to launch an attack.
-
Gaining Access:
- Attackers use vulnerabilities identified during the recon and scanning phases to gain access to the target system and network.
- Gaining Access refers the point where the attacker obtains access to operating system or applications on the computer or network.
- An attacker can gain access at the operating system level, application level, or network level.
- Once an attacker gains access to the target system, he/she then tries to escalate privileges in order to take complete control of the target system.
- In the process, intermediate systems are also compromised.
- Examples include password cracking, stack based buffer overflows, denial of service, and session hijacking
-
Maintaining Access:
- Phase where attacker tries to maintain their ownership (as root/admin).
- Attackers can use the system and its resources at will and can either use system as a launching pad to other systems or keep a low profile.
- Attackers may prevent other attackers from owning the system by utilizing Backdoors, Rootkits, or Trojans.
- Rootkits gain access at the OS level.
- Trojans gain access at the application level.
- Both Rootkits and Trojans require users to install them locally.
- Attackers can upload, download, or manipulate data, applications, and configs on the owned system.
- Attackers use the compromised system to launch further attacks.
-
Clearing Tracks:
- Attackers usually attempt to erase all evidence of their actions.
- Trojans and Rootkits can be used to delete/replace critical system and log files
- Steganography is the process of hiding data in other data like image and sound files.
- Tunneling is taking advantage of transmission protocol by carrying one protocol over another.
What is Ethical Hacking?
The practice of employing computer and network skills in order to assist org’s in testing their network security for possible loopholes and vulnerabilities.
What is an Information Security Control?
Controls prevent the occurrence of unwanted events and reduce risk to the organizations info assets.
What is Information Assurance?
The assurance of the integrity, availability, confidentiality, and authenticity of information and information systems during usage, processing, storage, and transmission of information.
What is a Information Security Management Framework?
Combination of well-defined policies, processes, procedures, standards, and guidelines to establish the required level of infosec.