1.0 Attacks, Threats, and Vulnerabilities Flashcards
Social engineering with a touch of spoofing
Phishing
A type of URL hijacking where attackers register intentionally misspelled domain names similar to popular domain names
Typosquatting
Lying to get information. Adding a disclaimer or information text to the emails received from external domains
Pretexting
Social engineering attack that targets individuals in an organization
Spear Phishing
Social engineering attack that targets high-profiled individuals in an organization
Whaling
Redirect a legit website to a bogus site
Pharming
Voice phishing
Vishing
SMS phishing
Smishing
Gather information about the victim before phishing
Reconnaissance
Attacker pretends to be someone they are not
Impersonation
A threat that does not actually exist
Computer hoaxes
Infect third-party site that is visited
Watering Hole Attack
Having a layered defense
Defense-in-Depth
Unsolicited messages
Spam
Spam over Instant Messaging
SPIM
Intentionally slow down the server conversation
Tarpitting
Attacker collects login credentials
Credential Harvesting
What are these a principle of?
1. Authority
2. Intimidation
3. Consensus/Social Proof
4. Scarcity
5. Urgency
6. Familiarity/Liking
7. Trust
Social Engineering Principles
Malicious software
Malware
Malware that can reproduce itself but needs you to execute a program
Virus
Virus that is part of the application
Program Virus
Virus that infects the boot sector
Boot Sector Virus
Virus that is OS and browser-based
Script Virus
Virus that is common in Microsoft Office
Macros Virus
Virus that operates in memory inside RAM but is never installed in a file or application
Fileless Virus
Malware that self-replicates
Worm
Personal Identifiable Information
PII
Attacker wants your money
Ransomware
Malware encrypts your data files
Crypto-malware
Software that pretends to be something else
Trojan Horse
Undesirable software
PUP (Potentially Unwanted Program)
Malware that has a backdoor
RAT (Remote Access Trojan)
Modifies core system files and is part of the kernel which is invisible to the OS
Rootkits
Software that displays online advertisement to users
Adware
Malicious software that secretly collects and sends information about a person or organization to a third party
Spyware
Group of bots (malware-infected computers) working together and controlled by a single attacking party
Botnets
Malicious attack that makes online service, network resource, or host machine unavailable
DDoS (Distributed Denial of Service)
Malicious piece of code that is secretly inserted into a computer network, operating system, or software application and lies dormant until a specific condition occurs
Logic Bomb
Tries common passwords on multiple accounts a few times so that there are no lockouts, no alarms, and no alerts
Spraying Attack
Try every possible password until the hash is matched
Brute Force
Use dictionary to find common words and can substitute letters for numbers
Dictionary Attack
Optimzed, pre-built set of hashes
Rainbow Tables
Extra random data
Salt
Doesn’t need extra rights or permissions. Like a keyboard or a mouse
HID (Human Interface Device)
Stealing credit card info usually during a normal transaction
Skimming
Compuers that identify patterns in data and improve their predictions with training data
Machine Learning
Hash collision attack
Birthday Attack
form of hashing that had many hash collisions
MD5 (Message Digest Algorithm 5)
gain higher-level access to a system
TLS (Transport Layer Security)
encrypted link between web server and web browser
SSL (Secure Sockets Layer)
Gain higher level access
Privilege Escalation
Only data in executable areas can run
Data Execution Prevention
Takes advantage of trust a user has for a site
XSS (Cross-site Scripting)
web site allows scripts to run in user input
Non-persistent (reflected) XSS Attack
attacker posts a message to a social network, no specific target
Persistent (stored) XSS Attack
modifying SQL (Structured Query Language) requests
SQL Injection
Adding your own information to a data stream
Code Injection
Modifying XML (Extensible Markup Language) requests
XML Injection
Dynamic-Link library have an application run a program
DLL Injection (Dynamic-Link Library)
Overwriting a buffer of memory
Buffer Overflows
Attacker uses information gathered over network to to either delay or repeat it
Replay Attack
Technique where attacker captures hash of a user and sends his own authentication request with captured credentials to access the same network
Pass the Hash Attack
Code injection technique used to exploit web applications which could reveal sensitive user information or modify information, manipulates application results
LDAP Injection (Lightweight Directory Access Protocol)
a piece of data from a website that is stored within a web browser that the website can retrieve at a later time
cookies
Attacker intercepts the session ID and uses it to access the server with the victim’s credentials, doesn’t require username/password
Sidejacking (Session hijacking)
An attack that attempts to have users unknowingly execute actions on a web application for which they are currently authenticated. One-click attack, session riding that takes advantage of trust that a web application has for an authenticated user
- Cookie-based session handling.
- No unpredictable request parameters
- The user clicks the malicious URL.
- The user must be logged in to the vulnerable web application.
XSRF, CSRF (Cross-site request forgery)
Attacker finds vulnerable web applications and sends requests to a web server which performs the request on behalf of the attacker
1. Attacker sends a request that controls a web application
2. Web server sends request to another service (ex cloud file storage)
3. Cloud storage sends response to web server
4. Web server forwards response to attacker
SSRF (Server-side request forgery)
Filling in the spaces between two objects, a middleman, Windows has its own shim to backwards compatibility with previous windows versions
Shimming
metamorphic malware. A different program each time it’s downloaded. difficult to match with signature-based detection
refactoring
SSL Stripping/HTTP downgrade
Time of check time of use
TOCTOU
memory leak
NULL Pointer dereference
Integer Overflow
Directory Traversal
API Attacks
Resource Exhaustion
ZIP bomb
DHCP Starvation
Rogue Access Points
Wireless Evil Twins
Bluejacking
Bluesnarfing
Wireless Disassociation
RFID Atacks
nonce
NFC
Initiazlization Vectors
On-path Network attack
ARP Poisioning
On-path browser attack
STP
MAC Flooding
MAC Cloning
DNS Poisoning
Domain Hijacking
DDOS
DDOS Amplification
Applicaiton DOS
OT DOS
Powershell
Python
Shell Script
Macros
VBA
Threat actors
APT
Nation states
Hacktivist
Script Kiddies
Organizes Crime
Shadow IT
Attack vectors
OSINT
CVE
NVD
IOC
RFC
TTP
Zero-day attacks
Unsecured root accounts
Common Vulnerability Scoring system
CVSS
logging of security events and information
Security Information and Event Management (SIEM)
standard for message logging
Syslog
simulate an attack
Pentest
document that defines the purpose and scope of a pentest
Rules of engagement
gather information before an atack
Reconaissance
Reconnaissance through open source
Passive footprinting
combine wifi monitoring and a gps
Wardriving/Warflying
gathering info from many open sources
Open source Intelligence (OSINT)
Offensive security team, ethical hacking, exploiting vulnerabilities, social engineering, web app scanning
Red Team
defensive security team, protecting the data, daily security tasks, incidence response, threat hunting, digital forensics
Blue Team
red and blue teams working together
Purple team
Manages interactions between red team and blue team
White team
