1.0 Flashcards
Backdoor Testing
Backdoor testing refers to the process of evaluating a system or software application for the presence of hidden, undocumented, or unauthorized entry points known as “backdoors.” These backdoors can be intentionally or unintentionally created during development and may allow unauthorized access or control over the system.
Passive footprinting
A technique used in cybersecurity and ethical hacking to gather information about a target system, network, or organization without directly interacting with it. Passive footprinting relies on publicly available information and data sources, Learn as much as you can from open sources.
OS fingerprinting
A method used to identify the operating system running on a device in a network. It can be active, where specific packets are sent and responses analyzed, or passive, where network traffic is observed for OS characteristics. This information is valuable for network management, security assessments, and troubleshooting.
SOAR
Security Orchestration, Automation, and Response
A system designed to facilitate responses in incident response situations. Automate routine (Signitures), tedious, and time intensive activities.
Nation state
Often associated with advanced cyber capabilities and may engage in cyber espionage, cyber warfare, or other cyber activities for political, economic, or military purposes.
Governments
* National security, job security
* Always an external entity
DLL injection
Dynamic Link Library Injection
An attack that uses the injection of a DLL onto a system, altering the processing of a program by in essence recoding it.
Resource exhaustion
overloads the system’s resources and prevents legitimate users from accessing services on the target computer.
Wireless disassociation
Attacks against a wireless system are attacks designed to disassociate a host from the wireless access point and from the wireless network.
SIEM
Security Information and Event Management
Provides a centralized solution for collecting, analyzing, and managing data from multiple sources.
False negatives
Occurs when an IDS or IPS fails to send an alarm or alert even though an attack is active.
Credentialed
A type of security assessment or vulnerability scan that is conducted with privileged credentials, such as username and password combinations, to access and analyze the internal components of a system or network.
Non-credentialed
Also known as external scans or unauthenticated scans, are security assessments or vulnerability scans conducted without using specific credentials to access the internal components of a system or network.
DNS poisoning
Domain Name System poisoning
This is a type of attack where a DNS cache is manipulated to redirect domain name resolution to malicious IP addresses. The goal is to misdirect users to fake websites or servers controlled by attackers, leading to potential security breaches or data theft.
Prepending
When information is added to the beginning of malicious data. Ex. https://pprofessormesser.com
CSRF/XSRF
Cross-Site Request Forgery
An attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.
SSL Stripping
Secure Sockets Layer Stripping
An attack where the hacker is able to place themselves between the victim and a secure HTTPS site that the victim uses. “stripping” https:// URLs and turning them into http:// URLs.
ARP poisoning
ARP poisoning, also known as ARP spoofing, is a type of cyber attack where the attacker targets the ARP cache of devices on a local network. In this attack, the attacker sends falsified ARP messages to associate their MAC address with the IP address of another device on the network, such as a router or a victim’s device. This can lead to traffic being redirected through the attacker’s device, allowing them to intercept, modify, or block network communication.
Macros
Automated sequences of commands or actions in software applications, often used for repetitive tasks or to automate complex processes.
Collision
When different inputs create the same hash, causing errors or data loss.
Watering Hole
A cyberattack strategy where attackers target websites frequently visited by a specific group of users, exploiting vulnerabilities in those sites to infect visitors with malware.
Typosquatting
A technique where attackers register domain names similar to popular ones, relying on users’ typographical errors to redirect them to malicious websites.
Pretexting
A social engineering tactic where attackers create a false pretext or scenario to trick individuals into revealing sensitive information or performing actions they wouldn’t usually do.
Session Replay
The unauthorized capturing and playback of user sessions (such as keystrokes, mouse clicks, and form entries) on websites or applications, often used for malicious purposes like stealing credentials.
Backdoor
A hidden or undocumented entry point in software or systems, allowing unauthorized access for maintenance or exploitation by attackers.
Rootkit
Malicious software designed to gain administrator-level control over a computer system while concealing its presence from detection by antivirus or security software.
Script Kiddies
Inexperienced or unskilled individuals who use pre-made scripts or tools to launch cyberattacks, often without fully understanding the underlying technology or risks.
APT (Advanced Persistent Threat)
A sophisticated and persistent cyberattack carried out by skilled and well-funded threat actors, usually targeting specific organizations or individuals over an extended period.
Threat Hunting
Proactive and continuous process of searching for and identifying potential security threats or anomalies within a network or system, aiming to detect and mitigate them before they cause harm.
Cross-site Scripting (XSS)
A type of web security vulnerability where attackers inject malicious scripts into web pages viewed by other users, allowing them to steal sensitive data or perform unauthorized actions.
Password Spraying
A brute-force attack method where attackers attempt to access multiple user accounts by trying a few commonly used passwords against many usernames, reducing the risk of account lockout.
XML Injection
A type of injection attack where attackers exploit vulnerabilities in XML input handling to manipulate XML data or execute malicious commands, potentially leading to data disclosure or system compromise.
Pharming
A cyberattack that redirects website traffic to a fake or malicious website, often achieved through DNS spoofing or manipulation to trick users into disclosing sensitive information.
Smurfing
A type of distributed denial-of-service (DDoS) attack where attackers flood a target network with ICMP echo request (ping) packets, often using IP spoofing to amplify the attack’s impact.
Spim
Unsolicited and unwanted messages or spam sent through instant messaging (IM) platforms, similar to email spam but targeting IM users.
Race Condition
A software vulnerability that occurs when the outcome of a program depends on the sequence or timing of multiple concurrent events, leading to unexpected or insecure behavior.
NFC
Near Field Communication
A short-range wireless technology used for contactless data exchange between devices, commonly found in smartphones for mobile payments, access control, and data transfer.
Session Hijacking
A cyberattack where an attacker takes control of an active session between a user and a system, often by stealing session tokens or exploiting session management vulnerabilities.
Rules of Engagement
Guidelines or protocols that define the permitted actions, boundaries, and responsibilities of individuals or teams during vulnerability or penetration testing.
Initialization Vector (IV)
A random or predetermined value used as an input in cryptographic algorithms, such as block ciphers, to ensure uniqueness and strengthen encryption against attacks like replay or ciphertext manipulation.
Bluesnarfing
Unauthorized access to Bluetooth-enabled devices (such as phones or laptops) to steal data, access functions, or control the device’s settings without the owner’s knowledge or consent.
Bluejacking
Sending unsolicited messages or data to Bluetooth-enabled devices, exploiting their discoverability feature without establishing a connection, often used for harmless pranks or marketing purposes.
Credential Stuffing
A cyberattack method where attackers use stolen username-password pairs from one website to gain unauthorized access to accounts on other platforms, exploiting users’ reuse of credentials across multiple sites.
Whaling
A targeted phishing attack that focuses on high-profile or executive-level individuals within organizations, aiming to steal sensitive information, credentials, or financial assets.
Reconnaissance
The phase of a cyberattack where attackers gather information about a target system, network, or organization, including identifying vulnerabilities, system configurations, and potential entry points.
Hybrid Warfare
A strategy that combines conventional military tactics with cyberattacks, information warfare, propaganda, and other non-traditional methods to achieve strategic objectives in conflicts.
Birthday Attack
A cryptographic attack that exploits the probability of collisions in hash functions, allowing attackers to generate two different inputs with the same hash value, potentially compromising integrity or authentication mechanisms.
Rainbow Table
A precomputed table of hash values for common passwords or inputs, used in password cracking attacks to quickly reverse hash functions and recover plaintext passwords.
White-team
A group or team responsible for conducting security assessments, penetration testing, and evaluating defensive measures within an organization, often working collaboratively with blue teams and red teams.
Purple-team
A collaborative approach in cybersecurity where red teams (offensive security) and blue teams (defensive security) work together to simulate attacks, test defenses, share knowledge, and improve overall security posture.
MAC Spoofing
A technique where attackers forge or impersonate Media Access Control (MAC) addresses of network devices, such as computers or routers, to bypass access controls, gain unauthorized network access, or perform man-in-the-middle attacks.
Active Footprinting
The process of directly interacting with a target system or network to gather information, such as scanning for open ports, conducting vulnerability assessments, or probing for weaknesses, with the goal of assessing security posture and identifying potential entry points for cyberattacks
Lateral Movement
The process used by attackers to move deeper into a network to get to the target data.
Pivoting
Occurs when you exploit one machine and use that as a basis to attack other systems.
Attack Vector
A method used by attacker
Jamming
Deliberate interference with wireless communications by transmitting a signal that disrupts the communication between devices.
Attack Surface
Where the attack takes place
OSINT
Open Source Intelligence
Gathering information from many open sources
War flying
Using a drone or aircraft to fly over a facility and capture wireless network traffic
War driving
Driving past points of access, mapping the access points, including geographic information
Directory traversal
A specific type of injection attack that attempts to access a file by including the full directory path or traversing the directory structure on a computer
Downgrade Attack
When security exploits where attackers force a connection to use older or less secure communication
Skimming
Physical devices built to intercept a credit card. These devices are placed on credit card readers to skim the data from the card while passing it on to the legitimate reader.
Command and Control
used by hackers to control malware that has been launched against targets.
XML injection
Extensible Markup Language injection
XML- A set of rules for data transfer and storage
Injection-Modifying XML requests
Initialization vector (IV)
It is a random value used with encryption to make sure that identical data does not get encrypted in the same way each time. This helps keep the encrypted data secure by making patterns harder to detect.
MAC cloning / MAC spoofing
An attacker changes their MAC address to match the MAC address of an existing device
Media Access Control (MAC) Flooding
a network attack technique where an attacker sends a large number of packets with different source MAC addresses to a switch, overwhelming its MAC address table. The switch then starts to behave like a hub, broadcasting traffic to all ports, which allows the attacker to capture network traffic.
STIX
Structured Threat Information eXpression
– Describes cyber threat information
– Includes motivations
TAXII
Trusted Automated eXchange of Indicator Information
– Securely shares STIX data
Predictive analysis
Creates a forecast for potential attacks
Amplification
An act of leveraging technology to increase the volume of an attack, such as pinging a network address to get all attached devices to respond.
Open source threat intelligence
Threat intelligence that is acquired from publicly available sources.
Pass the hash
When an attacker captures a password hash and then passes it through for authentication and lateral access.
Refactoring
A set of techniques to identify flow and then modify the internal structure of the code while still appearing as its visible behavior.
Shimming
Shim intercepts API calls
to handle request
change arguments
redirect the request
Criminal syndicates
A group of individuals working together in criminal activities. Almost all their efforts can be traced back to greed with the goal of getting more money, regardless of how they get it.
Predictive Analysis
A mix of automation and human intelligence to predict and prevent attacks before they hit
RFC
Request for comments
a publication authored by security professionals to form a memorandum describing methods, behaviors, research, or innovations within internet and internet systems
Intelligence Fusion
Involves industry and government to gather, analyze and share threat information.
UEBA
User Entity Behavior Analysis
