1.0 Threats and Vulnerabilities Flashcards
Social engineering attack where the attacker views what the victim is typing by looking over the victims shoulder or passing by victims.
Shoulder Surfing
A social engineering attack that uses a lie or false story to lead one or more people to believe something is true that is very much not true.
Hoax
Type of social engineering attack that targets a group within an organization based on the patterns in a web page
Watering Hole Attack
A type of Social Engineering that takes advantage of two reactions most people have to authoritative sources, such as bosses, VIPs and so on. Fear and respect.
Authority
Can go hand in hand with authority, where a target can fell intimidated by someone that doesn’t have to be an authoritative figure.
Intimidation
When the attacker tried to be a bit more understanding and nicer to the victim to get whatever they need out of the target.
Consensus
Offering the victim or target something that they really want, specifically something that might be difficult to access or obtain.
Scarcity
When people respond to others who like them or take time to know the victim developing a bond with the victim so they can be better at persuading and influencing the victim to get what they want.
Familiarity
An attacker performs an action quickly to make it seem as if it is an urgent request to get what they need from the victim.
Urgency
this involves the MAC (Media Access Control) address of the data being faked.
ARP Poisoning
An attack method in which a daemon caches DNS reply packets, which sometimes contain other information (data used to fill the packets). The extra data can be scanned for information useful in a break-in or man-in-the-middle attack.
DNS Poisoning
Registering domains that are similar to those for a known entity but based on a misspelling or typographical error.
Domain Hijacking
Client side attack, initiated by the user by inadvertently running a Trojan Horse to grab communication between the client and the server, silently sending data the attacker wants to a third location.
Man-in-the Browser
An attack that captures portions of a session to play back later to convince a host that it is still talking to the original connection.
Replay Attack
Using multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they had intended to click on the top page.
Clickjacking
The interception of a valid computer session to get authentication information or other sensitive data
Session Hijacking
Registering domains that are similar to those for a known entity but based on a misspelling or typographical error.
URL Hijacking
A small library that is created to intercept API calls transparently.
Shimming
Reprogramming a devices driver’s internals so that the device driver responds to all of the normal inputs and generates all the regular outputs but also generates malicious output.
Refactoring
An attack that changes the source MAC Address
MAC Spoofing
An attack that involves looking at repeated results in order to crack the WEP secret key.
IV Attack
An attack in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit.
Evil Twin
Purposely obstructing or interfering with a signal.
Jamming
An authentication process that requires the user to do something in order to complete the enrollment process. Examples include pressing a button on the router within a short time period, entering a PIN, or bringing the new device close.
WPS
The sending of unsolicited messages over a Bluetooth connection.
Bluejacking
Attack that involves getting data from a Bluetooth device.
Bluesnarfing
A technology that incorporates the use of electromagnetic coupling in the radio frequency (RF) portion of the spectrum to identify items uniquely (object, animal, person, credit cards, door access tokens, antishoplifting devices, and so on).
RFID
Technology that enables communication between devices when they’re “touched” together. Often used to verify (often through RFID or Wi-Fi) that the device is present.
NFC
An attack in which the intruder sends a frame to the AP with a spoofed address to make it look like it came from the victim and disconnects them from the network.
Disassociation Attack
An attack in which the intruder sends a frame to the AP with a spoofed address to make it look like it came from the victim and disconnects them from the network.
Disassociation Attack
Password attack stating that for any random group of 23 people, there is a 50% chance 2 of them have the same birthday
Birthday Attack
A table of precomputed hashes used to guess passwords by searching for the hash of a password.
Rainbow Table Attack
A password attack that uses a file of words and combinations. The attack tries every entry within the file when trying to guess the password.
Dictionary Attack
A password attack that attempts to guess a password ,
Brute Force Attack
When two different inputs into a cryptographic hash produce the same output, this is known as a collision.
Collision
An attack that forces a system to downgrade its security.
Downgrade
An attack that forces a system to downgrade its security.
Downgrade
An attacker with very minimal skills.
Script Kiddies
Attacker who launches attacks as a part of an activist movement or to further a cause.
Hacktivist
Any sophisticated series of related attacks taking place over an extended period of time.
APT
Anyone who has legitimate access to an organizations internal resources.
Insiders
Anyone who has legitimate access to an organizations internal resources.
Insiders
An information gathering technique in penetration testing where the pentester uses tools and techniques that may or may not avoid detection, but puts the attacker at risk.
Active Reconnaissance
An information gathering technique in penetration testing where the pentester uses tools and techniques that make detection of activity difficult. The information is gathered without the targets knowledge and usually consists of open, available, and legal to acquire sources.
Passive Reconnaissance
A step in pen-testing where the tester uses additional tools to gain additional information on the exploited computer or on the network
Pivot
Type of Pen-test, where the tester has no knowledge of the environment prior to starting the test.
Black Box Testing
Type of Pen-test, where the tester has some knowledge of the environment prior to the test.
Gray Box Testing
A type of Pen-test where the tester has full knowledge of the environment prior to starting the test.
White Box Testing
A method of testing targeted systems to determine if vulnerabilities can be exploited. This type of test is intrusive.
Penetration Testing
Identifying specific vulnerabilities in your network. This type of scan is passive.
Vulnerability Scan
An event that should be flagged but isn’t.
False Negative
A flagged event that isn’t really an event and has been falsely triggered.
False Positive
Operating system in a device, sometimes on a single chip.
Embedded System
An application flaw that consumes memory without releasing it.
Memory Leak
Putting too much information into too small of a space that has been set aside for numbers.
Integer Overflow
Type of injection that injects Dynamic Link Library into memory and runs it. Attackers rewrite the DLL, inserting malicious code.
DLL Injection
Denies users the capability of to address theses important issues, creating serious vulnerabilities.
Lack of Vendor Support
A vulnerability that occurs when an organization has more systems than it needs, and systems it owns are underutilized.
System Sprawl
