1.0 Threats, Attacks, and Vulnerabilities Flashcards
Social engineering technique that is tricking users using Email or websites into revealing personal or confidential Information.
Phishing
Social Engineering technique that is sending fraudulent text messages to users to reveal personal or confidential information
Smishing
Social Engineering technique that is calling the user to reveal personal or confidential information
Vishing
This is a unwanted solicited bulk messages that is being through the email, IM, SMS.
Spam
a spam message that is being delivered through instant messaging instead of email is called?
SPIM Spam over instant messaging
social engineering technique that only targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents.
Spear Phishing
the process of investigating an individual or organization’s trash to retrieve information that could be used to compromise network resources or plan a cyberattack.
Dumpster Diving
using direct observation techniques, such as looking over someone’s shoulder, to get information.
Shoulder Surfing
a malicious attack on a server or user’s computer in which an unauthorized party substitutes the site of a legitimate web server with its own
Pharming
a type of physical security breach in which an unauthorized person follows an authorized individual to enter secured premises
Tailgating
strategic use of casual conversation to extract information from people (targets) without giving them the feeling that they are being interrogated or pressed for the information
eliciting information
Social Engineering that is a highly targeted phishing attack - aimed at senior executives - masquerading as a legitimate email.
Whaling
Adding certain keywords to the email subject line such as URGENT or RESPONSE REQUIRED which will make the user read the email and to initiate some type action in the email thread.
Prepending
Method of gathering usernames and passwords in masses suchas, via email phishing, and other exploits
Credential Harvesting
The practice of covertly discovering and collecting information about a system.
Reconnaissance
These can take the form of false virus alerts chain letters, or attempts to spread false information about some issue (such as warnings that the Federal Government is about to tax e-mail).
Hoax
a type of phishing attack where the attacker impersonates a legitimate sender in order to trick the recipient into clicking on a malicious link or attachment.
Impersonation
attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user’s computer and gain access to the network at the target’s workplace.
Watering Hole Attack
a form of cybersquatting targeting people that accidentally mistype a website address directly into their web browser URL field.
TypoSquatting
a made-up scenario developed by threat actors for the purpose of stealing a victim’s personal data
Pretexting
Hybrid vishing takes these scams a step further. Cybercriminals first reach out to victims through email. However, unlike traditional email-based phishing, they won’t present a malicious link within the message. Instead, they’ll list a number for targets to call, leading them into a vishing scam
What type of war is this called?
Hybrid Warfare
A social engineering technique is the person who’s trying to gain access so they’re going to pretend that they have some type of authority that allows them access to this information
Authority
Social engineering technique that might say that bad things will happen if you don’t help. Or it could be something as simple as saying, the payroll checks aren’t going to go out unless I get this information from you.
Intimidation
Social engineering technique that is using other people and what they’ve done to try to justify what they’re doing. They might tell you that your coworker was able to provide this information last week. They’re not in the office now so it’s something that maybe you could provide for them
Consensus
Social engineering technique that uses a particular situation is only going to be this way for a certain amount of time, we have to be able to resolve this issue before this timer expires.
Scarcity
Social engineering technique where they become your friend. They talk about things that you like, and by doing that, they make you familiar with them on the phone and make you want to do things for them.
Familiarity
Social engineering technique where they are going to try to create trust between you and him. He’s going to try to tell you that he’s going to be able to solve all of your problems. He’s going to be able to fix all of these issues. You just need to trust him and provide the information he’s asking for
Trust
social engineering can inject some type of urgency, then they can make things move even faster. This needs to happen quickly. Don’t even think about it. Just provide this information right now so that we can solve this problem
Urgency
software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
Malware
a type of malware that disguises itself as legitimate code or software.
Trojan
a type of malware whose primary function is to self-replicate and infect other computers while remaining active on infected systems.
Worm
software that’s bundled into download packages and offers no benefits for users. usually viewed as unwanted programs, because they offer few or no benefits and can serve as adware or spyware.
PUP - Potentially unwanted programs
malicious code that works directly within a computer’s memory instead of the hard drive. It uses legitimate, otherwise benevolent programs to compromise your computer instead of malicious files.
Fileless malware
Server is a computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network
establishment of outbound communication from a victim system for secure communication between victim and adversary systems.
Command and control
can be programmed/hacked to break into user accounts, scan the internet for contact information, to send spam, or perform other harmful acts
Bots
a form of malware that enables a threat actor to carry out cryptojacking activity
Crypto Malware
a set of instructions secretly incorporated into a program so that if a particular condition is satisfied they will be carried out, usually with harmful effects
Logic Bomb
any software that installs itself on your computer and starts covertly monitoring your online behavior without your knowledge or permission.
Spyware
Malware designed to allow an attacker to remotely control an infected computer. Once the tool is running on a compromised system, the attacker can send commands to it and receive data back in response
NC at the start of the command is used
RAT Remote Access Trojan
set of software tools that enable an unauthorized user to gain control of a computer system without being detected.
Rootkit
A type of brute force attack. In this attack, an attacker will brute force logins based on list of usernames with default passwords on the application
Spraying Attack
type of brute force attack that only uses the words with most possibilities of success are checked and are less time consuming than brute force
Dictionary Attack
the attacker has access to the encrypted material or a password hash and tries different key without the risk of discovery or interference
What type of brute force attack is this?
Brute Force Offline
The attacker needs to interact with a targeted system to access encrypted material or a password hash and tries different key with the risk of discovery or interference.
What type of brute force attack is this?
Brute Force Online
a password cracking method that uses a special table to crack the password hashes in a database
Rainbow table
a scenario in which the attacker has access to pairs of known plaintexts and their corresponding ciphertexts.
Plaintext/unencrypted
anyone who plugs in the USB drives into their devices runs the risk of becoming victim of a “BadUSB” attack
Malicious USB
cable is any cable (electrical or optical) which performs an unexpected, and unwanted function
Malicious USB Cable
type of credit card theft in which the thief makes a digital copy of the credit card information using a concealed or disguised electronic scanner
Card Cloning
AI is used to manipulate or deceive another AI system maliciously
Adversarial artificial intelligence
technique involves an attacker inserting corrupt data in the training dataset to compromise a target machine learning model during training
Tainted Machine Learning or Data Poisoning
attacks are an emerging kind of threat that target software developers and suppliers. The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.
Supply-Chain attacks
attack is a type of cryptographic attack, which exploits the mathematics behind the birthday problem in probability theory.
Birthday Attack
cryptographic hash function that is able to find a hash collision (a pair of different inputs that have the same hash) faster than by brute force
Collision Attack
a scenario in which a malicious actor attempts to force a server or client to use a lower version of a cryptographic protocol (such as TLS or SSL), a cipher suite (such as an export-grade cipher, instead of a standard one), or a connection type (HTTP, instead of HTTPS)
Downgrade Attack
using a vulnerability to gain privileges other than what was originally intended for the user
Privilege Escalation
an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website
Cross-site Scripting
a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed
SQL Injection
Ex
1=1
a method of executing arbitrary code in the address space of a separate live process
DDL dynamic Link Library
injection is a vulnerability in which queries are constructed from untrusted input without prior validation or sanitization. It uses queries constructed from predicates that involve the use of special characters (e.g., brackets, asterisks, ampersands, or quotes)
LDAP Injection
a category of vulnerabilities where an application doesn’t correctly validate/sanitize user input before using it in an XML document or query
XML Extensible Markup Language injection
occurs when a program attempts to read or write to memory with a NULL pointer, which results in a segmentation fault as the code triggers a memory access violation
Pointer/Object dereference
HTTP attack that allows attackers to access restricted directories and execute commands outside of the web server’s root directory
Directory Traversal Attacks
occurs when the volume of data exceeds the storage capacity of the memory buffer
Buffer overflow
an undesirable situation that occurs when a device or system attempts to perform two or more operations at the same time,
Race condition or Time of check/time of use
attack occurs when a cybercriminal eavesdrops on a secure network communication, intercepts it, and then fraudulently delays or resends it to misdirect the receiver into doing what the hacker wants.
Replay attack
attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token.
Session Attack
a program performs a calculation and the true answer is larger than the available space
Integer overflow
attack involves an attacker abusing server functionality to access or modify resources
SSRF Server Side Request Forgery
an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.
CSRF Cross Site Request Forgery
malicious usage or attempted usage of an API from automated threats such as access violations, bot attacks or abuse
API Attacks
attacks are computer security exploits that crash, hang, or otherwise interfere with the targeted program or system. Forcing the client to use all its resources to try to maintain the enviroment
Resource Exhaustion
an unintentional form of memory consumption whereby the developer fails to free an allocated block of memory when no longer needed
Memory Leak
an action performed by a malicious user that leads to a downgrade from an HTTPS secure connection to a less secure encrypted HTTP connection
Secure Socket Layer Stripping or SSL Stripping
additional code that can be run instead of the original driver. When an application attempts to call an older driver, the operating system intercepts the call and redirects
Shimming Driver Manipulation
a set of techniques used to identify the flow and then modify the internal structure of code without changing the code’s visible behavior
Refactoring Driver Manipulation
a type of cybersecurity attack in which an adversary steals a “hashed” user credential and uses it to create a new user session on the same network
Pass the hash
a rogue Wi-Fi access point (AP) that masquerades as a legitimate one, enabling an attacker to gain access to sensitive information without the end user’s knowledge
Evil Twin
provides a wireless backdoor channel into the private network for outsiders. It can bypass network firewalls and other security devices and opens a network to attacks
Rouge AP
is the theft of information from a wireless device through a Bluetooth connection
Blue Snarfing
is a hacking method that allows an individual to send anonymous messages to Bluetooth-enabled devices within a certain radius
Bluejacking
A type of DoS attack in which the attacker breaks the wireless connection between the victim device and the access point
disassociation attack
data can be shared between devices using NFC, it can also be stolen, modified, erased or corrupted
NFC attack
is an attack on wireless networks. It modifies the IV of an encrypted wireless packet during transmission. Once an attacker learns the plaintext of one packet, the attacker can compute the RC4 key stream generated by the IV used
IV Attack
a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway
man in the middle
attack simulates a login window with a spoofed domain within a parent browser window to steal credentials
man in the browser attack
is a type of cyber attack carried out over a Local Area Network (LAN) that involves sending malicious ARP packets to a default gateway on a LAN in order to change the pairings in its IP to MAC address table
ARP Poisoning
attack aimed at compromising data transmitted to a device that is connected to a network switch. The method is based on overflowing the MAC address table for devices and their corresponding network segments
MAC Flooding
an attacker will modify the MAC address of their device to match the MAC address of a legitimate device that is either on the network or has recently left the network
MAC Cloning
an attack where an organization’s web address is stolen by another party
Domain Hijacking
a hacker technique that manipulates known vulnerabilities within the domain name system (DNS). When it’s completed, a hacker can reroute traffic from one site to a fake version. And the contagion can spread due to the way the DNS works.
dns poisoning
is a vulnerability which allows an attacker to force users of your application to an untrusted external site. The attack is most often performed by delivering a link to the victim, who then clicks the link and is unknowingly redirected to the malicious website.
url redirection attack
attack occurs when an attacker hijacks a website or server and affects its IP reputation. This can happen in a variety of cyberattacks. Some ways an attacker can impact a company’s IP reputation include: Hacking the company website. Hijacking servers to send malicious emails.
Domain Reputation attack
a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time.
Advanced Persistent Threat APT
threat actor motivated by nationalism, and tasked with gaining secrets from or disrupting other nations via cyber means.
State Actors
threat actors have been known to target businesses that allegedly engaged in activities fundamentally opposed to their ideology
Hackivist
threat actor who uses existing computer scripts or code to hack into computers, lacking the expertise to write their own.
Script Kiddies
This is a set of professional criminals. This is what they do for a living, and they are almost always motivated by a financial gain. Because there’s usually significant financial benefit to these types of hacks, there’s usually enough money to purchase the best hackers
Criminal Syndicates
who may be looking for vulnerabilities, but don’t necessarily act on those vulnerabilities. This is a hacker who is more of a researcher and trying to find access to someone’s network without necessarily taking advantage of that access.
Semi-authorized hackers
types of hackers who’re professionals with expertise in cybersecurity. They are authorized or certified to hack the systems. These hackers work for governments or organizations by getting into the system. They hack the system from the loopholes in the cybersecurity of the organization. This hacking is done to test the level of cybersecurity in their organization. By doing so, they identify the weak points and fix them to avoid attacks from external sources
Authorized Hackers
the use of information technology systems, devices, software, applications, and services without explicit IT department approval.
Shadow IT
Threat Actor might be interested in causing a denial of service to your company. They might be performing espionage against you, or just making your reputation one that is tarnished or harmed in the industry. Since this type of threat actor can be a for-profit company
Competitor
an attack where a hacker is able to gain access to a computer and be able to directly download data from it
Direct Attack
is the act of gathering and analyzing publicly available data for intelligence purposes
Open source intelligence (OSINT)
enables the real-time exchange of machine-readable cyber threat indicators and defensive measures to help protect participants of the AIS community and ultimately reduce the prevalence of cyberattacks
Automated Indicator Sharing
is a standardized XML programming language for conveying data about cybersecurity threats in a common language that can be easily understood by humans and security technologies
STIX (Structured Threat Information eXpression)
server client that exchanges standardized and anonymized cyber threat intelligence among users. Work as a venue sharing and collecting indidactors of compromise.
Trusted Automated eXchange of Intelligence Information TAXII
a visual representation of a real-time map of the computer security attacks that are going on at any given time.
Threat Maps
collaborative effort of two or more agencies that provide resources, expertise and information to the center with the goal of maximizing their ability to detect, prevent, investigate, and respond to criminal and terrorist activity
Intelligence Fusion Center
An instance in which a security tool intended to detect a particular threat but fails to detect it
False Negative
An alert that incorrectly indicates that a vulnerability is present. An alert that incorrectly indicates that malicious activity is occurring
False Positive
Using admin account, do a more thorough check by scanning for problems that cannot be seen from the network.
Credential-based vulnerability assessment
Doesn’t use creds and scans provide a quick view of vulnerabilities by only looking at network services exposed by the host
UnCredential-based vulnerability assessment
scans simply identify a vulnerability and report on it so you can fix it. It doesn’t also execute anything.
Non-intrusive
scans attempt to exploit a vulnerability when it is found
Instrusive
a list of publicly disclosed information security vulnerabilities and exposures
Common Vulnerabilities and Exposures (CVE)
standard for assessing the severity of computer system security vulnerabilities. attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat.
Common Vulnerability Scoring System (CVSS)
technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources
Security information and event management (SIEM)
the process of gathering insight into the network events that users generate every day
SIEM User behavior analysis
SIEM feature that studies human emotions present within data, such as negative, neutral, or positive opinions or attitudes.
Sentiment Analysis SIEM
historical log data and real-time alerts from security solutions and IT systems like email servers, web servers, and authentication systems. They analyze the data and establish relationships that help identify anomalies, vulnerabilities, and incidents.
Log Aggregation SIEM
SIEM feature that collects logs from multiple sources and forwards them to a central logging system
Log Collector SIEM
refers to a collection of software solutions and tools that allow organizations to streamline security operations in three key areas: threat and vulnerability management, incident response, and security operations automation
SOAR (Security Orchestration, Automation, and Response)
defined the purpose of the test, and what the scope will be for the people who are performing this test on the network. This means that everybody will be aware of what systems will be considered, and perhaps the time of day that will be used to perform these tests.
Rules of Engagement
penetration tester nothing about the systems enviroment
Unknown environment
you are may be contracting with a third party and you may provide them with information about some key systems, that they can then perform the penetration tests based on the information they have at hand
Partially known environment
start moving to other devices on the inside of the network.
as we move from device to device on the inside of a network. It’s very common to have very strong security on the perimeter of the network, and security that is less involved on the inside.
Lateral Movement
A penetration strategy that uses a backdoor which allow you to gain access to the system through the accounts at a later time.
Persistence
a reward that is provided by the owner of these systems, to people that identify vulnerabilities, or exploits that can be taken advantage of. These are usually exploits that are identified by researchers. The more exploits they identify, the more bounties they can submit, and ultimately, the more money they can make
Bug Bounty
gain access to one system, and that will be the jumping-off point to get to any other system that’s on the inside of the network
Pivoting
form of cyberattack that involves malicious actors using hardware and software to search for insecure wireless networks
War driving
when someone on a plane, drone, or helicopter uses a WiFi-enabled device to look for open APs
War flying
ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them
Foot Printing
recon is when you gather information about a target without directly interacting with the target
Passive Reconnaissance
recon is when you interact directly with a computer system in order to gather system specific information about the target.
Active Reconnaissance
A team or group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture
Red Team
a team that identifies security threats and risks in the operating environment, and in cooperation with the customer, analyzes the network environment and its current state of security readiness.
Blue Team
A team that is responsibity to establish the rules of engagement, the metrics for assessing results and the procedures for providing operational security for the engagement.
White Team
is a cybersecurity testing exercise in which a team of experts take on the role of both red team and blue team, with the intention of providing a stronger, deeper assurance activity that delivers more tailored, realistic assurance to the organization being tested.
Purple Team
