2 Flashcards
Supply chain attacks
Involves a threat actor seeking methods to infiltrate a company in its supply chain
Cloud-based attacks
Involves a threat actor compromising one account with access to cloud resources to compromise other cloud assets further
Birthday attack
Brute force attack aimed at exploiting collisions in hash function
Universal Serial Bus (USB) cable attack
Involves accessing unsuspecting user after they try to plug their devices into malicious usb cables or plus, similar to card skimmers
Watering hole attack
A social engineering technique where the attacker identifies a popular and frequently visited website used by the target group and compromises the website with exploit code.
Pharming
Involves redirecting users from legitimate websites to malicious ones by corrupting the victim’s computer’s name resolution process. Not specific to targeting group of individuals
Spear phishing
Highly targeted social engineering attack focusing on a specific individual within a company
Impersonation
Pretending to be someone else to deceive the target
A threat actor gains physical access to an organization’s premises and attempts to perpetrate an attack on the wired network. What specific threat vectors associated with unsecured networks are likely used by the threat actor in this scenario?
Direct Access Threat Vector as it involves using physical access to perpetrate an attack, such as accessing an unlocked workstation or stealing a PC
Remote and Wireless Network threat vector
Involves obtaining credentials for remote access or wireless connection to the network or spoofing a trusted resource like an access point
Bluetooth network threat vector
Involves exploiting vulnerabilities or misconfigurations in bluetooth devices
Default credentials threat vector
Refer to gaining control of a network device or app due to default passwords.
SMIShing
Social engineering attack that uses text messages to trick ppl into sharing sensitive information
Vishing
Type of phishing attack conducted through a voice channel
Phishing
Social engineering technique that tricks the target into interacting with malicious resource disguised as a trusted one, often using email as the vector
Flexible Authentication via Secure Tunneling (EAP-FAST)
Cisco’s replacement for LEAP. It addresses LEAP vulnerabilities using transport Layer Security (TLS) with protected access credentials (PAC) instead of certificates.
Protected Extensible Authentication Protocol (PEAP)
Uses a server side public key certificate to create an encrypted tunnel between the supplicant and authentication server
EAP-MD5
Secure hash of a password sent to the authenticating server. Does not provide mutual authentication from the client to the supplicant
RADIUS federation
Multiple organizations allow access to each other’s users by joining their RADIUS servers into a RADIUS hierarchy.
Mitigating VME
Virtual machine escape is a critical security issue in a virtualized environment, where an application, process or user within a virtual machine can bypass the virtual machine’s barriers and interact directly with the host system.
Input validation and sanitization techniques helps protect against SQLi and XSS attack by
Filtering out malicious scripts or queries before they reach the database or the user’s browser.
End of life system vulnerability includese
Instances where a specific product or version of product that the manufacturer or vendor publicly declares as no longer supported.
The effect of isolating the legacy machines on a separate network segment
Minimizes the risk of potential vulnerabilities spreading from these machines to the rest of the network
Firmware vulnerabilities
Include instances where processors inside the the computer allow malicious program to steal data during processing
Virtualization vulnerabilities
Includes Virtual Machine (VM) escape when an attacker with access to a VM breaks out of this isolated environment and gins access t the host system or other Vm running on the same host
Importance of secure deallocation
Takes any residual data in a resource (Memory, disk space, etc) and clean or overwrites it before reuse, preventing potntial data leakage.
Memory Injection Vulnerability
Refers to a security flaw where an attacker can introduce or inject malicious code into a running application’s process memory