2.4

Question 1

Brute force Attacks

Answer 1

forcible entry
tampering with security devices
confronting security personnel
ramming barriers with vehicles

Question 2

Viruses and types

Answer 2

Made up of malicious code thats run a machine without a users knowledge
boot sector
macro
program
multipartite
encrypted
polymorphic
metamorphic
stealth
armored
hoax

Question 3

boot sector virus

Answer 3

stored on first section of hard drive and is loaded into memory when the computer is booted

Question 4

Macro virus

Answer 4

form of code that allows a virus to be embedded inside another document

Question 5

Program virus

Question 6

multipartite virus

Answer 6

combo of boot virus and program virus

Question 7

encrypted virus

Answer 7

designed to hide itself from being detected by encrypting its malcious code so anti virus software will not detect it

Question 8

Polymorphic virus

Answer 8

advanced form of encrypted, it changes the viruses code each time it is executed by altering the decryption module in order for it to evade detection

Question 9

Metamorphic virus

Answer 9

more advanced then polymorhpic able to rewrite themselves entirely before it attempts to infect a given file

Question 10

stealth virus

Answer 10

technique used to prevent the virus from being detected by the anti virus software

Question 11

armored virus

Answer 11

have a layer of protection to confuse a program or a person who is trying to analyze it

Question 12

hoax

Answer 12

form of technical social engineering that attempts to scare our end users into taking some kind of undesirable action on their system (a message pops up saying you have a virus and gives you steps to remove it)

Question 13

worm

Answer 13

unlike a virus that requires a user action, a worm replicates itself in the network without any action it takes advantage of vulnerabilities in os or apps aka missing security patches
it is malicious software

Question 14

trojan

Answer 14

piece of malicious code that is disguised as harmless or desirable software could be a tetris game for example

Question 15

RAT Remote Access Trojan

Answer 15

widely used by modern attackers because it provides the attacker with remote control of a victim machine

Question 16

Ransomeware

Answer 16

type of malicious software designed to block access to a system by encrypting data until a ransom is paid

Question 17

Zombies

Answer 17

Name of a compromised system that is part of a botnet. It is used to perform tasks using remote commands from the attacker without user knowledge
attakers often use only 20-25% of zombies power

Question 18

Botnet

Answer 18

a network compromised of zombies controlled by malicious actors
mostly used for DDoS

Question 19

Command and Control Node

Answer 19

Computer responsible for managing and coordinating the activities of other nodes or devices within a network

Question 20

Rootkit

Answer 20

Digs deeply into OS to embed itself there and gain admin privileges over a system without being detected
can open and shut ports, delete programs install programs etc

Question 21

Ring 3

Answer 21

outermost ring where user permissions are used

Question 22

Ring 0

Answer 22

inntermost or highest permission level aka kernel mode

Question 23

kernel mode

Answer 23

allows a system to control access to things like device drivers, sound card, monitor etc

Question 24

DLL Injection

Answer 24

Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic link library

Question 25

DLL

Answer 25

Dynamic Link Library
collection of code and data that can be used by multiple programs simultaneously to allow for code reuse and modularization in software development
device drivers for example have dll programs

Question 26

Shim

Answer 26

piece of software code that is placed between two components and that intercepts the calls between those components and can redirect them can be used to -non maliciously or maliciously. Use code signing

Question 27

Backdoor

Answer 27

originally placed in computer programs to bypass normal authentication functions most often by programmers

Question 28

Easter Egg

Answer 28

a hidden feature or novelty within a program usually an inside joke. Generally these have a lot of vulnerabilities because they arent tested as rigorously and are added right before the program is completed

Question 29

logic bombs

Answer 29

malicious code inserted into a program and only executes when certain conditions are met. fired employee may do it

Question 30

keylogger

Answer 30

software or hardware that records keystrokes

Question 31

software keylogger

Answer 31

usually delivered through social engineering attack like phishing

Question 32

hardware keylogger

Answer 32

physical device that is plugged into the computer. anti virus software may not detect and think its a real keyboard

Question 33

spyware

Answer 33

malicious software that is designed to gather and send info about a user or org without their knowledge

Question 34

bloatware

Answer 34

any pre-installed software that you did not specifically request. It wastes storage space, slows performance etc

Question 35

malware exploitation technique

Answer 35

specific method by which malware code penetrates and infects a targeted system

Question 36

fileless malware

Answer 36

used to create process in the system memory without relying on the local file system of the infected host
anti irus software usually scans the filesystem however fileless malware relies on RAM making it difficult to detect. It maintains persistence and evades signature based detection methods. It bypasses many traditional security measures

Question 37

stage 1 dropper or downloaded

Answer 37

piece of malware that is usually created as a lightweight shell code that can be executed on a given systemdro
the goal is to establish a foothold in a system but it doesnt perform a significant amount of malicious actions it is the initial infection

Question 38

dropper

Answer 38

specific type of malware designed to initiate or run other malware forms within a payload on an infected host

Question 39

downloader

Answer 39

retrieve additional tools post the initial infection facilitated by a dropper

Question 40

shell code

Answer 40

broader term that encompasses the lightweight code meant to execute an exploit on a given targer

Question 41

stage 2 downloader

Answer 41

downloads and installs a remote acess trojan to conduct command and control on the victimized system

Question 42

Actions on Objectives Phase

Answer 42

threat actors will execute primary objectives to meet core objectives like data exfiltrations
its when threat actors become advanced persistent threats

Question 43

concealment

Answer 43

used to help the threat actor prolong unauthroized access to a system by hiding tracks, erasing logs

Question 44

Living off the land

Answer 44

a strategy adopted by many advanced persistent threats and criminal orgs

Question 45

indicators of malware attacks

Answer 45

account lockouts
concurrent session utilization
impossible travel
blocked content (sudden increase in people trying to access blocked content)
resource consumption
resource inaccessibility (ransomware would do this)
out of cycle logging (odd times people are doing things)
missing logs
published or documented attacks

Question 46

Password attacks

Answer 46

brute force
dictionary
password praying
hybrid

Question 47

Brute Force attack

Answer 47

someone tries every possible character combinatio

Question 48

dictionary attack

Answer 48

uses a list of commonly known passwords, may include variations like Pa$$w0rd

Question 49

Password Spraying

Answer 49

a form of brute force that tries a few commonly used passwords against many accounts

Question 50

hybrid

Answer 50

brute force and dictionary

Question 51

Types of DDoS attacks

Answer 51

denial of service
amplified DDoS
Amplification Factor: The ratio of response size to request size. Higher amplification factors mean more effective attacks. For example, a small query can trigger a large response.
Exploited Protocols: Commonly used protocols include DNS (Domain Name System), NTP (Network Time Protocol), SSDP (Simple Service Discovery Protocol), and Memcached. These protocols can be exploited because their responses are significantly larger than their requests.
Reflected DDoS NTP Reflection: An attacker sends a request to an NTP server with the “monlist” command using the target’s IP address as the source. The NTP server responds to the target with a large amount of data, reflecting the attack traffic. Basically the victim ends up attacking itself

Question 52

Types of DNS attacks

Answer 52

DNS Cache Poisoning
DNS Amplification
DNS Tunneling
Domain Hijacking
DNS Zone Transfer

DNS Cache Poisoning:
Think of DNS like a phone book that translates website names (like google.com) into numbers (IP addresses) that computers understand. DNS cache poisoning is like sneaking a fake phone number into the phone book. When someone looks up a website, they might get directed to the wrong place, like a fake website set up by a hacker.

DNS Amplification:
Imagine you ask a question, and instead of getting a short answer, you get a super long and loud reply. DNS amplification is kind of like that. Hackers send a small question to a server, but the server sends back a huge and loud answer to the target. It’s like making a whisper into a shout.

DNS Tunneling:
This is a bit like sending secret messages through a tunnel. Instead of using the internet for normal stuff, hackers can sneak their own data through DNS requests. It’s like hiding a letter inside another letter. This lets them sneak data past security measures.

Domain Hijacking:
Think of your website like your house. Domain hijacking is like someone breaking into your house, changing the locks, and pretending they own it. Hackers steal control of a website by taking over the domain name. They can redirect visitors to fake sites or steal information.

DNS Zone Transfer:
A DNS zone is like a neighborhood in the phone book where all the addresses are listed. Zone transfer is like someone copying down the whole neighborhood’s addresses. Hackers use this to get all the info about a website’s addresses and settings, which they can use to plan other attacks.

These simpler explanations should give you a clearer picture of what these terms mean in the context of cybersecurity and internet security.

Question 53

DoS

Answer 53

denial of service used to make computer’s resources unavailable

Question 54

types of DoS attacks

Answer 54

flood attacks (ping and syn)
permanent Denial of service
Fork Bomb
DDoS

Question 55

Ping Flood

Answer 55

DoS attack overloads a server with ICMP echo ping requests

Question 56

Syn Flood

Answer 56

DoS attack
initiating multiple TCP sessions but not completing 3 way handshake

Question 57

PDOS

Answer 57

permanent denial of service
exploits security flaws to break a networking device permanently by re flashing its firmware

Question 58

Fork Bomb

Answer 58

DoS attack
think of eating and getting hungrier because your stomach is bigger and getting fatter and fatter
create a large number of processes, not considered a worm
self replicating nature causes DoS

Question 59

DDoS

Answer 59

distributed denial of service
involves multiple machines attacking a single server

Question 60

DNS Amplification

Answer 60

DDoS attack that allows an attacker to initiate DNS requests from a spoof IP address to flood a website

Question 61

Black Hole or Sinkhole

Answer 61

Mitigation against DoS and DDoS to route traffic to a non existent server temporarily

Question 62

IPS

Answer 62

intrusion prevention system
can identify and respond to DoS attacks for small scale incidents

Question 63

Elastic Cloud Infrastructure

Answer 63

scaling infrastructure when needed to handle large scale attacks

Question 64

Specialized Cloud Service Providers

Answer 64

Provide web app filtering, content distribution and robust network defenses Cloud Flare ex

Question 65

DNS

Answer 65

domain name system
fundamental component of the internet that translates human friendly domain names into ip addresses

Question 66

DNS Cache poisoning spoofing

Answer 66

corrupts a DNS resolver’s cache with false info
redirects user to malicious websites

Question 67

DNSSEC

Answer 67

domain name system security extensions to add digitial signatures to dns data

Question 68

DNS amplification attack

Answer 68

overwhelms a target system with DNS response traffic by exploiting DNS resolution process

Question 69

DNS Tunneling

Answer 69

encapsulates non dns traffic

Question 70

Domain Hijacking Domain Theft

Answer 70

unauthorized change of domain registration

Question 71

DNS Zone Transfer

Answer 71

attempts to obtain an entire DNS zone data copy
exposes sensitive info about a domains network infrastructure

Question 72

Directory Traversal Attack

Answer 72

an injection attack occurs when an attacker inserts malicious code through the app interface
app attack that allows access to commands, files and directoiries
../../../
attackers may use encoding like %e%e%e

Question 73

File Inclusion

Answer 73

web app vulnerability that allows an attacker either to download a file from an arbitrary location on the host file system or to upload an executable or script file to open a backdoor

Question 74

remote file inclusion

Answer 74

an attacker executes ascript to inject a remote file into the web app or website user = http://malware.bad/malicious file.php

Question 75

Arbitrary Code Execution

Answer 75

vulnerability allows an attacker to run their code without restrictions

Question 76

remote code execution

Answer 76

type of arbitrary code execution that occurs remotely often over internet

Question 77

privilege escalation

Answer 77

gaining higher level permissions then originally assigned

Question 78

vertical privilege escalation

Answer 78

going from normal user to higher privilege

Question 79

horizontal privilege escalation

Answer 79

accessing or modifying resources at the same level as the attacker
occurs when a user attempts to access resources for which they dont have permissions at the samer level

Question 80

rootkit

Answer 80

class of malware that conceals its presense by modifying system files often at the kernel level

Question 81

Kernel rootkit

Answer 81

ring zero
has max privileges

Question 82

user mode rootkit

Answer 82

rings 1-3 has admin privileges

Question 83

Reply attack

Answer 83

a type of network based attack where valid data transmissions are maliciously fraudulently repeated or delayed
involves intercepting data analyzing it and deciding whether to retransmit it later
different then a session hijack where the attacker alters real time data transamission

Question 84

Credential reply attack

Answer 84

specific reply attack that involves capturing user credentials during a session and reusing them

Question 85

session management

Answer 85

fundamental security component in web apps
enabled web apps to uniquely identify a user across a number of different actions and reqests while keeping state of the data generated by the user

Question 86

cookie

Answer 86

text file used to store info about a user when they visit a website

Question 87

session cookies

Answer 87

non persistent reside in memory and deleted when the browser is closed

Question 88

persistent cookies

Answer 88

stored in browser cache until they are deleted or reach an expiration date

Question 89

session hijacking

Answer 89

a type of spoofing attack where an attacker disconnects a host and then replaces it with his or her own machine spoofing the original hosts ip address

Question 90

session prediction attacks

Answer 90

a spoofing attack where the attacker attempts to preduct the session token

Question 91

cookie poisoning

Answer 91

modifies the contents of a cookie after it has been generated and sent to web service from clients browser

Question 92

on path attack

Answer 92

an attack where the attacker positions their workstation logically between two hosts during communication the attacker then captures monitors and relays communications between the two hosts

Question 93

on path ARP poisoning

Answer 93

manipulating address resolution protocol tables to redirect network traffic

Question 94

DNS poisoning

Answer 94

altering dns responses to reroute traffic In the digital world, DNS poisoning works similarly. DNS (Domain Name System) is like a phone book that translates website names (like google.com) into numbers (IP addresses) that computers understand. DNS poisoning is when a hacker sneaks into the DNS system and changes the records. So, when you try to visit a website, your computer gets directed to the wrong place, like a fake website set up by the hacker.

Question 95

Rogue wireless access point

Answer 95

creating a fake wireless access point to intercept traffic

Question 96

rogue hub or switch

Answer 96

introducing a malicious hub to capture data on a wired network

Question 97

Replay attack

Answer 97

occurs when attacker captures valid data and then replays it without delay common in wireless network attacks

Question 98

Relay Attack

Answer 98

the attacker becomes part of the conversation between two hosts serves as a proxy and can read or modify communications between hosts

Question 99

SSL Stripping

Answer 99

an attack that tricks the encrpytion app into presenting an http connection isnted of https

Question 100

downgrade attack

Answer 100

an attacker forces a client or server to abandon its higher security mode in favor of a lower one

Question 101

LDAP

Answer 101

lightweight directory access protocol
an open vendor neutral industry standard app protocol for accessing and maintaining distributed directory info services over an internet protocol network

Question 102

LDAP Injection

Answer 102

an app attack that targets web based apps by fabricating ldap statements that are typically created by user input

Question 103

Command injection

Answer 103

occurs when threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application

Question 104

process injection

Answer 104

method of executing arbitrary code in the address space of a separate live process