2.4 Flashcards

1
Q

Brute force Attacks

A

forcible entry
tampering with security devices
confronting security personnel
ramming barriers with vehicles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Viruses and types

A

Made up of malicious code thats run a machine without a users knowledge
boot sector
macro
program
multipartite
encrypted
polymorphic
metamorphic
stealth
armored
hoax

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

boot sector virus

A

stored on first section of hard drive and is loaded into memory when the computer is booted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Macro virus

A

form of code that allows a virus to be embedded inside another document

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Program virus

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

multipartite virus

A

combo of boot virus and program virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

encrypted virus

A

designed to hide itself from being detected by encrypting its malcious code so anti virus software will not detect it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Polymorphic virus

A

advanced form of encrypted, it changes the viruses code each time it is executed by altering the decryption module in order for it to evade detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Metamorphic virus

A

more advanced then polymorhpic able to rewrite themselves entirely before it attempts to infect a given file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

stealth virus

A

technique used to prevent the virus from being detected by the anti virus software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

armored virus

A

have a layer of protection to confuse a program or a person who is trying to analyze it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

hoax

A

form of technical social engineering that attempts to scare our end users into taking some kind of undesirable action on their system (a message pops up saying you have a virus and gives you steps to remove it)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

worm

A

unlike a virus that requires a user action, a worm replicates itself in the network without any action it takes advantage of vulnerabilities in os or apps aka missing security patches
it is malicious software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

trojan

A

piece of malicious code that is disguised as harmless or desirable software could be a tetris game for example

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

RAT Remote Access Trojan

A

widely used by modern attackers because it provides the attacker with remote control of a victim machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Ransomeware

A

type of malicious software designed to block access to a system by encrypting data until a ransom is paid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Zombies

A

Name of a compromised system that is part of a botnet. It is used to perform tasks using remote commands from the attacker without user knowledge
attakers often use only 20-25% of zombies power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Botnet

A

a network compromised of zombies controlled by malicious actors
mostly used for DDoS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Command and Control Node

A

Computer responsible for managing and coordinating the activities of other nodes or devices within a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Rootkit

A

Digs deeply into OS to embed itself there and gain admin privileges over a system without being detected
can open and shut ports, delete programs install programs etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Ring 3

A

outermost ring where user permissions are used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Ring 0

A

inntermost or highest permission level aka kernel mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

kernel mode

A

allows a system to control access to things like device drivers, sound card, monitor etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

DLL Injection

A

Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic link library

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

DLL

A

Dynamic Link Library
collection of code and data that can be used by multiple programs simultaneously to allow for code reuse and modularization in software development
device drivers for example have dll programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Shim

A

piece of software code that is placed between two components and that intercepts the calls between those components and can redirect them can be used to -non maliciously or maliciously. Use code signing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Backdoor

A

originally placed in computer programs to bypass normal authentication functions most often by programmers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Easter Egg

A

a hidden feature or novelty within a program usually an inside joke. Generally these have a lot of vulnerabilities because they arent tested as rigorously and are added right before the program is completed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

logic bombs

A

malicious code inserted into a program and only executes when certain conditions are met. fired employee may do it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

keylogger

A

software or hardware that records keystrokes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

software keylogger

A

usually delivered through social engineering attack like phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

hardware keylogger

A

physical device that is plugged into the computer. anti virus software may not detect and think its a real keyboard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

spyware

A

malicious software that is designed to gather and send info about a user or org without their knowledge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

bloatware

A

any pre-installed software that you did not specifically request. It wastes storage space, slows performance etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

malware exploitation technique

A

specific method by which malware code penetrates and infects a targeted system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

fileless malware

A

used to create process in the system memory without relying on the local file system of the infected host
anti irus software usually scans the filesystem however fileless malware relies on RAM making it difficult to detect. It maintains persistence and evades signature based detection methods. It bypasses many traditional security measures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

stage 1 dropper or downloaded

A

piece of malware that is usually created as a lightweight shell code that can be executed on a given systemdro
the goal is to establish a foothold in a system but it doesnt perform a significant amount of malicious actions it is the initial infection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

dropper

A

specific type of malware designed to initiate or run other malware forms within a payload on an infected host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

downloader

A

retrieve additional tools post the initial infection facilitated by a dropper

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

shell code

A

broader term that encompasses the lightweight code meant to execute an exploit on a given targer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

stage 2 downloader

A

downloads and installs a remote acess trojan to conduct command and control on the victimized system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Actions on Objectives Phase

A

threat actors will execute primary objectives to meet core objectives like data exfiltrations
its when threat actors become advanced persistent threats

43
Q

concealment

A

used to help the threat actor prolong unauthroized access to a system by hiding tracks, erasing logs

44
Q

Living off the land

A

a strategy adopted by many advanced persistent threats and criminal orgs

45
Q

indicators of malware attacks

A

account lockouts
concurrent session utilization
impossible travel
blocked content (sudden increase in people trying to access blocked content)
resource consumption
resource inaccessibility (ransomware would do this)
out of cycle logging (odd times people are doing things)
missing logs
published or documented attacks

46
Q

Password attacks

A

brute force
dictionary
password praying
hybrid

47
Q

Brute Force attack

A

someone tries every possible character combinatio

48
Q

dictionary attack

A

uses a list of commonly known passwords, may include variations like Pa$$w0rd

49
Q

Password Spraying

A

a form of brute force that tries a few commonly used passwords against many accounts

50
Q

hybrid

A

brute force and dictionary

51
Q

Types of DDoS attacks

A

denial of service
amplified DDoS
Amplification Factor: The ratio of response size to request size. Higher amplification factors mean more effective attacks. For example, a small query can trigger a large response.
Exploited Protocols: Commonly used protocols include DNS (Domain Name System), NTP (Network Time Protocol), SSDP (Simple Service Discovery Protocol), and Memcached. These protocols can be exploited because their responses are significantly larger than their requests.
Reflected DDoS NTP Reflection: An attacker sends a request to an NTP server with the “monlist” command using the target’s IP address as the source. The NTP server responds to the target with a large amount of data, reflecting the attack traffic. Basically the victim ends up attacking itself

52
Q

Types of DNS attacks

A

DNS Cache Poisoning
DNS Amplification
DNS Tunneling
Domain Hijacking
DNS Zone Transfer

DNS Cache Poisoning:
Think of DNS like a phone book that translates website names (like google.com) into numbers (IP addresses) that computers understand. DNS cache poisoning is like sneaking a fake phone number into the phone book. When someone looks up a website, they might get directed to the wrong place, like a fake website set up by a hacker.

DNS Amplification:
Imagine you ask a question, and instead of getting a short answer, you get a super long and loud reply. DNS amplification is kind of like that. Hackers send a small question to a server, but the server sends back a huge and loud answer to the target. It’s like making a whisper into a shout.

DNS Tunneling:
This is a bit like sending secret messages through a tunnel. Instead of using the internet for normal stuff, hackers can sneak their own data through DNS requests. It’s like hiding a letter inside another letter. This lets them sneak data past security measures.

Domain Hijacking:
Think of your website like your house. Domain hijacking is like someone breaking into your house, changing the locks, and pretending they own it. Hackers steal control of a website by taking over the domain name. They can redirect visitors to fake sites or steal information.

DNS Zone Transfer:
A DNS zone is like a neighborhood in the phone book where all the addresses are listed. Zone transfer is like someone copying down the whole neighborhood’s addresses. Hackers use this to get all the info about a website’s addresses and settings, which they can use to plan other attacks.

These simpler explanations should give you a clearer picture of what these terms mean in the context of cybersecurity and internet security.

53
Q

DoS

A

denial of service used to make computer’s resources unavailable

54
Q

types of DoS attacks

A

flood attacks (ping and syn)
permanent Denial of service
Fork Bomb
DDoS

55
Q

Ping Flood

A

DoS attack overloads a server with ICMP echo ping requests

56
Q

Syn Flood

A

DoS attack
initiating multiple TCP sessions but not completing 3 way handshake

57
Q

PDOS

A

permanent denial of service
exploits security flaws to break a networking device permanently by re flashing its firmware

58
Q

Fork Bomb

A

DoS attack
think of eating and getting hungrier because your stomach is bigger and getting fatter and fatter
create a large number of processes, not considered a worm
self replicating nature causes DoS

59
Q

DDoS

A

distributed denial of service
involves multiple machines attacking a single server

60
Q

DNS Amplification

A

DDoS attack that allows an attacker to initiate DNS requests from a spoof IP address to flood a website

61
Q

Black Hole or Sinkhole

A

Mitigation against DoS and DDoS to route traffic to a non existent server temporarily

62
Q

IPS

A

intrusion prevention system
can identify and respond to DoS attacks for small scale incidents

63
Q

Elastic Cloud Infrastructure

A

scaling infrastructure when needed to handle large scale attacks

64
Q

Specialized Cloud Service Providers

A

Provide web app filtering, content distribution and robust network defenses Cloud Flare ex

65
Q

DNS

A

domain name system
fundamental component of the internet that translates human friendly domain names into ip addresses

66
Q

DNS Cache poisoning spoofing

A

corrupts a DNS resolver’s cache with false info
redirects user to malicious websites

67
Q

DNSSEC

A

domain name system security extensions to add digitial signatures to dns data

68
Q

DNS amplification attack

A

overwhelms a target system with DNS response traffic by exploiting DNS resolution process

69
Q

DNS Tunneling

A

encapsulates non dns traffic

70
Q

Domain Hijacking Domain Theft

A

unauthorized change of domain registration

71
Q

DNS Zone Transfer

A

attempts to obtain an entire DNS zone data copy
exposes sensitive info about a domains network infrastructure

72
Q

Directory Traversal Attack

A

an injection attack occurs when an attacker inserts malicious code through the app interface
app attack that allows access to commands, files and directoiries
../../../
attackers may use encoding like %e%e%e

73
Q

File Inclusion

A

web app vulnerability that allows an attacker either to download a file from an arbitrary location on the host file system or to upload an executable or script file to open a backdoor

74
Q

remote file inclusion

A

an attacker executes ascript to inject a remote file into the web app or website user = http://malware.bad/malicious file.php

75
Q

Arbitrary Code Execution

A

vulnerability allows an attacker to run their code without restrictions

76
Q

remote code execution

A

type of arbitrary code execution that occurs remotely often over internet

77
Q

privilege escalation

A

gaining higher level permissions then originally assigned

78
Q

vertical privilege escalation

A

going from normal user to higher privilege

79
Q

horizontal privilege escalation

A

accessing or modifying resources at the same level as the attacker
occurs when a user attempts to access resources for which they dont have permissions at the samer level

80
Q

rootkit

A

class of malware that conceals its presense by modifying system files often at the kernel level

81
Q

Kernel rootkit

A

ring zero
has max privileges

82
Q

user mode rootkit

A

rings 1-3 has admin privileges

83
Q

Reply attack

A

a type of network based attack where valid data transmissions are maliciously fraudulently repeated or delayed
involves intercepting data analyzing it and deciding whether to retransmit it later
different then a session hijack where the attacker alters real time data transamission

84
Q

Credential reply attack

A

specific reply attack that involves capturing user credentials during a session and reusing them

85
Q

session management

A

fundamental security component in web apps
enabled web apps to uniquely identify a user across a number of different actions and reqests while keeping state of the data generated by the user

86
Q

cookie

A

text file used to store info about a user when they visit a website

87
Q

session cookies

A

non persistent reside in memory and deleted when the browser is closed

88
Q

persistent cookies

A

stored in browser cache until they are deleted or reach an expiration date

89
Q

session hijacking

A

a type of spoofing attack where an attacker disconnects a host and then replaces it with his or her own machine spoofing the original hosts ip address

90
Q

session prediction attacks

A

a spoofing attack where the attacker attempts to preduct the session token

91
Q

cookie poisoning

A

modifies the contents of a cookie after it has been generated and sent to web service from clients browser

92
Q

on path attack

A

an attack where the attacker positions their workstation logically between two hosts during communication the attacker then captures monitors and relays communications between the two hosts

93
Q

on path ARP poisoning

A

manipulating address resolution protocol tables to redirect network traffic

94
Q

DNS poisoning

A

altering dns responses to reroute traffic In the digital world, DNS poisoning works similarly. DNS (Domain Name System) is like a phone book that translates website names (like google.com) into numbers (IP addresses) that computers understand. DNS poisoning is when a hacker sneaks into the DNS system and changes the records. So, when you try to visit a website, your computer gets directed to the wrong place, like a fake website set up by the hacker.

95
Q

Rogue wireless access point

A

creating a fake wireless access point to intercept traffic

96
Q

rogue hub or switch

A

introducing a malicious hub to capture data on a wired network

97
Q

Replay attack

A

occurs when attacker captures valid data and then replays it without delay common in wireless network attacks

98
Q

Relay Attack

A

the attacker becomes part of the conversation between two hosts serves as a proxy and can read or modify communications between hosts

99
Q

SSL Stripping

A

an attack that tricks the encrpytion app into presenting an http connection isnted of https

100
Q

downgrade attack

A

an attacker forces a client or server to abandon its higher security mode in favor of a lower one

101
Q

LDAP

A

lightweight directory access protocol
an open vendor neutral industry standard app protocol for accessing and maintaining distributed directory info services over an internet protocol network

102
Q

LDAP Injection

A

an app attack that targets web based apps by fabricating ldap statements that are typically created by user input

103
Q

Command injection

A

occurs when threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application

104
Q

process injection

A

method of executing arbitrary code in the address space of a separate live process