2.4 Flashcards
(104 cards)
1
Q
Brute force Attacks
A
forcible entry
tampering with security devices
confronting security personnel
ramming barriers with vehicles
2
Q
Viruses and types
A
Made up of malicious code thats run a machine without a users knowledge
boot sector
macro
program
multipartite
encrypted
polymorphic
metamorphic
stealth
armored
hoax
3
Q
boot sector virus
A
stored on first section of hard drive and is loaded into memory when the computer is booted
4
Q
Macro virus
A
form of code that allows a virus to be embedded inside another document
5
Q
Program virus
A
6
Q
multipartite virus
A
combo of boot virus and program virus
7
Q
encrypted virus
A
designed to hide itself from being detected by encrypting its malcious code so anti virus software will not detect it
8
Q
Polymorphic virus
A
advanced form of encrypted, it changes the viruses code each time it is executed by altering the decryption module in order for it to evade detection
9
Q
Metamorphic virus
A
more advanced then polymorhpic able to rewrite themselves entirely before it attempts to infect a given file
10
Q
stealth virus
A
technique used to prevent the virus from being detected by the anti virus software
11
Q
armored virus
A
have a layer of protection to confuse a program or a person who is trying to analyze it
12
Q
hoax
A
form of technical social engineering that attempts to scare our end users into taking some kind of undesirable action on their system (a message pops up saying you have a virus and gives you steps to remove it)
13
Q
worm
A
unlike a virus that requires a user action, a worm replicates itself in the network without any action it takes advantage of vulnerabilities in os or apps aka missing security patches
it is malicious software
14
Q
trojan
A
piece of malicious code that is disguised as harmless or desirable software could be a tetris game for example
15
Q
RAT Remote Access Trojan
A
widely used by modern attackers because it provides the attacker with remote control of a victim machine
16
Q
Ransomeware
A
type of malicious software designed to block access to a system by encrypting data until a ransom is paid
17
Q
Zombies
A
Name of a compromised system that is part of a botnet. It is used to perform tasks using remote commands from the attacker without user knowledge
attakers often use only 20-25% of zombies power
18
Q
Botnet
A
a network compromised of zombies controlled by malicious actors
mostly used for DDoS
19
Q
Command and Control Node
A
Computer responsible for managing and coordinating the activities of other nodes or devices within a network
20
Q
Rootkit
A
Digs deeply into OS to embed itself there and gain admin privileges over a system without being detected
can open and shut ports, delete programs install programs etc
21
Q
Ring 3
A
outermost ring where user permissions are used
22
Q
Ring 0
A
inntermost or highest permission level aka kernel mode
23
Q
kernel mode
A
allows a system to control access to things like device drivers, sound card, monitor etc
24
Q
DLL Injection
A
Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic link library
25
DLL
Dynamic Link Library
collection of code and data that can be used by multiple programs simultaneously to allow for code reuse and modularization in software development
device drivers for example have dll programs
26
Shim
piece of software code that is placed between two components and that intercepts the calls between those components and can redirect them can be used to -non maliciously or maliciously. Use code signing
27
Backdoor
originally placed in computer programs to bypass normal authentication functions most often by programmers
28
Easter Egg
a hidden feature or novelty within a program usually an inside joke. Generally these have a lot of vulnerabilities because they arent tested as rigorously and are added right before the program is completed
29
logic bombs
malicious code inserted into a program and only executes when certain conditions are met. fired employee may do it
30
keylogger
software or hardware that records keystrokes
31
software keylogger
usually delivered through social engineering attack like phishing
32
hardware keylogger
physical device that is plugged into the computer. anti virus software may not detect and think its a real keyboard
33
spyware
malicious software that is designed to gather and send info about a user or org without their knowledge
34
bloatware
any pre-installed software that you did not specifically request. It wastes storage space, slows performance etc
35
malware exploitation technique
specific method by which malware code penetrates and infects a targeted system
36
fileless malware
used to create process in the system memory without relying on the local file system of the infected host
anti irus software usually scans the filesystem however fileless malware relies on RAM making it difficult to detect. It maintains persistence and evades signature based detection methods. It bypasses many traditional security measures
37
stage 1 dropper or downloaded
piece of malware that is usually created as a lightweight shell code that can be executed on a given systemdro
the goal is to establish a foothold in a system but it doesnt perform a significant amount of malicious actions it is the initial infection
38
dropper
specific type of malware designed to initiate or run other malware forms within a payload on an infected host
39
downloader
retrieve additional tools post the initial infection facilitated by a dropper
40
shell code
broader term that encompasses the lightweight code meant to execute an exploit on a given targer
41
stage 2 downloader
downloads and installs a remote acess trojan to conduct command and control on the victimized system
42
Actions on Objectives Phase
threat actors will execute primary objectives to meet core objectives like data exfiltrations
its when threat actors become advanced persistent threats
43
concealment
used to help the threat actor prolong unauthroized access to a system by hiding tracks, erasing logs
44
Living off the land
a strategy adopted by many advanced persistent threats and criminal orgs
45
indicators of malware attacks
account lockouts
concurrent session utilization
impossible travel
blocked content (sudden increase in people trying to access blocked content)
resource consumption
resource inaccessibility (ransomware would do this)
out of cycle logging (odd times people are doing things)
missing logs
published or documented attacks
46
Password attacks
brute force
dictionary
password praying
hybrid
47
Brute Force attack
someone tries every possible character combinatio
48
dictionary attack
uses a list of commonly known passwords, may include variations like Pa$$w0rd
49
Password Spraying
a form of brute force that tries a few commonly used passwords against many accounts
50
hybrid
brute force and dictionary
51
Types of DDoS attacks
denial of service
amplified DDoS
Amplification Factor: The ratio of response size to request size. Higher amplification factors mean more effective attacks. For example, a small query can trigger a large response.
Exploited Protocols: Commonly used protocols include DNS (Domain Name System), NTP (Network Time Protocol), SSDP (Simple Service Discovery Protocol), and Memcached. These protocols can be exploited because their responses are significantly larger than their requests.
Reflected DDoS NTP Reflection: An attacker sends a request to an NTP server with the "monlist" command using the target's IP address as the source. The NTP server responds to the target with a large amount of data, reflecting the attack traffic. Basically the victim ends up attacking itself
52
Types of DNS attacks
DNS Cache Poisoning
DNS Amplification
DNS Tunneling
Domain Hijacking
DNS Zone Transfer
DNS Cache Poisoning:
Think of DNS like a phone book that translates website names (like google.com) into numbers (IP addresses) that computers understand. DNS cache poisoning is like sneaking a fake phone number into the phone book. When someone looks up a website, they might get directed to the wrong place, like a fake website set up by a hacker.
DNS Amplification:
Imagine you ask a question, and instead of getting a short answer, you get a super long and loud reply. DNS amplification is kind of like that. Hackers send a small question to a server, but the server sends back a huge and loud answer to the target. It's like making a whisper into a shout.
DNS Tunneling:
This is a bit like sending secret messages through a tunnel. Instead of using the internet for normal stuff, hackers can sneak their own data through DNS requests. It's like hiding a letter inside another letter. This lets them sneak data past security measures.
Domain Hijacking:
Think of your website like your house. Domain hijacking is like someone breaking into your house, changing the locks, and pretending they own it. Hackers steal control of a website by taking over the domain name. They can redirect visitors to fake sites or steal information.
DNS Zone Transfer:
A DNS zone is like a neighborhood in the phone book where all the addresses are listed. Zone transfer is like someone copying down the whole neighborhood's addresses. Hackers use this to get all the info about a website's addresses and settings, which they can use to plan other attacks.
These simpler explanations should give you a clearer picture of what these terms mean in the context of cybersecurity and internet security.
53
DoS
denial of service used to make computer's resources unavailable
54
types of DoS attacks
flood attacks (ping and syn)
permanent Denial of service
Fork Bomb
DDoS
55
Ping Flood
DoS attack overloads a server with ICMP echo ping requests
56
Syn Flood
DoS attack
initiating multiple TCP sessions but not completing 3 way handshake
57
PDOS
permanent denial of service
exploits security flaws to break a networking device permanently by re flashing its firmware
58
Fork Bomb
DoS attack
think of eating and getting hungrier because your stomach is bigger and getting fatter and fatter
create a large number of processes, not considered a worm
self replicating nature causes DoS
59
DDoS
distributed denial of service
involves multiple machines attacking a single server
60
DNS Amplification
DDoS attack that allows an attacker to initiate DNS requests from a spoof IP address to flood a website
61
Black Hole or Sinkhole
Mitigation against DoS and DDoS to route traffic to a non existent server temporarily
62
IPS
intrusion prevention system
can identify and respond to DoS attacks for small scale incidents
63
Elastic Cloud Infrastructure
scaling infrastructure when needed to handle large scale attacks
64
Specialized Cloud Service Providers
Provide web app filtering, content distribution and robust network defenses Cloud Flare ex
65
DNS
domain name system
fundamental component of the internet that translates human friendly domain names into ip addresses
66
DNS Cache poisoning spoofing
corrupts a DNS resolver's cache with false info
redirects user to malicious websites
67
DNSSEC
domain name system security extensions to add digitial signatures to dns data
68
DNS amplification attack
overwhelms a target system with DNS response traffic by exploiting DNS resolution process
69
DNS Tunneling
encapsulates non dns traffic
70
Domain Hijacking Domain Theft
unauthorized change of domain registration
71
DNS Zone Transfer
attempts to obtain an entire DNS zone data copy
exposes sensitive info about a domains network infrastructure
72
Directory Traversal Attack
an injection attack occurs when an attacker inserts malicious code through the app interface
app attack that allows access to commands, files and directoiries
../../../
attackers may use encoding like %e%e%e
73
File Inclusion
web app vulnerability that allows an attacker either to download a file from an arbitrary location on the host file system or to upload an executable or script file to open a backdoor
74
remote file inclusion
an attacker executes ascript to inject a remote file into the web app or website user = http://malware.bad/malicious file.php
75
Arbitrary Code Execution
vulnerability allows an attacker to run their code without restrictions
76
remote code execution
type of arbitrary code execution that occurs remotely often over internet
77
privilege escalation
gaining higher level permissions then originally assigned
78
vertical privilege escalation
going from normal user to higher privilege
79
horizontal privilege escalation
accessing or modifying resources at the same level as the attacker
occurs when a user attempts to access resources for which they dont have permissions at the samer level
80
rootkit
class of malware that conceals its presense by modifying system files often at the kernel level
81
Kernel rootkit
ring zero
has max privileges
82
user mode rootkit
rings 1-3 has admin privileges
83
Reply attack
a type of network based attack where valid data transmissions are maliciously fraudulently repeated or delayed
involves intercepting data analyzing it and deciding whether to retransmit it later
different then a session hijack where the attacker alters real time data transamission
84
Credential reply attack
specific reply attack that involves capturing user credentials during a session and reusing them
85
session management
fundamental security component in web apps
enabled web apps to uniquely identify a user across a number of different actions and reqests while keeping state of the data generated by the user
86
cookie
text file used to store info about a user when they visit a website
87
session cookies
non persistent reside in memory and deleted when the browser is closed
88
persistent cookies
stored in browser cache until they are deleted or reach an expiration date
89
session hijacking
a type of spoofing attack where an attacker disconnects a host and then replaces it with his or her own machine spoofing the original hosts ip address
90
session prediction attacks
a spoofing attack where the attacker attempts to preduct the session token
91
cookie poisoning
modifies the contents of a cookie after it has been generated and sent to web service from clients browser
92
on path attack
an attack where the attacker positions their workstation logically between two hosts during communication the attacker then captures monitors and relays communications between the two hosts
93
on path ARP poisoning
manipulating address resolution protocol tables to redirect network traffic
94
DNS poisoning
altering dns responses to reroute traffic In the digital world, DNS poisoning works similarly. DNS (Domain Name System) is like a phone book that translates website names (like google.com) into numbers (IP addresses) that computers understand. DNS poisoning is when a hacker sneaks into the DNS system and changes the records. So, when you try to visit a website, your computer gets directed to the wrong place, like a fake website set up by the hacker.
95
Rogue wireless access point
creating a fake wireless access point to intercept traffic
96
rogue hub or switch
introducing a malicious hub to capture data on a wired network
97
Replay attack
occurs when attacker captures valid data and then replays it without delay common in wireless network attacks
98
Relay Attack
the attacker becomes part of the conversation between two hosts serves as a proxy and can read or modify communications between hosts
99
SSL Stripping
an attack that tricks the encrpytion app into presenting an http connection isnted of https
100
downgrade attack
an attacker forces a client or server to abandon its higher security mode in favor of a lower one
101
LDAP
lightweight directory access protocol
an open vendor neutral industry standard app protocol for accessing and maintaining distributed directory info services over an internet protocol network
102
LDAP Injection
an app attack that targets web based apps by fabricating ldap statements that are typically created by user input
103
Command injection
occurs when threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application
104
process injection
method of executing arbitrary code in the address space of a separate live process
