Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cyber Security Fundamentals > 4. Ethical Hacking > Flashcards

4. Ethical Hacking Flashcards

1
Q

computer misuse act

A

unethical hacking is against the law

  • unauthorised access to computer materials
  • unauthorised access with intent to commit of facilitate crime
  • unauthorised modification computer materials
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is hacking

A

breaking into computer systems for personal, professional, military gains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

international laws

A

when actions cross borders, abide by MOUs. If not look at ethics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is a hacker

A

anyone who breaks into computer system

  1. white hat
    - authorised to hack
  2. black hat
    - unauthorised
    - malicious intent
  3. grey hat
    - sometimes good sometimes bad

communicate with leet speak (1337)

greatest risk are unhappy employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

types of pen testing

A
  1. black box
    - attacker is in steath mode
    - typically, attacker has no preknowledge of target system
    - employees may be included in the test
  2. white box
    - tester is open and thorough
    - test all known assets of the system
    - does not need to cover tracks
    - detailed information regarding target is known prior
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

pen testing activites

A
  1. reconnaissance
  2. scanning and enumeration
  3. exploitation
  4. post exploitation
  5. covering tracks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

reconnaissance

A

gather information about target

  • google dorking
  • social engineering
  • dumpster diving
  • looking for names, emails, IP address, technologies used, vulnerabilities of technologies
  1. passive
    - gather data without target knowledge
  2. active
    - interact directly with target
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

scanning and enumeration

A
  • have a list of ip address to attack
  • scan the ports of each IP to look for open ports
  • services running behind port can be attacked
  • use pings to check if target is up before scanning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

exploitation

A
  • know what exploits to run against known vulnerability
  • exploit with suitable tools and techniques
  • goal is to get admin access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

post exploitation

A
  • most payload do not give permanent access

- setup backdoor or account to maintain access even if system gets rebooted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

cover tracks

A

black hat

  • wants to keep using techniques and tools
  • hide exploit files
  • erase presence

white hat

  • restore system to original state
  • write pen test report that covers the scope, objectives, records, findings, and how to patch vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Cyber Security Fundamentals (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions