Advanced Cyber Attacks Flashcards
A type of Distributed Denial-of-Service (DDoS) attack where the attacker exploits publicly accessible servers to amplify the attack’s impact on the target.
Example: An attacker uses a vulnerable server to send a large volume of traffic to overwhelm a target system.
Amplified DDoS attack
A DDoS attack that aims to overwhelm the target’s network by flooding it with high volumes of traffic, consuming all available bandwidth.
Example: A massive traffic flood that causes a website to become inaccessible by using up all its bandwidth.
Volumetric DDoS attack
An attack where the attacker sends traffic to a third-party server, which then redirects it to the target, making it appear as if the traffic originated from the server.
Example: An attacker sends a request to a server, which then forwards the request to a target, making it harder to trace the source.
Reflected DDoS attack
A DDoS attack that targets specific applications or services on a server, aiming to exhaust system resources and make them unavailable.
Example: An attacker sends a series of complex requests to a web application, overloading its processing capabilities.
Application DDoS attack
A type of attack where an attacker falsifies DNS records to redirect traffic from a legitimate website to a malicious one.
Example: A user is redirected to a fake login page after entering a website’s URL due to manipulated DNS records.
DNS Spoofing
A cyber attack where attackers use previously leaked username and password combinations to gain unauthorized access to accounts on other sites.
Example: An attacker tries multiple username and password combinations from past data breaches to break into online banking accounts.
Credential Stuffing
An attack where an attacker registers a domain name that is similar to a popular one, often to steal traffic or impersonate a legitimate site.
Example: An attacker registers a slightly misspelled version of a popular brand’s website to deceive users into visiting it.
URL Hijacking
The act of gaining unauthorized access to a registered domain name and transferring it to a different owner, often for malicious purposes.
Example: An attacker gains control over a company’s domain name and transfers it to another registrar to sell it.
Domain Hijacking
An attack where a malicious actor inserts false DNS records into a resolver’s cache, redirecting users to fraudulent or malicious sites.
Example: A user unknowingly visits a fake website after the DNS cache was manipulated to redirect traffic.
DNS cache poisoning
An attack where an attacker sends spoofed Address Resolution Protocol (ARP) messages to associate their MAC address with the IP address of another device, enabling interception of traffic.
Example: A network attacker intercepts data meant for another user by manipulating address resolution.
ARP poisoning
A malicious tactic where an attacker registers domain names similar to popular ones to exploit users who make typing errors.
Example: A user intending to visit a legitimate site ends up on a fraudulent page due to a misspelled URL.
Typosquatting
An attack in which a single entity creates multiple fake identities to manipulate or disrupt a system, especially in peer-to-peer networks.
Example: A network is overwhelmed with fake nodes created by an attacker to control decision-making.
Sybil Attack
An unauthorized wireless access point installed on a network, often used by attackers to intercept traffic or gain access.
Example: An attacker sets up an unauthorized device to mimic a company’s Wi-Fi network and steal credentials.
Rogue (AP) Access Point
A secure server used to bridge access between different security zones, often for administrative purposes in sensitive environments.
Example: Administrators use this system to securely connect to production servers in a restricted network.
Jump Server
A basic network device that connects multiple devices on a LAN and lacks advanced management or configuration features.
Example: A simple device used to expand a home network without any administrative setup.
Unmanaged Switch
A hardware device used to monitor and capture network traffic without interrupting the flow of data between devices.
Example: Security teams use this device to passively analyze network traffic for suspicious activity.
Network Tap
An attack that sends spoofed disassociation frames to a wireless network, forcing connected devices to disconnect from the access point.
Example: A user’s device repeatedly disconnects from a Wi-Fi network due to malicious interference.
Wireless Disassociation Attack
An attack where a malicious actor disrupts wireless communication by overwhelming the network with interference or noise.
Example: Devices in a specific area cannot connect to Wi-Fi due to intentional signal interference.
Wireless Jamming
A wireless technology that allows data exchange between devices in close proximity, typically within a few centimeters.
Example: A smartphone is used to make a contactless payment at a point-of-sale terminal.
NFC Communication (Near Field Communication)
An attack that exploits weaknesses in the initialization vector of encryption algorithms to reveal plaintext or encryption keys.
Example: An attacker captures wireless packets and analyzes their initialization vectors to crack the network key.
IV Attack (Initialization Vector Attack)
The practice of driving around with a device to locate and map wireless networks, often targeting unsecured or poorly secured networks.
Example: A person uses a laptop and antenna to search for open Wi-Fi networks while driving through a neighborhood.
War Driving
An attack where a malicious actor creates a rogue wireless network using the same SSID as a legitimate one to trick users into connecting.
Example: A fake Wi-Fi network mimics the name of a trusted public hotspot to intercept user data.
SSID Spoofing
A unique identifier assigned to a user’s session with a system or application, used to track and manage interactions.
Example: A web server assigns a temporary identifier to keep a user logged into their account during a session.
Session ID
An attack where an attacker uses a hashed password, instead of cracking it, to authenticate and gain unauthorized access to a system.
Example: A hashed credential is intercepted from a compromised machine and reused to log into another system.
Pass-The-Hash Attack
A type of brute force attack where an attacker tries a small set of commonly used passwords across many accounts, rather than targeting a single account with many passwords.
Example: An attacker attempts to log into multiple accounts using a set of simple passwords like “123456” or “password.”
Spraying Attack
An attack where malicious code is inserted into a program or system, causing it to execute unintended actions or compromise security.
Example: An attacker injects a script into a web form that allows them to access sensitive database information.
Code Injection
The act of capturing and analyzing data packets transmitted over a network to intercept sensitive information.
Example: An attacker uses a packet sniffer to capture login credentials sent over an unencrypted network.
Packet Sniffing
An attack where a user is tricked into performing unwanted actions on a web application where they are authenticated, often leading to unauthorized actions.
Example: A user unknowingly submits a form that transfers money from their account while logged into their banking app.
CSRF/XSRF Attack (Cross-Site Request Forgery)
An attack where malicious XML data is inserted into a web application’s input, exploiting weaknesses in XML parsers to execute unauthorized actions.
Exploit targets web applications that generate content used to store and transport data?
XML (Extensible Markup Language) Injection Attack
An attack where malicious input is injected into a Lightweight Directory Access Protocol (LDAP) query, allowing an attacker to manipulate or bypass authentication processes.
Example: An attacker enters a specially crafted string into a login form that modifies an LDAP query, granting unauthorized access.
Lightweight Directory Access Protocol (LDAP) Injection Attack
A path traversal attack where an attacker uses the ../ (dot-dot-slash) sequence to navigate the file system and access directories or files outside of the intended directory.
Example: An attacker manipulates a URL to access sensitive system files by including ../ sequences in the file path.
Dot-dot-slash attack
An attack where an attacker manipulates file paths to access files and directories outside of the intended directory, often exploiting vulnerabilities in web applications.
Example: An attacker uses ../ to escape the intended directory and view sensitive files like /etc/passwd on a server.
Directory Traversal Attack
An attack where an attacker forces a system to use a weaker or less secure version of a protocol or encryption, making it easier to exploit vulnerabilities.
Example: An attacker intercepts a secure HTTPS connection and forces it to use an outdated SSL/TLS version with known weaknesses.
Downgrade Attack
An attack where the attacker has access to both the ciphertext and its corresponding plaintext, allowing them to derive the encryption key.
Example: An attacker uses a known plaintext (like an encrypted message header) to break the encryption and reveal the rest of the message.
KPA (Known-Plaintext Attack)
A type of brute force attack where the attacker uses a precompiled list of possible passwords (a dictionary) to guess the correct password.
Example: An attacker uses a list of common words to crack a password rather than trying every possible character combination.
Dictionary Attack
An attack that exploits the probability of finding two inputs that produce the same hash value, based on the birthday paradox in probability theory.
Example: An attacker finds two different messages that result in the same hash value, which can be used to undermine digital signatures.
Birthday Attack
An attack method where an attacker systematically tries all possible combinations of passwords or encryption keys until the correct one is found.
Example: An attacker uses software to try every possible password combination for an account, such as “a1b2c3” to crack a password.
Brute-Force Attack
A system for identifying and cataloging publicly known cybersecurity vulnerabilities and exposures.
CVE (Common Vulnerabilities and Exposures)
Artifacts or data that provide evidence of a security breach, such as IP addresses, file hashes, or registry keys.
IoC (Indicators of Compromise)
A system or platform used to share cyber threat indicators automatically between organizations or security systems.
AIS (Automated Indicator Sharing)
The process of collecting and analyzing publicly available information from open sources to gather intelligence.
Example: An attacker gathers information from social media profiles to craft a targeted phishing attack.
OSINT (Open Source Intelligence)
The use of multiple active sessions by the same user across different devices or locations, which can increase the risk of unauthorized access.
Example: A user logs into their account from both their phone and laptop simultaneously, creating multiple active sessions.
Concurrent session usage
A system that allows users to authenticate once and gain access to multiple applications or services without needing to log in separately for each one.
Example: A user logs in to their company portal, and automatically gains access to email, calendar, and other tools without re-entering credentials.
Single Sign-On (SSO)
An anomaly detection technique used to identify suspicious logins or activities, where a user appears to log in from two geographically distant locations in an unrealistically short period.
Example: A user logs in from New York and then from Tokyo within minutes, which would be impossible to achieve in the given time frame.
Impossible travel
A security control that limits the hours during which users are allowed to log into a system, reducing the risk of unauthorized access outside of designated times.
Example: A company restricts employee logins to weekdays between 9:00 AM and 5:00 PM, preventing access after hours.
Login Time Restrictions
The process of logging events or activities that occur outside of the regular monitoring schedule, often used to capture irregular or unexpected behavior.
Example: Security systems generate logs for unusual access attempts that happen outside of normal business hours for further investigation.
Out-of-Cycle Logging
A situation where a user or system is unable to access necessary resources due to permission issues, outages, or malicious actions.
Example: A user cannot access shared files on a network due to a misconfigured access control setting.
Resource inaccessibility
The absence of expected log data, which can hinder incident detection and investigation, often caused by misconfiguration or tampering.
Example: An attacker deletes logs to cover their tracks, preventing administrators from identifying the breach.
Missing logs
A network segment placed between an internal network and an external network (such as the internet), designed to add an extra layer of security by isolating public-facing services.
Example: A company places its web server in this area to allow external users to access it while keeping internal networks protected.
DMZ (Demilitarized Zone)
