Attacks, Threats, and Vulnerabilities

Question 1

viruses

Answer 1

An unsolicited and unwanted malicious program

Question 2

Crypto-malware

Answer 2

A malicious program that encrypts programs and files on the computer in order to extort money from the user

Question 3

Ransomware

Answer 3

Denies access to a computer system or data until a ransom is paid. Can be spread through a phishing email or unknowingly infected website

Question 4

Worm

Answer 4

A self-contained infection that can spread itself through networks, emails, and messages

Question 5

Trojan

Answer 5

A form of malware that pretends to be a harmless application

Question 6

Rootkit

Answer 6

backdoor program that allows full remote access to a system

Question 7

Keylogger

Answer 7

A malicious program that saves all of the keystrokes of the infected machine.

Question 8

Adware

Answer 8

A program that produces ads and pop ups using your browser, may replace the original browser and produce fake ads to remove the adware in order to download more malware

Question 9

Spyware

Answer 9

Software that installs itself to spy on the infected machine, sends the stolen information over the internet back to the host machine

Question 10

Bots

Answer 10

AI that when inside an infected machine performs specific actions as a part of a larger entity known as a botnet

Question 11

RAT (Remote Access Trojan)

Answer 11

A remotely operated Trojan.

Question 12

Logic bomb

Answer 12

A malicious program that lies dormant until a specific date or event occurs

Question 13

Backdoor

Answer 13

Allows for full access to a system remotely

Question 14

Phishing

Answer 14

Sending a false email pretending to be legitimate to steal valuable information from the user

Question 15

Spear phishing

Answer 15

Attacks that target specific users

Question 16

Whaling

Answer 16

An attack on a powerful or wealthy individual

Question 17

Vishing

Answer 17

An attack through a phone or voice communications

Question 18

Tailgating

Answer 18

Closely following individuals with keys to get access to secure areas

Question 19

Impersonation

Answer 19

Taking on the identity of an individual to get access into the system or communications protocol

Question 20

Dumpster diving

Answer 20

Going through a business’s or person’s trash to find thrown away valuable information or possessions

Question 21

Shoulder surfing

Answer 21

Watching as a person enters information

Question 22

Hoax

Answer 22

False information that deceives the user into compromising security by making them believe they are at risk

Question 23

Watering hole attack

Answer 23

A security attack that targets a specific highly secured group by infecting a commonly visited website by the group’s members

Question 24

Authority

Answer 24

The actor acts as an individual of authority

Question 25

Intimidation

Answer 25

Frightening or threatening the victim

Question 26

Consensus

Answer 26

Influenced by what others do, everyone else does it.

Question 27

Scarcity

Answer 27

Limited resources and time to act.

Question 28

Familiarity

Answer 28

The victim is well known

Question 29

Trust

Answer 29

Gain their confidence, be their friend

Question 30

Urgency

Answer 30

Limited time to act, rush the victim.

Question 31

Application/service attacks: DoS (Denial of Service):

Answer 31

Flooding a target machine or resource with many requests to overload the system and prevent use of its resources

Question 32

Application/service attacks: DDoS (Distributed Denial of Service)

Answer 32

Multiple different sources attack one victim.

Question 33

Application/service attacks: Man-in-the-middle

Answer 33

The attacker alters the communication between two parties who believe they are directly communicating

Question 34

Application/service attacks: Buffer overflow

Answer 34

A program attempts to write more data than can be held in fixed block of memory

Question 35

Application/service attacks: Injection

Answer 35

Occurs from processing invalid data, inserts code into the vulnerable computer program and changes the course of execution

Question 36

Application/service attacks: Cross-site scripting (XXS)

Answer 36

Found in web applications, allows for an attacker to inject client-side scripts in web pages

Question 37

Application/service attacks: Cross-site request forgery (XSRF)

Answer 37

Unauthorized commands are sent from a user that is trusted by the website. Allows the attacker to steal cookies and harvest passwords

Question 38

Application/service attacks: Privilege escalation

Answer 38

An attack that exploits a vulnerability that allows them to gain access to resources that they normally would be restricted from accessing

Question 39

Application/service attacks: ARP poisoning

Answer 39

The act of falsifying the IP-to-MAC address resolution system employed by TCP/IP

Question 40

Application/service attacks: Amplification

Answer 40

The amount of traffic sent by the attacker is originally small but then is repeatability multiplied to place a massive strain on the victim’s resources, in an attempt to cause it to fail or malfunction

Question 41

Application/service attacks: DNS poisoning

Answer 41

Is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones

Question 42

Application/service attacks: Domain hijacking

Answer 42

The act of changing the registration of a domain name without the permission of the victim

Question 43

Application/service attacks: Man-in-the-browser

Answer 43

A proxy Trojan horse that infects web browsers and capture browser session data

Question 44

Application/service attacks: Zero day

Answer 44

The aim is to exploit flaws or vulnerabilities in targeted systems that are unknown or undisclosed to the world in general. Meaning that there is no direct or specific defense to the attack; which puts most systems vulnerable assets at risk

Question 45

Application/service attacks: Replay

Answer 45

Is a network-based attack where a valid data transmission is rebroadcasted, repeated, or delayed

Question 46

Application/service attacks: Pass the hash

Answer 46

An authentication attack that captures and uses the hash of a password. The attacker then attempts to log on as the user with the stolen hash. This type of attack is commonly associated with the Microsoft NTLM (New Technology LAN Manager) protocol

Question 47

Hijacking and related attacks: Clickjacking

Answer 47

Deceives the user into clicking on a malicious link by adding the link to a transparent layer over what appears to be a legitimate web page

Question 48

Hijacking and related attacks: Session hijacking

Answer 48

An attack in which an attacker attempts to impersonate the user by using their legitimate session token

Question 49

Hijacking and related attacks: URL hijacking

Answer 49

Redirects the user to a false website based on misspelling the URL, and is also referred to typosquatting

Question 50

Hijacking and related attacks: Typosquatting

Answer 50

An alternate name for URL hijacking

Question 51

Driver manipulation: Shimming

Answer 51

The process of injecting alternate or compensation code into a system in order to alter its operations without changing the original or existing code

Question 52

Driver manipulation: Refactoring

Answer 52

Rewrites the internal processing of code without changing its behavior.

Question 53

MAC spoofing

Answer 53

The attacker falsifies the MAC address of a device

Question 54

IP spoofing:

Answer 54

An intruder uses another site’s IP address to masquerade as a legitimate site

Question 55

Wireless attacks: Replay

Answer 55

This is a passive attack where the attacker captures wireless data, records it, and then sends it on to the original recipient without them being aware of the attacker’s presence

Question 56

Wireless attacks: IV (Initialization Vector):

Answer 56

A random number used to increase security by reducing predictability and repeatability

Question 57

Wireless attacks: Evil twin

Answer 57

Has same SSID (Service Set Identifier) as a proper access point (AP). Once a user connects to it, all wireless traffic goes through it instead of the real AP

Question 58

Wireless attacks: Rogue AP

Answer 58

An unauthorized WAP (Wireless Access Point) or Wireless Router that allows for attackers to bypass many of the network security configurations and opens the network and its users to attacks

Question 59

Wireless attacks: Jamming

Answer 59

Disabling a wireless frequency with noise to block the wireless traffic

Question 60

Wireless attacks: WPS (WiFi Protected Setup):

Answer 60

Allows users to easily configure a wireless network, sometimes by using only a PIN. The PIN can be found through a brute force attack

Question 61

Wireless attacks: Bluejacking

Answer 61

Sending unauthorized messages to a Bluetooth device

Question 62

Wireless attacks: Bluesnarfing

Answer 62

Gaining unauthorized access to, or stealing information from a Bluetooth device

Question 63

Wireless attacks: RFID (Radio Frequency Identifier):

Answer 63

Communicates with a tag placed in or attached to an object using radio signals. Can be jammed with noise interference, the blocking of radio signals, or removing/disabling the tags themselves

Question 64

Wireless attacks: NFC (Near Field Communication):

Answer 64

A wireless technology that allows for smartphones and other devices to establish communication over a short distance

Question 65

Wireless attacks: Disassociation

Answer 65

Removes clients from a wireless network

Question 66

Cryptographic attacks: Birthday

Answer 66

Used to find collisions in hashes and allows the attacker to be able to create the same hash as the user. Exploits that if the same mathematical function is performed on two values and the result is the same, then the original values are the same

Question 67

Cryptographic attacks: Known plain text/cipher text

Answer 67

1. Plain text: The attacker has both the plaintext and its encrypted version.
2. Cipher text: The attacker has access only to the encrypted messages.

Question 68

Cryptographic attacks: Rainbow tables

Answer 68

Large pregenerated data sets of encrypted passwords used in password attacks

Question 69

Cryptographic attacks: Dictionary

Answer 69

A password attack that creates encrypted versions of common dictionary words and then compares them against those in a stolen password file. Guessing using a list of possible passwords

Question 70

Cryptographic attacks: Brute force

Answer 70

A password-cracking program that tries every possible combination of characters through A to Z.

Question 71

Cryptographic attacks: Online vs. offline

Answer 71

1. Online: Is against a live logon prompt.
2. Offline: The attack is working on their own independent computers to compromise a password hash

Question 72

Cryptographic attacks: collision

Answer 72

When two different inputs produce the same hash value

Question 73

Cryptographic attacks: Downgrade

Answer 73

Forces a system to lessen its security, this allows for the attacker to exploit the lesser security control. It is most often associated with cryptographic attacks due to weak implementations of cipher suites. Example is TLS > SSL, a man-in-the-middle POODLE attack exploiting TLS v1.0 - CBC mode

Question 74

Cryptographic attacks: Replay

Answer 74

The attacker captures network packets and then retransmits them back onto the network to gain unauthorized access

Question 75

Cryptographic attacks: Weak implementations:

Answer 75

The main cause of failures in modern cryptography systems are because of poor or weak implementations instead of a failure caused by the algorithm itself

Question 76

Threat actor types: Script kiddies

Answer 76

A person who uses pre-existing code and scripts to hack into machines, because they lack the expertise to write their own.

Question 77

Threat actor types: Hacktivist

Answer 77

An individual who is someone who misuses computer systems for a socially or politically motivated agenda. They have roots in the hacker culture and ethics. Hacker on a mission

Question 78

Threat actor types: Organized crime

Answer 78

These are professionals motivated ultimately by profit. They have enough money to buy the best gear and tech. Multiple people perform specific roles: gathering data, managing exploits, and one who actually writes the code

Question 79

Threat actor types: Nation states/APT

Answer 79

An APT is an advanced persistent threat, these are massive security risks that can cost companies and countries millions of dollars. Nation states have very sophisticated hacking teams that target the security of other nations. They often attack military organizations or large security sites, they also frequently attack power plants

Question 80

Threat actor types: Insiders

Answer 80

Someone who is inside the company who has intricate knowledge of the company and how its network works. They can pinpoint a specific vulnerability and may even have access to multiple parts of the network

Question 81

Threat actor types: Competitors

Answer 81

Rival companies, can bring down your network or steal information through espionage

Question 82

Threat actor types: Level of sophistication:

Answer 82

Is the skill of the hacker and the complexity of the attack

Question 83

Threat actor types: Resources/funding

Answer 83

The amount of money and the value of the tech and gear being used

Question 84

Threat actor types: Intent/motivation

Answer 84

The reason for the attack, can be for political, monetary, or social reasons

Question 85

Threat actor types: Use of open-source intelligence (OSINT)

Answer 85

Data that is collected through publicly available information. This can be used to help make decisions. Can be used by threat actors to help find their next target or how to best attack their target. OSINT is also incredibly helpful for mitigating risks and for identifying new threat actors.

Question 86

Threat actor types: Internal/external

Answer 86

Internal is inside the company, can be intentional, unintentional, or an act of God. External is someone outside the company trying to get in.

Question 87

Penetration testing concepts: Active reconnaissance:

Answer 87

Is the use of tools to send data to systems and then understanding their responses. Usually starts with various network and vulnerability scanners. Can be incredibly illegal and should not be engaged without being prepared and proper authorization

Question 88

Penetration testing concepts: Passive reconnaissance:

Answer 88

You are not touching any of the target’s equipment. Instead you are going through and gathering that is already available. Forums and social media are great sources for gathering information about the company and its employees

Question 89

Penetration testing concepts: Pivot

Answer 89

In penetration testing it is using a compromised machine to attack other machines on the same network. Attacking and gaining access to an area of lower security in order to be more likely to have a successful attack on an area of greater security. Is also referred to as island hopping

Question 90

Penetration testing concepts: Initial exploitation

Answer 90

Usually the hardest part. A vulnerability is taken advantage of to get into the network or system

Question 91

Penetration testing concepts: Persistence

Answer 91

Installing backdoors or methods to keep access to the host or networks

Question 92

Penetration testing concepts: Black box

Answer 92

You know nothing of the network, you have no prior knowledge

Question 93

Penetration testing concepts: White box

Answer 93

You are given a network map and you have full knowledge of the configurations allowing you to perform specific tests

Question 93

Penetration testing concepts: Gray box

Answer 93

Knowledge of the network but not incredibly detailed

Question 94

Penetration testing concepts: Penetration testing vs. vulnerability scanning:

Answer 94

Penetration testing is an active attack on the network to exploit vulnerabilities, can assess potential damages and the potential of the exploits being found. Is done by a human. Vulnerability scans passively scans and identifies vulnerabilities. Is automated

Question 95

Penetration testing concepts: Escalation of privilege

Answer 95

Allows for a user to get a higher-level access than what authentication allows for. Can be resolved through patching and updating. Typically related to a bug or vulnerability

Question 96

Vulnerability scanning concepts: Passively test security controls

Answer 96

Uses an automated vulnerability scanner. Observes and reports findings. Does not take down systems, applications, or services, and doesn’t disrupt business

Question 97

Vulnerability scanning concepts: Identify vulnerability

Answer 97

Understanding common attacks and taking inventory of vulnerabilities

Question 98

Vulnerability scanning concepts: Identify lack of security controls

Answer 98

Vulnerability scanners can identify missing patches or antivirus

Question 99

Vulnerability scanning concepts: Identify common misconfigurations

Answer 99

Weak passwords, default usernames and passwords, and open ports.

Question 100

Vulnerability scanning concepts: Intrusive vs. non-intrusive

Answer 100

Intrusive testing can interrupt service, is much more detailed, and exploits vulnerabilities. Non-intrusive is more passive, does not exploit vulnerabilities, and does not disrupt service

Question 101

Vulnerability scanning concepts: Credentialed vs. non-credentialed

Answer 101

Credentialed are done as though it is inside the network, emulates an insider attack. Non-credentialed are done as though it is outside the network, emulates an outside attack. Shows what would be found if the network was scanned

Question 102

Vulnerability scanning concepts: False positive:

Answer 102

A result which shows incorrectly that a condition or attribute is present. A false vulnerability.

Question 103

Vulnerability scanning concepts: Identify lack of security controls

Answer 103

Vulnerability scanners can identify missing patches or antivirus