Attacks, Threats, and Vulnerabilities Flashcards
viruses
An unsolicited and unwanted malicious program
Crypto-malware
A malicious program that encrypts programs and files on the computer in order to extort money from the user
Ransomware
Denies access to a computer system or data until a ransom is paid. Can be spread through a phishing email or unknowingly infected website
Worm
A self-contained infection that can spread itself through networks, emails, and messages
Trojan
A form of malware that pretends to be a harmless application
Rootkit
backdoor program that allows full remote access to a system
Keylogger
A malicious program that saves all of the keystrokes of the infected machine.
Adware
A program that produces ads and pop ups using your browser, may replace the original browser and produce fake ads to remove the adware in order to download more malware
Spyware
Software that installs itself to spy on the infected machine, sends the stolen information over the internet back to the host machine
Bots
AI that when inside an infected machine performs specific actions as a part of a larger entity known as a botnet
RAT (Remote Access Trojan)
A remotely operated Trojan.
Logic bomb
A malicious program that lies dormant until a specific date or event occurs
Backdoor
Allows for full access to a system remotely
Phishing
Sending a false email pretending to be legitimate to steal valuable information from the user
Spear phishing
Attacks that target specific users
Whaling
An attack on a powerful or wealthy individual
Vishing
An attack through a phone or voice communications
Tailgating
Closely following individuals with keys to get access to secure areas
Impersonation
Taking on the identity of an individual to get access into the system or communications protocol
Dumpster diving
Going through a business’s or person’s trash to find thrown away valuable information or possessions
Shoulder surfing
Watching as a person enters information
Hoax
False information that deceives the user into compromising security by making them believe they are at risk
Watering hole attack
A security attack that targets a specific highly secured group by infecting a commonly visited website by the group’s members
Authority
The actor acts as an individual of authority
Intimidation
Frightening or threatening the victim
Consensus
Influenced by what others do, everyone else does it.
Scarcity
Limited resources and time to act.
Familiarity
The victim is well known
Trust
Gain their confidence, be their friend
Urgency
Limited time to act, rush the victim.
Application/service attacks: DoS (Denial of Service):
Flooding a target machine or resource with many requests to overload the system and prevent use of its resources
Application/service attacks: DDoS (Distributed Denial of Service)
Multiple different sources attack one victim.
Application/service attacks: Man-in-the-middle
The attacker alters the communication between two parties who believe they are directly communicating
Application/service attacks: Buffer overflow
A program attempts to write more data than can be held in fixed block of memory
Application/service attacks: Injection
Occurs from processing invalid data, inserts code into the vulnerable computer program and changes the course of execution
Application/service attacks: Cross-site scripting (XXS)
Found in web applications, allows for an attacker to inject client-side scripts in web pages
Application/service attacks: Cross-site request forgery (XSRF)
Unauthorized commands are sent from a user that is trusted by the website. Allows the attacker to steal cookies and harvest passwords
Application/service attacks: Privilege escalation
An attack that exploits a vulnerability that allows them to gain access to resources that they normally would be restricted from accessing
Application/service attacks: ARP poisoning
The act of falsifying the IP-to-MAC address resolution system employed by TCP/IP
Application/service attacks: Amplification
The amount of traffic sent by the attacker is originally small but then is repeatability multiplied to place a massive strain on the victim’s resources, in an attempt to cause it to fail or malfunction
Application/service attacks: DNS poisoning
Is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones
Application/service attacks: Domain hijacking
The act of changing the registration of a domain name without the permission of the victim
Application/service attacks: Man-in-the-browser
A proxy Trojan horse that infects web browsers and capture browser session data
Application/service attacks: Zero day
The aim is to exploit flaws or vulnerabilities in targeted systems that are unknown or undisclosed to the world in general. Meaning that there is no direct or specific defense to the attack; which puts most systems vulnerable assets at risk
Application/service attacks: Replay
Is a network-based attack where a valid data transmission is rebroadcasted, repeated, or delayed
Application/service attacks: Pass the hash
An authentication attack that captures and uses the hash of a password. The attacker then attempts to log on as the user with the stolen hash. This type of attack is commonly associated with the Microsoft NTLM (New Technology LAN Manager) protocol
Hijacking and related attacks: Clickjacking
Deceives the user into clicking on a malicious link by adding the link to a transparent layer over what appears to be a legitimate web page
Hijacking and related attacks: Session hijacking
An attack in which an attacker attempts to impersonate the user by using their legitimate session token
Hijacking and related attacks: URL hijacking
Redirects the user to a false website based on misspelling the URL, and is also referred to typosquatting
Hijacking and related attacks: Typosquatting
An alternate name for URL hijacking
Driver manipulation: Shimming
The process of injecting alternate or compensation code into a system in order to alter its operations without changing the original or existing code
Driver manipulation: Refactoring
Rewrites the internal processing of code without changing its behavior.
MAC spoofing
The attacker falsifies the MAC address of a device
IP spoofing:
An intruder uses another site’s IP address to masquerade as a legitimate site
Wireless attacks: Replay
This is a passive attack where the attacker captures wireless data, records it, and then sends it on to the original recipient without them being aware of the attacker’s presence
Wireless attacks: IV (Initialization Vector):
A random number used to increase security by reducing predictability and repeatability
Wireless attacks: Evil twin
Has same SSID (Service Set Identifier) as a proper access point (AP). Once a user connects to it, all wireless traffic goes through it instead of the real AP
Wireless attacks: Rogue AP
An unauthorized WAP (Wireless Access Point) or Wireless Router that allows for attackers to bypass many of the network security configurations and opens the network and its users to attacks
Wireless attacks: Jamming
Disabling a wireless frequency with noise to block the wireless traffic
Wireless attacks: WPS (WiFi Protected Setup):
Allows users to easily configure a wireless network, sometimes by using only a PIN. The PIN can be found through a brute force attack
Wireless attacks: Bluejacking
Sending unauthorized messages to a Bluetooth device
Wireless attacks: Bluesnarfing
Gaining unauthorized access to, or stealing information from a Bluetooth device
Wireless attacks: RFID (Radio Frequency Identifier):
Communicates with a tag placed in or attached to an object using radio signals. Can be jammed with noise interference, the blocking of radio signals, or removing/disabling the tags themselves
Wireless attacks: NFC (Near Field Communication):
A wireless technology that allows for smartphones and other devices to establish communication over a short distance
Wireless attacks: Disassociation
Removes clients from a wireless network
Cryptographic attacks: Birthday
Used to find collisions in hashes and allows the attacker to be able to create the same hash as the user. Exploits that if the same mathematical function is performed on two values and the result is the same, then the original values are the same
Cryptographic attacks: Known plain text/cipher text
- Plain text: The attacker has both the plaintext and its encrypted version.
- Cipher text: The attacker has access only to the encrypted messages.
Cryptographic attacks: Rainbow tables
Large pregenerated data sets of encrypted passwords used in password attacks
Cryptographic attacks: Dictionary
A password attack that creates encrypted versions of common dictionary words and then compares them against those in a stolen password file. Guessing using a list of possible passwords
Cryptographic attacks: Brute force
A password-cracking program that tries every possible combination of characters through A to Z.
Cryptographic attacks: Online vs. offline
- Online: Is against a live logon prompt.
- Offline: The attack is working on their own independent computers to compromise a password hash
Cryptographic attacks: collision
When two different inputs produce the same hash value
Cryptographic attacks: Downgrade
Forces a system to lessen its security, this allows for the attacker to exploit the lesser security control. It is most often associated with cryptographic attacks due to weak implementations of cipher suites. Example is TLS > SSL, a man-in-the-middle POODLE attack exploiting TLS v1.0 - CBC mode
Cryptographic attacks: Replay
The attacker captures network packets and then retransmits them back onto the network to gain unauthorized access
Cryptographic attacks: Weak implementations:
The main cause of failures in modern cryptography systems are because of poor or weak implementations instead of a failure caused by the algorithm itself
Threat actor types: Script kiddies
A person who uses pre-existing code and scripts to hack into machines, because they lack the expertise to write their own.
Threat actor types: Hacktivist
An individual who is someone who misuses computer systems for a socially or politically motivated agenda. They have roots in the hacker culture and ethics. Hacker on a mission
Threat actor types: Organized crime
These are professionals motivated ultimately by profit. They have enough money to buy the best gear and tech. Multiple people perform specific roles: gathering data, managing exploits, and one who actually writes the code
Threat actor types: Nation states/APT
An APT is an advanced persistent threat, these are massive security risks that can cost companies and countries millions of dollars. Nation states have very sophisticated hacking teams that target the security of other nations. They often attack military organizations or large security sites, they also frequently attack power plants
Threat actor types: Insiders
Someone who is inside the company who has intricate knowledge of the company and how its network works. They can pinpoint a specific vulnerability and may even have access to multiple parts of the network
Threat actor types: Competitors
Rival companies, can bring down your network or steal information through espionage
Threat actor types: Level of sophistication:
Is the skill of the hacker and the complexity of the attack
Threat actor types: Resources/funding
The amount of money and the value of the tech and gear being used
Threat actor types: Intent/motivation
The reason for the attack, can be for political, monetary, or social reasons
Threat actor types: Use of open-source intelligence (OSINT)
Data that is collected through publicly available information. This can be used to help make decisions. Can be used by threat actors to help find their next target or how to best attack their target. OSINT is also incredibly helpful for mitigating risks and for identifying new threat actors.
Threat actor types: Internal/external
Internal is inside the company, can be intentional, unintentional, or an act of God. External is someone outside the company trying to get in.
Penetration testing concepts: Active reconnaissance:
Is the use of tools to send data to systems and then understanding their responses. Usually starts with various network and vulnerability scanners. Can be incredibly illegal and should not be engaged without being prepared and proper authorization
Penetration testing concepts: Passive reconnaissance:
You are not touching any of the target’s equipment. Instead you are going through and gathering that is already available. Forums and social media are great sources for gathering information about the company and its employees
Penetration testing concepts: Pivot
In penetration testing it is using a compromised machine to attack other machines on the same network. Attacking and gaining access to an area of lower security in order to be more likely to have a successful attack on an area of greater security. Is also referred to as island hopping
Penetration testing concepts: Initial exploitation
Usually the hardest part. A vulnerability is taken advantage of to get into the network or system
Penetration testing concepts: Persistence
Installing backdoors or methods to keep access to the host or networks
Penetration testing concepts: Black box
You know nothing of the network, you have no prior knowledge
Penetration testing concepts: White box
You are given a network map and you have full knowledge of the configurations allowing you to perform specific tests
Penetration testing concepts: Gray box
Knowledge of the network but not incredibly detailed
Penetration testing concepts: Penetration testing vs. vulnerability scanning:
Penetration testing is an active attack on the network to exploit vulnerabilities, can assess potential damages and the potential of the exploits being found. Is done by a human. Vulnerability scans passively scans and identifies vulnerabilities. Is automated
Penetration testing concepts: Escalation of privilege
Allows for a user to get a higher-level access than what authentication allows for. Can be resolved through patching and updating. Typically related to a bug or vulnerability
Vulnerability scanning concepts: Passively test security controls
Uses an automated vulnerability scanner. Observes and reports findings. Does not take down systems, applications, or services, and doesn’t disrupt business
Vulnerability scanning concepts: Identify vulnerability
Understanding common attacks and taking inventory of vulnerabilities
Vulnerability scanning concepts: Identify lack of security controls
Vulnerability scanners can identify missing patches or antivirus
Vulnerability scanning concepts: Identify common misconfigurations
Weak passwords, default usernames and passwords, and open ports.
Vulnerability scanning concepts: Intrusive vs. non-intrusive
Intrusive testing can interrupt service, is much more detailed, and exploits vulnerabilities. Non-intrusive is more passive, does not exploit vulnerabilities, and does not disrupt service
Vulnerability scanning concepts: Credentialed vs. non-credentialed
Credentialed are done as though it is inside the network, emulates an insider attack. Non-credentialed are done as though it is outside the network, emulates an outside attack. Shows what would be found if the network was scanned
Vulnerability scanning concepts: False positive:
A result which shows incorrectly that a condition or attribute is present. A false vulnerability.
Vulnerability scanning concepts: Identify lack of security controls
Vulnerability scanners can identify missing patches or antivirus
