Breaches

Question 1

What is a zero-day exploit?

Answer 1

A previously unknown vulnerability in a system that the vendor has not yet patched. They are often exploited by attackers.

Question 2

What is a worm?

Answer 2

Malware that can self-replicate to spread to other uninfected computers while staying active on the currently infected systems.

Question 3

What is a vulnerability?

Answer 3

A flaw in hardware or software that an attacker could exploit.

Question 4

What is a virus?

Answer 4

A type of computer program that replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be “infected.”

Question 5

What is a trojan?

Answer 5

A type of malware that disguises itself as legitimate software.

Question 6

What is suspicious activity?

Answer 6

Activity that can be seen as potentially malicious, but could also have legitimate uses. For example, an IP address that is scanning a system could be from an attacker, or could be from a harmless program.

Question 7

What is SQL injection?

Answer 7

A web attack technique that exploits vulnerabilities in websites, allowing an attacker to query the underlying database and access information.

Question 8

What is spyware?

Answer 8

A type of malware that enables a user to obtain information about another user’s computer activities by transmitting data covertly from their hard drive.

Question 9

What is spoofing?

Answer 9

The act of modifying traffic or network information to impersonate another system.

Question 10

What is scareware?

Answer 10

A malware tactic that uses pop-up ads and social engineering to manipulate individuals into believing they need to download or buy software that may appear legitimate, but could contain malware.

Question 11

What is scanning?

Answer 11

Searching for vulnerabilities on a computer network or internet service using a program (remote scanner).

Question 12

What is a rootkit?

Answer 12

A set of tools installed on a system that enables an attacker to gain control of that system without being detected.

Question 13

What is remote code execution?

Answer 13

Used to describe a vulnerability that can be exploited without physical access to the device.

Question 14

What is ransomware?

Answer 14

A type of malware designed to block access to a computer system or files until the ransom amount is paid.

Question 15

What is Ransomware-as-a-Service?

Answer 15

A ransomware developer sells or leases their ransomware variants to individuals or groups who then use it to carry out attacks. RaaS reduces the cost to perform ransomware attacks and can provide 24x7 customer support and a platform for managing the malware.

Question 16

What is proxy malware?

Answer 16

Malware that turns infected systems into intermediaries and allows network traffic to go through them.

Question 17

What is a payload?

Answer 17

Malware that an attacker delivers to a victim.

Question 18

What is pentesting?

Answer 18

A security exercise that simulates a cyberattack to check for vulnerabilities that an attacker could take advantage of.

Question 19

What is malware?

Answer 19

A program, software, or firmware intended to perform an unauthorized action that adversely impacts the confidentiality, integrity, or availability of a system.

Question 20

What is a kill chain?

Answer 20

The process threat actors use for attacking a system. It consists of researching targets, weaponization of malware specific to the target, deployment techniques, exploiting vulnerabilities in specific software, installing malware, command and control establishment, and completing objectives.

Question 21

What is a honeypot?

Answer 21

A term used to describe a computer, server, or network that appears legitimate, and contains information or resources of value to attackers. Researchers use these to map how attackers behave.

Question 22

What is an information disclosure attack?

Answer 22

An attack that takes advantage of vulnerabilities (insufficient protection of data, displaying of information in error messages, etc.) in web applications to retrieve information that could be stolen or used for further exploitation attempts.

Question 23

What is an exploit?

Answer 23

Any object (ex: a program, piece of code, etc.) that can take advantage of a vulnerability in a program or operating system.

Question 24

What is DNS hijacking / DNS redirection?

Answer 24

A type of attack where Domain Name Systems (DNS) queries are redirected to send users to malicious sites. Attackers can install malware on user computers, take over routers, or intercept DNS communication directly.

Question 25

What is a drive-by download?

Answer 25

Content is automatically downloaded when a web page is loaded by the web browser. These downloads are usually unintentional.

Question 26

What is domain hijacking?

Answer 26

An attack where a web address is stolen.

Question 27

What is distributed denial of service?

Answer 27

Multiple systems are used to disrupt service or internet connection by flooding it with useless information.

Question 28

What is a dictionary attack?

Answer 28

Password guessing attempts using files that contain lists of common passwords.

Question 29

What is denial of service?

Answer 29

A single system is used to disrupt the internet use of a user or service by flooding its connection with useless information.

Question 30

What is defacement?

Answer 30

An attack that changes the visual appearance of a website (the digital version of graffiti) and potentially adds malware to it.

Question 31

What is data loss?

Answer 31

The loss of data caused by an error or malicious activity.

Question 32

What is data leakage?

Answer 32

Unauthorized transfer of information from a computer or data center to the outside world.

Question 33

What is a command and control server?

Answer 33

A server controlled by attackers that is responsible for sending commands to infected machines.

Question 34

What is a buffer overflow?

Answer 34

A vulnerability in which more information can be entered in a device’s memory than is reserved for the program. Attackers exploit this vulnerability to execute malicious code or gain access to other parts of a targeted system.

Question 35

What is a brute force password attack?

Answer 35

An attack designed to guess login credentials by cycling through every possible combination of letters, numbers, and characters. Complex passwords would require a significant amount of time to guess correctly.

Question 36

What is a botnet?

Answer 36

A collection of systems infected with malware that receive instructions to link up and conduct malicious activity. Botnets can consist of hundreds of thousands of infected machines, and are commonly used to mine Bitcoins and launch Distributed Denial of Service (DDoS) attacks.

Question 37

What is a backdoor?

Answer 37

Any method by which an authorized or unauthorized user can gain root access to a network or computer system.

Question 38

What is an attack vector?

Answer 38

The method used by an attacker to access or penetrate a system.

Question 39

What is adware?

Answer 39

A type of malware that generates pop-up advertisements, or links to ad-laden web pages, to generate illegitimate revenue.

Question 40

What are web server vulnerabilities?

Answer 40

1. web servers are exposed publicly or designed to be connect to, making them a good place to connect through a firewall
2. they may have permissions to access more files than they should so there is potential for lateral movement
3. often connected with dynamic capabilities provided by PHP or other interpreters allowing an attacker to supply their own code or modify functionality
4. other users may visit the page so they can be compromised and used to target other users
5. often connected to databases so attacker may be able to steal usernames, passwords, emails, credit card details, etc
6. can be used to get access to the operating system when developers leave code artifacts or code repositories on a web server and pivot to other workstations
7. where web server is hosted by a third party, an attacker may be able to hack other web sites on that server

Question 41

What are web server analytics?

Answer 41

Data collected about the system, application and users interactions and logged remotely; can be automated or managed with an API. Analytics tell the website owner how many connections are being received and potentially where they originate, how long users are on the website, where they go, how long it takes to get there, whether they came from a link or not. Helps to understand traffic flow. Can be used for anomaly detection

Question 42

Why are web page response codes important in security?

Answer 42

Codes are useful to attackers as they can indicate whether there is a firewall and how things are configured on the web server e.g. 500 Internal Server Error typically happens due to bad code or failure to handle data or an exception

Question 43

How to secure a web server?

Answer 43

Default configuration is usually sufficient but ensure that these are appropriate for the number of workers (Apache usually set low so needs to be increased)
Enable HTTPS to ensure that communications are encrypted
Validate web server permissions so that users are not given too much access because they are added to groups with real power
Disable banner and versioning so that the signature is not available to attackers
Use vendor checklists
Use CIS Benchmarks
Ensure security certificates are up to date