Chapter 1 - Threats, Attacks, and Vulnerabilities Flashcards
1
Q
Phishing
A
Social Engineering with a touch of spoofing
Usually by mail, text, etc.
Usually something wrong with the URL
2
Q
Smishing (SMS Phishing)
A
Done by text message
Forwards links or asks for personal information
Examples: fake check, phone code verification, boss/ CEO
3
Q
Vishing (Voice Phishing)
A
Done over the phone or voicemail
Caller ID spoofing is common
Examples: fake security checks or bank updates
4
Q
Spam
A
Unsolicited messages
Examples: emails or forums
5
Q
Mail Gateways
A
A filter that identifies spam and throws it away
6
Q
Spam Over Instant Messaging (SPIM)
A
Unsolicited messages over instant messaging
7
Q
Spear Phishing
A
Targeted phishing with inside information
8
Q
Whaling
A
Spear phishing/ targeting the higher ups of a company
Have a ton of information for a bigger catch
9
Q
Dumpster Diving
A
Physically going through a dumpster to find important details (for an attack) people/ companies have thrown out
10
Q
Shoulder Surfing
A
Physically peeking over someone’s shoulder to look at their screen to try and steal information
11
Q
Pharming
A
Redirecting a legit website to a bogus site
Harvest large group of people instead of just one person
12
Q
Tailgating
A
Use an authorized person to gain unauthorized access to a building
13
Q
Eliciting Information
A
Extracting information from the victim
Often used with vishing
14
Q
Prepending
A
Add onto the beginning of a fake URL
Example: “https://pprofessormesser.com”
15
Q
Identity Fraud
A
Someone else using your identity
Examples: credit card, bank, loan, government benefits fraud
16
Q
Invoice Scams
A
Sending a fake invoice to the person/ department paying the bills at a company and the attacker ends up with the payment details
17
Q
Credential Harvesting
A
Attackers collecting login credentials
Opening a document that runs a macro to start harvesting
Called password harvesting
18
Q
Reconnaissance
A
Gather information on the victim
Usually background information
Examples: social media, corporate website
19
Q
Hoax
A
A threat that doesn’t actually exist but seems like it COULD be real
20
Q
Impersonation
A
Attacker pretends to be someone they are not
Uses details from reconnaissance
21
Q
Watering Hole Attack
A
Strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware
Eventually, some member of the targeted group will become infected
22
Q
Typosquatting
A
A type of URL hijacking
Purposely misspelling an URL
Example: “https:professormessor.com”
23
Q
Pretexting
A
Lying to a victim to get information
Example: “Hi, we are calling from Visa regarding…”
24
Q
Influence Campaigns
A
Sway public opinion on political and social issues
25
Influence Campaigns - Hybrid Warfare
A military strategy that can influence elections and fake news
Usually called cyberwarfare
Attack an entity with technology
26
Influence Campaigns - Social Media
Amplifying fake content on social media used by millions of people
27
Social Engineering Principles - Authority
The social engineer is in charge
Example: "I am calling from the off of the CEO..."
28
Social Engineering Principles - Intimidation
Things will be bad if you do not do this
Example: "If you don't help me..."
29
Social Engineering Principles - Consensus/ Social Proof
Convince the victim based on what's normally expected
Example: "Your co-worker, Jill, did this for me..."
30
Social Engineering Principles - Scarcity
The situation will not be this way for long
Example: Must make the change before time expires
31
Social Engineering Principles - Familiarity/ Liking
Someone you know, we have common friends
32
Social Engineering Principles - Trust
Someone who is safe
Example: "I am from IT, I am here to help"
33
Social Engineering Principles - Urgency
Paired with scarcity
Example: Act quickly, don't think
34
Social Engineering Principles
Common methods used to increase social engineering for attacks
35
Defending Waterhole Attack
Defense in depth
Firewalls and IPS
Anti-virus/ anti-malware signature updates
36
Malware
Malicious software used to intend harm and gather information
37
Ransomware
Taking away data and requiring victim to pay to get it back
38
Trojans
Software that pretends to be something else to conquer your computer
39
Worms
Malware that self-replicates itself
Does NOT need to be executed by the user
40
Potentially Unwanted Programs (PUPs)
Usually downloaded by trojans
Software that a user may perceive as unwanted or unnecessary
41
File less Virus
A stealth attack operated in memory
Avoids anti-virus detection and is never installed in a file or application
42
Command and Control
Responsible for sending out commands to bots
43
Bots (Robots)
A type of software application or script that performs automated tasks on command
44
Cryptomalware
Newer generation of ransomware
Uses cryptography to encrypt victim information and sends the victim the key to decrypt if the victim sends them cryptocurrency
45
Logic Bombs
Waits for a predefined moment before attack is executed
Example: time, date, event
46
Keyloggers
A form of malware or hardware that keeps track of and records your keystrokes as you type
47
Remote Access Trojan (RATs)
Installed as a backdoor
Malware use to gain complete control of operating system
48
Rootkit
Modifies files in the foundational building blocks of the operating system (the core)
49
Backdoor
A new way to get into system with out going through front door and as much security
Placed on system through malware
50
Virus
Malware that can reproduce itself
Executed by user when a program is run
Examples: program, boot sector, script, macro viruses
51
Adware
Pop-ups that can cause performance issues on your device
52
Spyware
Malware that spies on you and everything you do
53
Botnets
A group of bots working together
DDoS
54
Spraying Attack
Attacking an account with the top three (or more) passwords
Move on if they do not work so there are no lockouts, alarms, or alerts
55
Dictionary Attack
Using a dictionary to find common words or wordlists
56
Brute Force Attack
Trying every possible password combination until the hash is met
57
Brute Force Attack - Online
Keep trying the login process
Very slow
Might lockout after a certain amount of attempts
58
Brute Force Attack - Offline
Brute forcing the hash
Get a list of users and hashes
Calculate a password hash, compare it to the stored hash
59
Rainbow Table
Pre-built/ calculated set of hashes
Increases speed
60
Plaintext/ Unencrypted
Storing passwords in the "clear"
There is no encryption and you can read the stored password
61
Malicious Universal Serial Bus (USB) Cable
Looks like a normal USB cable but has additional electronics inside
Human Interface Device (HID)
Downloads and installs malicious software
62
Malicious Flash Drive
Looks like a normal flash drive but can cause damage
Load malware documents, boot device, ethernet adapter
63
Card Cloning
Get card details from a skimmer
Create a duplicate of a card
64
Skimming
Stealing credit card information during a normal transaction
65
Tainted Training Data for Machine Learning (ML)
Attackers sending modified training data that causes AI to behave incorrectly
66
Security of Machine Learning Algorithms
Check the training data
Retrain with new data
Train the AI with possible poisoning
67
Evasion Attacks
Used to trick the AI into giving off confidential information
68
Supply Chain Attacks
Attackers can affect the supply chain by infecting different parts without suspicion
One exploit can infect the entire chain
69
Birthday Attack
Finding a hash collision through the effect of chance
70
Collision Attack
Finding two inputs producing the same hash value
71
Downgrade Attack
Having a system downgrade their encryption making it easy to exploit
Could use an on-path attack
72
Privilege Escalation
Gaining higher-level access to a system
More capabilities
73
Cross-Site Scripting (XSS)
Type of injection, in which malicious scripts are injected into otherwise benign and trusted websites
74
Non-persistent (Reflected) Cross-Site Scripting Attack
The injected malicious script is "reflected" off the web server as a response that includes some or all of the input sent to the server as part of the request
75
Persistent (Stored) Cross-Site Scripting Attack
Posting a message to a social network that includes a malicious payload
Posted and propagated to others
76
Code Injection
Adding your own information into a data stream
77
Structured Query Language (SQL) Injection
Inserting an SQL query into regular input or form fields in order to get credentials such as a username or password
78
Extensible Markup Language (XML) Injection
Modify requests and sending data and storing it in a different location
79
Lightweight Directory Access Protocol (LDAP) Injection
Modify requests and gaining directory information you normally would not have access to
80
Dynamic-Link Library Injection
Inject a DLL into an application and have that application run the code for us
81
Buffer Overflows
Overwriting a buffer memory and have it spill over into other memory areas
82
Replay Attacks
Data transfer is maliciously repeated or delayed
*NOT an On-path attack*
83
Cross-Site Request Forgery
Malicious exploit of a website or web application where unauthorized commands are submitted from a user that the web application trusts
84
Pointer/ Object Dereference
Programming technique that references a portion of memory
85
Directory Traversal/ Path Traversal
Reading files from a web server that are outside the website's file directory
86
Race Conditions
Two commands happening at the same time without being planned for
87
Error Handling
Giving just enough information when an error is made so an attacker exploit the system
88
Improper Input Handling
Finding input that can be malicious so an attack can be executed
89
Session Replays
Reproduction of a user's interactions on a website or web application exactly how the user actually experienced it
90
Integer Overflow
When you attempt to store inside an integer variable a value that is larger than the maximum value the variable can hold
91
Server-Side Request Forgery
Attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker
92
Application Programming Interface (API) Attacks
The malicious usage or attempted usage of an API from automated threats such as access violations, bot attacks or abuse
93
Resource Exhaustion
Happens when a system or system user uses up all the available resources that the system has, leading it to be completely drained
Specialized DoS attack
Zip Bomb
94
Memory Leak
When unused memory is not properly released, begins to grow in size, eventually uses all available memory, and the system crashes
95
Secure Sockets Layer (SSL) Stripping
Combines on-path attack with a downgrade attack
Type of cyberattack in which an attacker downgrades a website from secure HTTPS to an insecure HTTP connection
96
Driver Manipulation
The alteration of system drivers to achieve a malicious outcome
97
Shimming
Filling in the space between two objects (middleman)
Inserting a layer between an application and the operating system to modify the behavior of the application
98
Refactoring
Appears different each time malware is downloaded
Add loops, points string codes, etc.
Can intelligently redesign itself
99
Pass the Hash (PtH)
Type of cybersecurity attack in which an attacker steals a “hashed” user credential and uses it to create a new user session on the same network
100
Time-of-check to Time-of-use Attack (TOCTOU)
Race condition that occurs when a resource is checked for a particular value, such as whether a file exists or not, and that value then changes before the resource is used, invalidating the results of the check
101
Evil Twin
Access point that looks like an existing network
Wireless version of phishing
102
Rogue Access Point
Unauthorized wireless access point
Not necessarily malicious
Potential backdoor
103
Bluesnarfing
Access a Bluetooth device and transfer data
Examples: contact list, calendar, emails, pictures, videos, etc.
104
Bluejacking
Sending unsolicited messages to another device via Bluetooth
105
Disassociation
Cyberattack where a hacker forces a device to lose internet connectivity either temporarily or for an extended time
Wireless DoS attack
106
Jamming
Prevent wireless communication by transmitting interfering wireless signals
DoS
Could be accidental: microwaves, lights, etc.
107
Radio Frequency Identification (RFID)
Electromagnetic fields to automatically identify and track tags attached to objects
Examples: access badges, pet/ animal identification, etc.
108
Near-field Communication (NFC)
Set of communication protocols that enables communication between two electronic devices over a short distance
109
Initialization Vector (IV)
A type of nonce
Used for randomizing an encryption scheme
Examples: encryption ciphers, WEP, SSL implementations
110
On-Path Network Attack (man-in-the-middle attack/ main-in-the-browser attack)
When an aggressor sits in the center between two stations and can catch, and sometimes, change that data that is being sent intelligently across the organization
111
Address Resolution Protocol (ARP) Poisoning
A form of spoofing attack that hackers use to intercept data
Used by attacker in an on-path attack
112
Media Access Control (MAC) Flooding
The flooding of MAC addresses in the MAC table forcing out the legitimate MAC addresses
Switch begins flooding traffic to all interfaces
Switch turns into a hub and all traffic is transmitted to all interfaces
113
MAC Cloning
Attacker changes their MAC address to match the MAC address of an existing device
114
Domain Hijacking
Getting access to the domain registration letting you have control where the traffic goes
115
DNS Poisoning
When fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website
116
Uniform Resource Locator (URL) Redirection
Vulnerability which allows an attacker to force users of your application to an untrusted external site
Click a link and get sent to a malicious site
117
Domain Reputation
The health or condition of your branded domain
Example: email - might not be able to send or receive emails
118
Domain Name System
The system by which internet domain names and addresses are tracked and regulated
119
Distributed Denial-of-service (DDoS)
An army of computer to overload and bring down a service
Use all bandwidth or resources
120
Application DoS
Making an application break or work harder
Examples: fill disk space, overuse of resources, increase response time
121
Operational Technology (OT) DoS
Overload the hardware and software for industrial equipment
Examples: Power grids, traffic lights, etc.
122
PowerShell (Malicious Code)
Attacks windows systems by accessing domains and files
.ps1 file extension
123
Python (Malicious Code)
Attacks infrastructure (routers, switches, servers) and used for cloud orchestration
.py file extension
124
Bash (Malicious Code)
Used in shell script to attack the Linux/ Unix environment (web, database, etc.)
.sh file extension
125
Macros (Malicious Code)
Use to automate functions and make application easier to use
Attackers create automated exploits by the user opening the file and have the macro run
126
Visual Basic for Applications (VBA) (Malicious Code)
Automates processes within Windows applications
CVE-2010-0815 / MS10-031 - Allows arbitrary code embedded in a document to run
127
On-Path Browser Attack
An aggressor is on the same computer as the victim using malware that takes information from victim
128
Denial of Service
Overload a service and force it to fail
129
Advanced Persistent Threat (APT)
Attackers being in the network and undetected for a long while to get highly sensitive data
130
Insider Threats
A threat to an organization that comes from people within the organization, such as employees or former employees who have inside information concerning the organization's security practices, data and computer systems
131
State Actors
People or groups who use their technology skills to facilitate hacking, sabotage, theft, misinformation and other operations on behalf of a country
132
Hacktivists
A hacker that has a purpose of social change or with a political agenda
133
Script Kiddies
An unsophisticated attacker who runs pre-made scripts without any knowledge of what's really happening
134
Criminal Syndicates
Professional criminals doing organized crime motivated by money
135
Hackers
Person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle
136
Hackers (authorized)
An ethical hacker with good intentions and has permission to hack
137
Hackers (unauthorized)
A malicious hacker who violates security for personal gain
138
Hackers (semi-authorized)
A hacker who finds a vulnerability but doesn't use it
139
Shadow IT
The use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization
140
Competitors (Threat Actor)
A different organization having negative intents against your company by trying to take information or corrupt databases
141
Attributes of Actors
Internal/ external, level of sophistication/ capability, resources/ funding, intent/ motivation
142
Attack Vectors
A method used by the attacker to gain access or infect the target
143
Attack Vectors (Direct Access)
Physically accessing the data center and modifying the operating system
Examples: keylogger, transfer files, DoS, etc.
144
Attack Vectors (Wireless)
Modifying the access point of configuration
Examples: rogue access point, evil twin, etc.
145
Attack Vectors (Email)
Using an email to attack someone
Examples: phishing, delivery of malware, etc.
146
Attack Vectors (Supply Chain)
Tamper with underlying infrastructure or manufacturing process
147
Attack Vectors (Social Media)
Putting personal information online and using it against the user
Examples: user profiling
148
Attack Vectors (Removable Media)
Using attacks to remove media from systems
Examples: USB, flash drive, data exfiltration
149
Attack Vectors (Cloud)
Using security misconfigurations against applications and services
Examples: Brute force, orchestration attacks, DoS
150
Open-source Intelligence (OSINT)
Researching threat using public open-source resources
Examples: Internet, government data, commercial data
151
Closed/ Proprietary Intelligence
The purchase of compiled threat information someone else already has
152
Vulnerability Databases
Places where vulnerabilities can be researched
Examples: common vulnerabilities and exposures (CVE)
153
Public/ Private Information Sharing Centers
Provides a central resource for gathering information on cyber and related threats to critical infrastructure and providing two-way sharing of information between the private and public sectors
154
Dark Web
Overlay networks that use the Internet but require specific software, configurations, or authorization to access
155
Indicators of Compromise (IOC)
An event that indicates an intrusion
Examples: uncommon login patterns, unusual amount of connectivity
156
Automated Indicator Sharing (AIS)
A way for the intelligence industry to share important threat data or indicators
157
Structured Threat Information eXpression (STIX)
Describes cyber threat information
Examples: motivations, abilities, capabilities, etc.
158
Trusted Automated eXchange of Intelligence Information (TAXII)
Securely shares the STIX data over HTTPS
159
Predictive Analysis
Analyze a large amount of data, identify behaviors, and create a forecast for potential attacks
160
Threat Maps
A map created from real attack data to identify attacks and trends
161
File/ Code Repositories
Places to see code of what hackers are building and what people are accidentally releasing
Examples: GitHub
162
Threat Research
Seeking out potential risks and delivering insights to take action
163
Vendor Websites (research sources)
Them knowing when problems occur
164
Vulnerability Feeds (research sources)
Automated vulnerability notifications for when threats occur
165
Conferences (research sources)
A place to gathering information from other professionals about attacks
166
Academic Journals (research sources)
Research from academic professionals about security technologies
167
Request for Comments (RFC) (research sources)
Document that contains specifications and organizational notes about topics related to the internet and computer networking, such as routing, addressing and transport technologies
168
Local Industry Groups (research sources)
A gathering of local peers for shared industry and technology insights
169
Social Media (research sources)
Profiles with group conversations - professionals discussing details
170
Threat Feeds (research sources)
Monitoring threat announcements to stay informed
Examples: U.S. department of homeland security, etc.
171
Adversary Tactics, Techniques, and Procedures (TTP)
Describe the behaviors, strategies and methods used by attackers to develop and execute cyber attacks on enterprise networks
172
Threat Intelligence
Research threats and threat actors so you can make educated decisions and preventions
173
Zero-day Attacks
An attack that has not been discovered yet
174
Open Permissions
No security on data allowing attackers to perform actions that exploit and system
175
Unsecure Root Accounts
Vulnerable to takeover due to poor security configuration
Example: weak passwords
176
Errors
Messages that can provide useful information to an attacker
Examples: service type, version information, debug data
177
Weak Encryption
The uses a key of insufficient length making it easier to attack
178
Insecure Protocols
A protocol that introduces security concerns due to the lack of controls over confidentiality and/or integrity
179
Default Settings
Having preset credentials allowing access to all configurations
180
Open Ports and Services
Services open ports in which provides a pathway for attackers to exploit vulnerabilities in your system
Defend with a firewall
181
Third-Party Risks
The risk of outsourcing certain services or use software built by third parties to accomplish certain tasks
182
System Integration Risk
The potential for integration of technology, processes, information, departments or organizations to fail
183
Lack of Vendor Support Risk
Vendors not taking initiative to fix their products
184
Supply Chain Risk
The implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity
185
Outsourced Code Development
Hiring a third-party service provider to handle software development projects
186
Data Storage
Storing data with a third-party trust?
187
Improper Patch Management
The process of not distributing and applying updates to software
188
Firmware Patch Management
The BIOS of the device
189
Operating System Patch Management
Monthly and on-demand patches
190
Applications Patch Management
Provided by the manufacturer as needed
191
Legacy Platforms
An outdated computer system still in use
192
Impacts to Third-Party Risks
Data loss, data breaches, data exfiltration, identity theft, financial, reputation, availability loss
193
Threat Hunting
The practice of proactively searching for cyber threats that are lurking undetected in a network
194
Intelligence Fusion
Combining pieces of information to produce higher-quality information, knowledge, and understanding
195
Maneuver
Application of force to capture, disrupt, deny, degrade, destroy or manipulate computing and information resources in order to achieve a position of advantage in respect to competitors
196
Vulnerability Scans
Scanning used to discover the weaknesses of a given system
197
False Positive Scans
A vulnerability that was identified but doesn't really exist
198
False Negatives Scans
A vulnerability exists, but wasn't detected
199
Vulnerability Scan Log Review
The process of discovering, analyzing, and reporting on security flaws and vulnerabilities of what the scanner picked up
200
Credentialed Scans vs. Non-credentialed Scans
Credentialed scans - normal user, emulating an insider attack
Non-credentialed scans - The scanner can't login to the remote device
201
Intrusive Scans vs. Non-intrusive Scans
Intrusive scans - You'll try out the vulnerability to see if it works
Non-intrusive scans - Gather information, don't try to exploit a vulnerability
202
Application Scans
Desktop, mobile apps
203
Web Application Scans
Software on a web server
204
Network Scans
Misconfigured firewalls, open ports, vulnerable devices
205
Common Vulnerabilities and Exposures (CVE)/ Common Vulnerability Scoring System (CVSS)
Provides a reference method for publicly known information-security vulnerabilities and exposures
206
Configuration Review
Validating the security of device configurations
207
Security Information and Event Management (SIEM)
Logging of security events and information
208
Syslog
Standard for message logging (integrated in SIEM)
209
SIEM - Packet Capture
Can intercept and log traffic that passes over a computer network or part of a network
210
SIEM - Data Inputs
Server authentication attempts
VPN connections
Firewall log sessions
Denied outbound traffic flows
Network utilizations
211
SIEM - User and Entity Behavior Analysis (UBEA)
Cybersecurity solution that uses algorithms and machine learning to detect anomalies in the behavior of not only the users in a corporate network but also the routers, servers, and endpoints in that network
212
SIEM - Sentiment Analysis
The process of analyzing digital text to determine if the emotional tone of the message is positive, negative, or neutral
213
SIEM - Security Monitoring
Automated process of collecting and analyzing indicators of potential security threats, then triaging these threats with appropriate action
214
SIEM - Log Aggregation
Mechanism for capturing, normalizing, and consolidating logs from different sources to a centralized platform for correlating and analyzing the data
215
SIEM - Log Collectors
Collecting real-time log data within an organization's network and bringing them together in a central location for better analysis
216
Security Orchestration, Automation, and Response (SOAR)
Software solution that enables security teams to integrate and coordinate separate tools into streamlined threat response workflows
217
SOAR - Orchestration
Connect many different tools together
Examples: firewalls, account management, email filters, etc.
218
SOAR - Automation
Handle security tasks automatically
219
SOAR - Response
Make changes immediately
220
Penetration Testing (Pentest)
Authorized simulated cyberattack on a computer system, performed to evaluate the security of the system
221
Pentest - Known Environment
Performed by a security expert trained to identify and document issues that are present in an environment
222
Pentest - Unknown Environment
Performed by a security expert that knows nothing about the systems under attack
"Blind" test
223
Pentest - Partially Known Environment
Performed by a security expert that has partial knowledge or access to an internal network or web application
224
Pentest - Rules of Engagement
Meant to list out the specifics of your penetration testing project to ensure that both the client and the engineers working on a project know exactly what is being testing, when its being tested, and how its being tested
225
Pentest - Lateral Movement
Once in the network, can move from system to system
226
Pentest - Persistence
Once in a system, you need to make sure there is a way back in
Examples: backdoor, change passwords, etc.
227
Pentest - Cleanup
Removing all malicious activity from the pentest attack, leave the network in its original state
Examples: remove backdoors, change passwords back
228
Bug Bounty
A reward offered to a person who identifies an error or vulnerability in a computer program or system
229
Pivoting
Using a compromised system to spread between different computer systems once inside the network, simulating the behavior of a real attacker
230
Passive Reconnaissance
Attempt to gain information about targeted computers and networks without actively engaging with the systems
231
Active Reconnaissance
Attempt to gain information about targeted computers and networks by actively engaging with the systems
232
War Flying
Used with a drone and a wireless network detector to find wifi wireless network locations
233
Active Footprinting
Process of using tools and techniques, like using the traceroute commands or a ping sweep -- Internet Control Message Protocol sweep -- to collect data about a specific target
234
Passive Footprinting
Collecting data without actively engaging with the target system
235
Open Source Intelligence (OSINT)
The collection and analysis of information from many open sources
236
War Driving
Drive around with a wireless network detector to find wifi wireless network locations
237
Red Team
The offensive security team
Hired ethical hackers
238
Blue Team
The defensive security team
239
White Team
Not on a team
Manages the interactions between the red teams and blue teams
Referees
240
Purple Team
Red and blue teams working together
Both share their findings to see how it can benefit the organization
