Chapter 8: Social Engineering and Attacks

Question 1

two types active and passive; passive is where the attacker researches your company and collect information that will be used at a later stage. Active is where the attacker interacts with the user or their desktop—someone has your username and tries to reset the password

Answer 1

Reconnaissance

Question 2

campaigns are a social engineering attack to influence people form countries all over the world—two types: social media and hybrid warfare

Answer 2

Influence Campaigns

Question 3

carried out by state actors to influence the balance of power in a country using military political economic or civil means

Answer 3

Hybrid warfare

Question 4

when someone removes the trash from your trash in hopes of finding a letter that holds PII that can be used to commit fraud.

Answer 4

Dumpster Diving

Question 5

involves a person standing behind someone who is using a computer so that they can see sensitive information

Answer 5

Shoulder surfing

Question 6

companies in the same industry visit similar websites. Therefore, attackers identify a website that people in a particular industry are likely to visit and then infect with a virus.

Answer 6

Watering Hole Attack

Question 7

this is a DNS redirection attack where either the DNS cache has been poisoned or an entry is placed in your hosts file. The victim is redirected to a fraudulent website.

Answer 7

Pharming

Question 8

Types of Social Engineering

Answer 8

Authority: email may be sent out by someone of a higher authority ordering you to complete a form that can be accessed by clicking a link.

Intimidation: someone pretending to be someone of high authority. They then threaten an individual telling them they are in trouble if don’t do what they are told.

Urgency: someone arriving at a reception desk and demanding access quickly.
Scarcity: panic to make a snap decision. “Only one room left”

Familiarity and Trust: hackers make themselves familiar to their victims; they come around a lot bringing them boxes of chocolates and eventually they become trusted

Consensus: people like to be accepted by peers and coworkers. An attacker might ask for some information and state that they obtained it last week from a coworker and need an update on it.

Question 9

has no information because they are not authorized by the company
-hacker

Answer 9

Black Hat

Question 10

is provided with limited information from the company because may be participating in the bug bounty program-may be known as ethical hackers

Answer 10

Gray Hat

Question 11

is an ethical hacker who is employed by the company to test applications for flaws and vulnerabilities.

Answer 11

White Hat

Question 12

external threat actor who defaces your website or breaks into your computer or network. They are politically motivated and seek social change.

Answer 12

Hactivists

Question 13

this is where people plug their own computers and devices into your network without your consent.

Answer 13

Shadow IT

Question 14

person who does not have expert technical knowledge and uses script and code that they find to launch an attack on your company

Answer 14

Script Kiddie

Question 15

another country that poses a threat to your country

Answer 15

State Actors

Question 16

external threat that tries to steal data from your network but they are there for an extremely long period of time. They are well organized well funded and sophisticated

Answer 16

Advanced Persistent Threat (APT)

Question 17

Target mainly to steal money

Answer 17

Criminal Syndicates

Question 18

disgruntled employee that may have been overlooked for promotion and relationship with company has gone sour.

Answer 18

Insider Threat

Question 19

start by using all the words in the oxford English Dictionary and use them to try and crack passwords, but misspelled names or passwords with special characters cant be cracked.
-could crack elasticity but not el@sticity

Answer 19

Dictionary Attacks

Question 20

runs though all the different combinations of letters and characters and will eventually crack a given password. The length of the password may slow down such an attack, but will eventually be cracked.

Answer 20

Brute Force Attacks

Question 21

is a combination of both a dictionary and a brute force attack

Answer 21

Hybrid Attack

Question 22

password spraying uses the most common password in a type of reverse brute force attack. The hacker first searches the internet for people who work within an organization and see whether they can work out the standard naming convention.

Answer 22

Spraying Attack

Question 23

this is where an attacker navigates through a structure of a web server moving from page to page searching for login details. It is known to use …/ to navigate through the directory structure.

Answer 23

Directory Traversal

Question 24

can also be called “skimming” where a credit card has been put through a card cloning machine. The most common places for these devices are ATMs or when you pay a bill at a restaurant

Answer 24

Card Cloning

Question 25

the attacker intercepts traffic going between two hosts then changes the information in the packets in real time.

Answer 25

Man in the Middle Attack (MITM)

Question 26

where a malicious plugin or script has been downloaded and the browser has been compromised. It acts like a trojan.

Answer 26

Man in the Browser Attack (MITB)

Question 27

is an on path attack that intercepts data but replays it at a later date

Answer 27

replay attack

Question 28

when a user visits a website a Session ID is set up between the user and the webserver. This information can be stored in a cookie and is present in the traffic going between the user and the website. The attacker can steal a cookie or can use a protocol analyzer and capture the Session ID from HTTP packets.

Answer 28

Session Replay Attack

Question 29

where the victim’s machine or network is flooded with a high volume of requests from another host so that it is not available for any other host to use. A common method is to use SYN flood attacks, where the first two parts of the three way handshake occur

Answer 29

DoS Attack

Question 30

when an exploit is found but at the time there is no solution to prevent it.

Answer 30

zero day attack

Question 31

this is where an attacker gains access to the network via a vulnerable host. It then attacks a critical server such as a domain controller or a database server. In a virtual world it would be called a Virtual Escape.

Answer 31

Pivoting

Question 32

older operating systems such as Windows NT 4.0 stored the password locally and it was hashed with MD4. Attackers used to use a rainbow table to complete a hash collision attack, an alternative would be the hashcat tool. Prevent pass the hash attacks by disabling NTLM

Answer 32

Pass the Hash Attack

Question 33

operates at layer 2 of the OSI using MAC addressed. It is an attack which a LAN is flooded with fake MAC addresses so that they can be linked to legitimate addresses

Answer 33

ARP Poisoning

Question 34

is the theft of a MAC address of another networked device, which is then used to gain access to the network.

Answer 34

MAC Spoofing Attack

Question 35

this is where an attacker floods a switch with a fake IP address to port mapping so that it consumes limited memory that a switch has.

Answer 35

MAC Flooding

Question 36

attack where an attacker wants to grant themselves more permissions than they are entitled to.

Answer 36

Privilege Escalation

Question 37

this is used when you want to pretend to be a different device, so you can connect to a network device or bypass the security on a captive portal

Answer 37

MAC Cloning Spoofing

Question 38

is the modification of the Internet Protocol packet using a fake IP address to mask the identity of the sender. This prevents the attacker from being traced when they carry out a malicious attack.

Answer 38

IP Spoofing

Question 39

this is an attack where the attackers carry out an SSL downgrade attack, where they manage to bypass the certificate based protection and turn the session into an HTTP attack.

Answer 39

SSL Stripping

Question 40

this is where an attack on the application consumes all available memory and CPU cores. It could also be where all IP addresses have been allocated on a DHCP server.

Answer 40

Resource Exhaustion

Question 41

this is a technique used for running code within the address space of another process by forcing it to load a DLL. This makes the application run differently from how it was designed to. You could install a malware DLL in another process

Answer 41

Dynamic Link Library Injection (DLL)

Question 42

The user must be authenticated to the webserver where the user clicks on a link, like, or share button to perform an action.

Answer 42

Cross Site Request Forgery (CSRF)

Question 43

will use a web application as their attack vector to create a packet from a backend server to look as if it has come from the localhost. The request looks if it has come from the server itself and will try and access the contents of the /etc/passwd file.

Answer 43

Server Side Request Forgery (SSRF)

Question 44

is when a user injects a malicious code into another user’s browser. It uses both HTML tags and JavaScript. The following is a very simple server side script to dis-play the latest comments.

Answer 44

Cross Site Scripting (XSS)

Question 45

occurs when a program tries to store more data than it can hold in a temporary memory storage area.

Answer 45

buffer overflow

Question 46

is a condition that occurs when the result of an arithmetic operation, such as multiplication or addition, exceeds the maximum size of the integer type used to store it.

Answer 46

integer overflow

Question 47

when you use SQL database, you can run queries against the SQL database using Transact SQL.

Answer 47

SQL Injection Attack

Question 48

applications have a tendency to create errors and the applications themselves do not validate the information returned in errors.

Answer 48

Improper Error Handling

Question 49

is where data is entered either using a web page or wizard; both are set up to only accept data in the correct format within a range of minimum and maximum values.

Answer 49

Input Validation

Question 50

is where an attacker takes control of a Bluetooth device such as a phone. They are then able to make phone calls and send texts

Answer 50

Bluejacking

Question 51

an attacker hijacks a Bluetooth phone but they extract contact details and any sensitive information.

Answer 51

Bluesnarfing

Question 52

is when someone tries to change domain registration of a domain with the internet authorities so they can control it for profit.

Answer 52

Domain Hijacking

Question 53

is a process in which a website is falsely removed from the results of a search engine and replaced by another web page that links to the remote page

Answer 53

URL Hijacking

Question 54

this is where an attacker redirects you from a legitimate website to a fraudulent website

Answer 54

URL Redirection

Question 55

hackers creates websites with characters transposed to redirect a users session to a fraudulent website. This is known as URL hijacking.

Answer 55

Typosquatting

Question 56

process of changing an applications code to avoid detection by anti virus software while still retaining its attack functionality

Answer 56

Refactoring

Question 57

small library that is transparently intercepts API calls and changes the arguments passed

Answer 57

Shimming

Question 58

the birthday paradox states that in a random gathering of 23 people, there is 50 percent change that two people will have the same birthday. If we store passwords as hashes all the password that are the same will produce the same hash if we use the same hashing algorithm

Answer 58

Birthday Attack

Question 59

lists of pre computer passwords with corresponding hash. You can obtain free rainbow tables from the internet

Answer 59

Rainbow Tables

Question 60

Open Permissions/Unsecure Root Accounts/Errors/Weak Encryption/Default Settings/Open Ports and Services

Answer 60

Weak Configurations