CHP 13 Flashcards
WMI
Windows Management Instrumentation (WMI)
VBA
Visual Basic for Applications (VBA)
DLL
A Dynamic Link Library (DLL) is a file used in Windows operating systems that contains code and data that can be used by multiple programs simultaneously.
Third Party Cookies
third-party cookies can be used to record web activity, track the user’s IP address, and harvest various other metadata, such as search queries and information about the browser software and configuration.
Super Cookie
A supercookie is a type of tracking mechanism used by websites and advertisers to collect information about your online activities. Unlike regular cookies, which are stored in your web browser and can be easily deleted or blocked, supercookies use less obvious methods to track you, making them harder to detect and remove.
A Beacon
A beacon, often referred to as a web beacon or tracking pixel, is a small, invisible image embedded into a website or an email. It’s typically just 1x1 pixel in size, making it virtually undetectable to users. Despite its tiny size, it plays a significant role in tracking and collecting data about user interactions.
Spyware technique
another spyware technique is to perform DNS redirection to pharming sites.
UAC
User Account Control (UAC) is a security feature in Windows that helps prevent unauthorized changes to the operating system.
Concurrent Session Usage
A potential indicator of malicious activity where an account has started multiple sessions on one or more hosts.
SYN Flood Attack
A DoS attack where the attacker sends numerous SYN requests to a target server, hoping to consume enough resources to prevent the transfer of legitimate traffic.
Think “Too many handshakes for the computer to handle”
Asymmetric Threat
An asymmetric threat is a type of security challenge where a threat actor (like a hacker or a terrorist) can cause significant damage or disruption despite having fewer resources, less technology, or weaker capabilities compared to their target (like a government or a large organization).
Amplification Attack
An amplification attack is a type of cyberattack where an attacker exploits certain protocols or services to amplify the amount of traffic they send to a target, causing a denial of service (DoS) or distributed denial of service (DDoS) attack.
CLDAP
Connectionless Lightweight Directory Access Protocol (CLDAP) is a protocol used to query and manage directory services (like user databases) without establishing a dedicated connection. Here’s a simple breakdown:
Purpose: Allows quick lookups of information (like user names, emails) from a directory service
NTP
Network Time Protocol (NTP) is a protocol used to synchronize the clocks of computers over a network.
AitM
An Adversary-in-the-Middle (AitM) attack, also known as a Man-in-the-Middle (MitM) attack, is a type of cyberattack where the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other.
ARP Attack
An Address Resolution Protocol (ARP) attack, also known as ARP spoofing or ARP poisoning, is a type of cyberattack where an attacker sends false ARP (Address Resolution Protocol) messages over a local network. This misleads the network devices to associate the attacker’s MAC (Media Access Control) address with the IP address of another device, typically the default gateway. As a result, the attacker can intercept, modify, or stop data being sent across the network.
DNS Poisoning
DNS poisoning, also known as DNS spoofing, is a type of cyberattack where an attacker corrupts the Domain Name System (DNS) cache with false information. This causes DNS servers to return incorrect IP addresses, redirecting users to malicious websites without their knowledge. The goal of DNS poisoning is often to steal sensitive information, distribute malware, or disrupt services.
Disassociation Attack
A disassociation attack is a type of denial-of-service attack that targets wireless networks. The attacker sends forged disassociation frames to disconnect devices from the network, disrupting their communication and causing service interruptions.
Online Password Attack
An online password attack occurs when an attacker attempts to gain access to a system by interacting directly with the login interface in real-time. This type of attack involves trying different passwords or password combinations directly against a live system.
Offline Password Attack
An offline password attack occurs when an attacker has gained access to a database or file containing encrypted or hashed passwords and attempts to crack them without interacting with the live system.
An offline attack means that the attacker has managed to obtain a database of password hashes, such as %SystemRoot%\System32\config\SAM , %SystemRoot%\NTDS\NTDS.DIT or /etc/shadow
Arbitrary Code Execution
Arbitrary code execution is a serious security vulnerability that allows an attacker to run any code or commands on a target system.
Vertical privilege escalation
When an attacker can perform functions that are normally assigned to users in higher roles, and often explicitly denied to the attacker.
Horizontal privilege escalation
When a user accesses or modifies specific resources that they are not entitled to.
CSRF
Cross-Site Request Forgery (CSRF) is a type of web security vulnerability where an attacker tricks a user into performing actions on a web application in which they are authenticated. This is done without the user’s knowledge or consent, leading to unintended actions like changing account details, making unauthorized transactions, or changing passwords
SSRF
Server-Side Request Forgery (SSRF) is a type of security vulnerability where an attacker tricks a server into making unauthorized requests to external or internal resources on behalf of the attacker. This can lead to unauthorized access to internal systems, data leakage, and other security issues.
SSRF attacks are often targeted against cloud infrastructure
Server-side attack
A server-side attack causes the server to do some processing or run a script or query in a way that is not authorized by the application design. Most server-side attacks depend on some kind of injection attack.
XXE Attack
An XML External Entity (XXE) attack is a type of vulnerability that arises when an XML input containing a reference to an external entity is processed by a weakly configured XML parser.
<?xml version=”1.0” encoding=”UTF-8”?>
<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY bar SYSTEM “file:///etc/config”> ]>
<bar>&bar;</bar>