Comp 1 Flashcards
Vulnerability
A weakness that could be triggered accidentally or exploited intentionally to cause a security breach
Insider threat
Arises from an actor who has been identified by the organization and grated some sort of access
Reputational threat intelligence
List of IP addresses and domains associated with malicious behavior, plus signatures of known file-base malware.
Ipconfig
Show the configuration assigned to network interface(s) in Windows, including the hardware or media access gateway, and whether the address is static or assigned by DHCP. The address of the DHCP server that provided the lease is shown as well.
Ping
Probe a host on a particular IP address or hostname using Internet Control Message Protocol ICMP. Can also be used to perform a sweep of all IPs in a subnet.
The Harvester
A tool for gathering open-source intelligence (OSINT) for a particular domain or company
name
Software exploitation
An attack that targets a vulnerability in software code
Network vulnerability scanner
such as Tenable Nessus or OpenVAS, is designed to test network hosts,
including client PCs, mobile devices, servers, routers, and switches
Scan intrusiveness
A measure of how much the scanner interacts with the target
Non-intrusive (OR PASSIVE) scanning
Analyzing indirect evidence, such as the types of traffic generated
by a device. A passive scanner, the Zeek Network Security Monitor being one example, analyzes a
network capture and tries to identify policy deviations or CVE matches. This type of scanning has the
least impact on the network and on hosts, but is less likely to identify vulnerabilities comprehensively
Active scanning
Probing he device’s configuration using some sort of network connection with the
target. Active scanning consumes more network bandwidth and runs the risk of crashing the target of
the scan or causing some other sort of outage agent-based scanning is also an active technique
Maneuver
A military doctrine term relating to obtaining positional advantage
What influenced the techniques of pen testing engagement on target systems?
Modern cyber-attack “kill chain” models generated through analysis of adversary TTPs.
Open Source Intelligence (OSINT)
- Web search tools, social media and sites are scanned for vulnerabilities in internet-connected devices and services.
- Aggregation tools like theHarvester collect and organize this data from multiple sources.
-This is a passive technique
Wardriving
Mapping the location and type of wireless networks operated by the target. Some of these
networks may be accessible from outside the building. Simply sniffing the presence of wireless network
is a passive activity, though there is the risk of being observed by security guards or cameras.
Shoulder surfing
A threat actor can learn a password or PIN (or other secure information) by watching
the user type it. Despite the name, the attacker may not have to be in close proximity to the target
Whaling
A spear phishing attack directed specifically against upper levels of management
Hoaxes
Such as security alerts or chain emails, are another common social engineering technique, often
combined with phishing attacks
SPIM
Mass mail attacks could also be perpetrated over any type of instant messaging or internet messaging
service
Malware
is usually simply defined as software that does something bad, from the perspective of the
system owner
Virus
A type of malware designed to replicate and spread from computer to computer, usually by
“infecting” executable applications or program code
Non-resident/file infector
The virus is contained within a host executable file and runs with the host
process
Memory resident
When the host file is executed, the virus creates a new process for itself in memory.
The malicious process remains in memory, even if the host process is terminated
Boot
The virus code is written to the disk boot sector or the partition table of a fixed disk or USB media,
and executes as a memory resident process when the OS starts or the media is attached to the
computer
Script and macro viruses
The malware uses the programing features available in local scripting engines
for the OS and/or browser such as PowerShell, Windows Management Instrumentation (WMI),
JavaScript, Microsoft Office documents with Visual Basic for Applications (VBA) code enabled, or PDF
documents with JavaScript enabled
Plaintext
(or cleartext) an unencrypted message
Ciphertext
An encrypted message
Cipher
The process (or algorithm) used to encrypt and decrypt a message
Cryptanalysis
The art of cracking cryptographic systems
Hashing
Produces a fixed length string from an input plaintext that can be any length
Symmetric algorithms do not provide message integrity or authentication. T/F?
True
Cryptographic primitive
A single hash function, symmetric cipher
Nonce
The principal characteristic of a nonce is that it is never reused (“number used once”)
Homomorphic encryption
Is principally used to share privacy sensitive data sets
Blockchain
Is a concept in which an expanding list of transactional records is secured using
cryptography
Public key cryptography
Solves the problem, of distributing encryption keys when you want to
communicate securely with others or authenticate a message that you send to others
Digital certificate
Essentially a wrapper for a subject’s public key
Certificate Attributes:
- Signature algorithm
- Public key
Signature algorithm
The algorithm used by the CA to sign the certificate
Public key
Public key and algorithm used by the certificate holder
Subject Alternate Name (SAN)
Extension field is structured to represent different types of identifiers,
including domain names
Identity and Access Management (IAM) Usually described in terms of four main processes:
- Identification
- Authentication
- Accounting
- Logon
- Offline Attacks