CPE 046 last quiz Flashcards
is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
Social engineering
False promises to exasperate a victim’s greed or curiosity, luring them into traps to collect personal data or infect systems. Common methods include physical media (e.g., malware-infected USB drives) or malicious online ads.
Baiting
Bombards victims with false alarms or fictitious threats, tricking them into installing harmful software. Examples include deceptive popups or spam emails offering fake security services.
Scareware
Attackers craft believable lies to gain sensitive information by building false trust. Unlike phishing, pretexting exploits trust rather than fear/urgency.
Pretexting
Email/text campaigns creating urgency, curiosity, or fear to trick victims into revealing data, clicking malicious links, or opening malware-infected attachments. Example: Fake password-reset emails.
Phishing
Targeted phishing using personalized messages based on victims’ characteristics (e.g., job roles). Requires significant effort but has higher success rates.
Spear Phishing
Promises a reward (e.g., technical support) in exchange for information. Example: Fake IT experts requesting login credentials.
Quid Pro Quo
Exploits romantic/sexual interests online, luring victims to pay fees for communication, which are stolen.
Honey Traps
Good and Lawful, defensive, employed.
White Hat
they’re not malicious, but they’re not always ethical either.
Gray Hat
a hacking newbie who may not know all there is to know,
causing him or her to make mistakes along the way.
Green Hat
unethical criminals who violate network security for
personal gain.
Black Hat
similar to white hat hackers, but white hat hackers are
usually part of the company, whereas blue hat hackers are outsourced.
Blue Hat
a hacker who takes aggressive steps to stop black hat hackers. While red hat hackers are not inherently evil, they do everything they can to stop the bad guys, including taking matters into their own hands. Offensive white hat. Robin Hoods of the virtual world
Red Hat
These criminals embody organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers.
Organized Hackers
These cyber crime organizations are groups of hackers, programmers and other tech bandits who combine their skills
and resources to commit major crimes that might not otherwise
be possible.
Organized Hackers
driven by a particular political or social agenda.
“__________” tend to be more interested in embarrassing
companies or publicizing damning evidence of some sort and are usually
Hacktivists
the unlawful use of violence and intimidation, especially against civilians, in the pursuit of political aims. Terrorist cyber crime tends to involve mostly the publication of propaganda, psychological campaigns (such as beheading
videos), intelligence, information sharing and other
communication.
Terrorists
are carried out by cyber criminals
directly linked to a nation-state to exploit infrastructure vulnerabilities.
State-backed hackers
are people who maliciously monitor the web activity of their victims to acquire personal data. This type of cyber crime is conducted through the use of social networking platforms and malware, that are able to track an individual’s PC activity with little or no detection.
Internet stalkers
Disgruntled employees become
hackers with a particular motive and also commit cyber crimes.
It is hard to believe that dissatisfied employees can become such malicious hackers.
Disgruntled Employees
employees or contractors hired to be Attackers, ethical hackers that work for an organization finding security holes that a malicious individual could exploit.
The Red Team
is important because they inform or report the vulnerability to the organization before any malicious attacker could exploit it.
Red teaming
is an important factor in red teaming. It is a simulation-based attack that intends to get access of specific information. So, after getting the goals they plan the whole scenario.
Planning
the organization’s Defenders, who are responsible for protective measures within an organization.
The Blue Team
is to analyze and monitor the data. So, if the blue team saw any unusual activities, they can take preventive measure to protect the organization.
Blue team’s
SOC
(Security Operation Centre)
SIEM
(Security Information and Event Management)
a kind of information gathering on network system and services. This enables the attacker to discover vulnerabilities or weaknesses on the network. It
could be likened to a thief surveying through a car parking
lot for vulnerable – unlocked - cars to break into and steal.
The 1st step in conducting network attacks.
Reconnaissance
Reconnaissance attacks can consist of:
Internet information lookup,
Ping sweeps,
Port scans,
Packet sniffers.
- also known as ICMP(Internet Control Message Protocol ) sweep or a ping scan, is a network scanning technique you can use to find out which IP addresses map to live hosts.
Ping sweeps
a common technique used to discover open doors or weak
points in a network. Port is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service.
Port Scans
technique whereby packet data flowing across the network
is detected and observed. Network administrators use packet sniffing tools to monitor and validate network traffic, while hackers may use similar tools for nefarious purposes.
Packet Sniffing
exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information. An access attack allows an individual to gain unauthorized access to information that they have no right to view.
Types:
* Password Attack
* Trust Exploitation
* Port Redirection
* Man-in-the Middle Attack
Access attacks
A Network attacker uses packet sniffer tools to obtain user accounts and passwords information. An attacker also repeatedly attempts to log in to a shared resource or to gain unauthorized access to an
organization’s network; this can also be referred to as dictionary or brute force attacks.
Password Attacks
is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary as a password.
dictionary attack
can also be used in an attempt to find the key necessary to decrypt an encrypted message or document.
dictionary attack
is a popular password-cracking tool. John supports many encryption technologies for Windows and Unix systems (Mac
included).
John the Ripper (JtR)
Social Engineering Attack Lifecycl
Investigation
- Preparing the ground for the attack:
Hook
- Deceiving the victim(s) to gain a foothold
Play
- Obtaining the information over a period of time:
Exit
- Closing the interaction, ideally without arousing suspicion:
A brute-force attack is an attempt to discover a password by systematically trying every possible combination of
letters, numbers, and symbols until you discover the one correct
combination that works. This is a password-guessing attack.
Brute Force Attack
is to compromise a trusted
host, using it to stage attacks on other hosts in a network.
Trust Exploitation
If a host in a network of a company is protected by a firewall (inside
host), but is accessible to a trusted host outside the firewall (outside
host), the inside host can be attacked through the trusted outside
host.
Trust Exploitation
is a type of eavesdropping attack, where attackers interrupt an
existing conversation or data transfer. After inserting themselves in
the “middle” of the transfer, the attackers pretend to be both
legitimate participants.
Man-in-the-Middle (MitM) Attack
prevents authorized users from using services by consuming system
resources.
Denial of Service (DoS) Attacks
is to oversaturate the capacity of a targeted machine, resulting in denial-of-service to additional
requests.
Denial of Service (DoS) Attacks
DoS attacks typically fall in 2 categories:
Buffer overflow attacks
Flood attacks
An attack type in which a memory buffer overflow can cause a machine to consume all available hard disk space, memory, or CPU time. This form of exploit often results in sluggish behavior, system crashes, or other deleterious server behaviors, resulting in denial-of-service.
Buffer overflow attacks
By saturating a targeted server with an overwhelming amount of packets, a malicious actor is able to oversaturate server capacity, resulting in denial-of-service.
Flood attacks
is a malicious attempt to
disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
DDoS Attack
________ is a network of computers infected
by malware that are under the control of a single attacking party, known as the “_________.” Each individual machine under the control of the bot- herder is known as a ______.
botnet (robot network)
“bot-herder.”
bot
is a logical partition of a Layer 2 network.
VLAN
