Cyber Attacks

Question 1

A set of rules and protocols that allow different software applications to communicate with each other. This interface defines the methods and data structures that programs can use to request services from other software components.

Answer 1

API (Application Programming Interface)

Question 2

The means by which a user interacts with a computer system, software, or hardware. It includes visual elements like buttons, icons, and menus, as well as how users input commands.

The touchscreen interface on a smartphone, where users tap icons to open apps.

Answer 2

UI (User Interface)

Question 3

Software that allows an operating system to communicate with hardware devices (like printers, video cards, or network adapters). Device drivers translate OS commands into device-specific operations.

Installing a printer driver to enable a computer to print documents.

Answer 3

Device Drivers

Question 4

A collection of software development tools, libraries, and documentation that developers use to create applications for a specific platform or framework.

A mobile app developer uses this to build Android apps

Answer 4

SDK (Software Development Kit)

Question 5

A cyberattack in which the attacker floods a target system, network, or website with a massive amount of traffic or requests to overwhelm its resources, causing it to become slow, unavailable, or crash.

An attacker sends excessive traffic to a company’s website, causing it to slow down or go offline.

Answer 5

DoS Attack (Denial of Service Attack)

Question 6

Occurs when a program or application allocates memory but fails to release it when it is no longer needed, eventually causing the system to run out of memory.

A developer forgets to release memory after using it in an application.

Answer 6

Memory Leak

Question 7

Happens when more data is written to a buffer (temporary data storage) than it can handle, causing the excess data to overwrite adjacent memory. This can lead to system crashes or security vulnerabilities.

A program tries to store more data in a fixed-size array, causing it to overwrite adjacent memory and crash.

Answer 7

Buffer Overflow

Question 8

Occurs when multiple processes or threads attempt to access or modify shared resources simultaneously, leading to unpredictable results or errors.

Two users simultaneously attempt to withdraw money from the same bank account, causing the account balance to become inaccurate.

Answer 8

Race Condition

Question 9

Occurs when a number exceeds the maximum value that can be stored in a variable or data type, causing the value to wrap around and produce unexpected or incorrect results.

A program tries to add two large numbers, causing the result to exceed the limit of the variable’s data type and wrap around to a negative number.

Answer 9

Integer Overflow

Question 10

A type of attack where the attacker systematically tries all possible combinations of passwords or encryption keys until the correct one is found.

An attacker tries every possible password for a user’s account until they find the correct one.

Answer 10

Brute-force Attack

Question 11

Occurs when an attacker forces a system or communication to use a weaker or less secure version of a protocol, making it easier to exploit vulnerabilities.

An attacker forces a website to use outdated SSL/TLS encryption instead of the latest.

Answer 11

Downgrade Attack

Question 12

Involves compromising a website or online resource that is frequently visited by the target group, in order to infect their devices with malware or steal sensitive data.

An attacker compromises a website that is popular among government employees,

Answer 12

Watering Hole Attack

Question 13

Occurs when an attacker intercepts or alters communications between two parties without them knowing, typically to steal or manipulate data.

An attacker intercepts the communication between a user and a banking website

Answer 13

On-path Attack (formerly known as Man-in-the-Middle Attack)

Question 14

involves inserting a small piece of code (a “shim”) between two software components to modify or intercept their behavior, often to achieve compatibility or fix a problem.

An attacker may use this to insert malicious code into an application, altering its behavior without the user’s knowledge.

Answer 14

Shimming

Question 15

The process of restructuring existing code without changing its external behavior, typically to improve readability, maintainability, or performance.

A developer refactors a large, complicated function into smaller, more manageable functions to improve code clarity.

Answer 15

Refactoring

Question 16

A request made by a software program to an API to retrieve or send data, perform a specific function, or interact with a service or system.

A weather app does this to a weather service to retrieve current weather data.

Answer 16

API Call

Question 17

The process of installing applications or software from sources other than official app stores or marketplaces, often bypassing security mechanisms.

Installing an APK file directly from a website onto an Android device instead of downloading it from the Google Play Store.

Answer 17

Sideloading

Question 18

Involves adding data to the beginning of a message or input, often to manipulate how the data is processed or interpreted by a system. This technique is often used in attacks to alter the behavior of a program.

In a phishing attack, an attacker prepends a malicious URL to a seemingly safe link to trick a user into clicking on it.

Answer 18

Prepending

Question 19

A technique used to find security vulnerabilities by inputting random, unexpected, or invalid data into a program to see how it behaves and identify weaknesses.

A security researcher uses this testing method to find crashes or memory leaks in a web application by feeding it random or malformed inputs.

Answer 19

Fuzz Testing

Question 20

An attack where an attacker intercepts and possibly alters communication between two parties without their knowledge. The attacker can eavesdrop, manipulate data, or impersonate one of the parties.

Example: An attacker intercepting traffic between a user and a website to steal login credentials.

Answer 20

MitM - Man-in-the-Middle

Question 21

A long-term, targeted attack by a well-resourced adversary, often a nation-state or organized group, aimed at stealing sensitive information or gaining unauthorized access over a prolonged period.

Example: A hacker group infiltrating a corporate network to steal trade secrets over several months.

Answer 21

APT - Advanced Persistent Threat

Question 22

An attack where a malicious user tricks a victim into performing unwanted actions on a trusted website where the victim is authenticated, often leading to unauthorized actions like transferring funds or changing settings.

Example: A user unknowingly clicking a link that triggers a fund transfer from their bank account while logged in.

Answer 22

XSRF - Cross-Site Request Forgery

Question 23

An attack where multiple systems are used to flood a target system, server, or network with excessive traffic to exhaust resources and make the system unavailable to legitimate users.

Example: A large-scale botnet sending massive traffic to a website, causing it to crash and become inaccessible.

Answer 23

DDoS - Distributed Denial-of-Service

Question 24

The total sum of all points where an attacker can potentially exploit a system to gain unauthorized access or cause damage. This includes hardware, software, network interfaces, and user interactions.

Example: may include exposed APIs, web server ports, authentication systems, and vulnerable third-party libraries.

Answer 24

Attack Surface

Question 25

An attack where an attacker disguises themselves as a trusted entity to gain unauthorized access, deceive users, or bypass security measures.

Example: An attacker sending an email that appears to come from a trusted source (like a bank) to trick a user into providing login credentials.

Answer 25

Spoofing

Question 26

A form of social engineering where attackers send fraudulent messages, often appearing as legitimate sources, to steal sensitive information such as usernames, passwords, or financial details.

Example: A fake email from a bank asking users to click a link and update their account information.

Answer 26

Phishing

Question 27

A type of attack where a hacker compromises a legitimate business email account and uses it to manipulate employees into performing unauthorized actions, such as transferring money or sending sensitive information.

Example: An attacker posing as a CEO sends an email to the finance department, instructing them to wire money to a fraudulent account.

Answer 27

BEC Attacks

Question 28

Links embedded in emails, websites, or messages that redirect users to phishing sites or trigger the download of malware.

Example: A link in a spam email that leads to a website designed to steal login credentials or install malware.

Answer 28

Malicious Links

Question 29

Files attached to emails or other messages that contain harmful software designed to infect and damage systems, steal data, or gain unauthorized access.

Example: An email with an attached document that, when opened, installs ransomware on the user’s computer.

Answer 29

Malware Attachements

Question 30

A type of attack where a user sends unsolicited messages via Bluetooth to nearby devices, often for pranking or spamming.

Example: Sending a random message to someone else’s Bluetooth-enabled phone without their consent.

Answer 30

Bluejacking

Question 31

An attack that involves accessing and stealing data from a Bluetooth-enabled device without the user’s consent.

Example: An attacker connecting to a phone’s Bluetooth to steal contacts, calendars, or other sensitive information.

Answer 31

Bluesnarfing

Question 32

A type of Wi-Fi attack where a rogue access point masquerades as a legitimate one, tricking users into connecting to it and potentially intercepting their data or injecting malicious content.

Example: An attacker sets up a Wi-Fi network with a name identical to a nearby coffee shop’s network to steal user credentials.

Answer 32

Evil Twin

Question 33

A type of phishing attack that targets high-level executives or important figures within an organization, often using highly personalized and sophisticated tactics to deceive them into divulging sensitive information or authorizing fraudulent transactions.

Example: An attacker impersonates a CEO and sends an email to the CFO requesting a large financial transfer.

Answer 33

Whaling

Question 34

A targeted form of phishing where the attacker customizes their fraudulent communications to a specific individual or organization, often using information gathered from social media or other sources to appear legitimate.

Example: An attacker gathers details about an employee from social media and sends a personalized email that looks like it’s from the IT department, asking the employee to reset their password.

Answer 34

Spear Phishing

Question 35

A type of social engineering attack that uses voice communication (typically phone calls) to trick individuals into revealing sensitive information or performing actions that benefit the attacker.

Example: An attacker calls a victim, pretending to be from their bank, and asks them to verify personal information over the phone.

Answer 35

Vishing

Question 36

A form of phishing that uses SMS (text messages) to lure individuals into clicking malicious links or providing personal information, often leading to identity theft or malware installation.

Example: A text message claiming to be from a bank, asking the recipient to click a link to “verify their account,” which leads to a phishing website.

Answer 36

Smishing

Question 37

A cyberattack where the attacker redirects legitimate website traffic to fraudulent websites, often by manipulating DNS settings or infecting users’ computers, to steal sensitive information like login credentials or personal data.

Example: A user tries to visit their bank’s website, but the DNS has been altered, redirecting them to a fake website that looks identical, where their login details are stolen.

Answer 37

Pharming

Question 38

An attack where an attacker alters the DNS settings of a user’s device or a DNS server to redirect traffic to malicious websites, often for phishing, data theft, or spreading malware.

Example: An attacker compromises a router’s DNS settings to redirect users to a fake banking website.

Answer 38

Domain Name System (DNS) Hijacking

Question 39

An attack where corrupt DNS data is injected into the cache of a DNS resolver, causing it to resolve domain names to incorrect IP addresses, often redirecting users to malicious sites.

Example: A DNS cache is poisoned, causing users to be redirected to a fake e-commerce website that collects their credit card information.

Answer 39

Domain Name System (DNS) Poisoining

Question 40

An attack that involves sending falsified ARP (Address Resolution Protocol) messages to a local network, mapping the attacker’s MAC address to the IP address of another device, allowing them to intercept or alter network traffic.

Example: An attacker uses this to intercept the communication between a user’s device and the router, allowing them to eavesdrop on sensitive information.

Answer 40

Address Resolution Protocol (ARP) Poisoning

Question 41

The practice of hiding data within other non-suspicious data, such as embedding a secret message in an image, audio, or video file, to avoid detection.

Example: An attacker hides malicious code inside an image file, which when opened, activates a virus or backdoor.

Answer 41

Steganography

Question 42

Attack methods that use images (e.g., hidden malicious code embedded in image files) as a means to deliver or execute threats, such as malware or exploits.

Example: An attacker embeds a malicious payload in an image file, which is executed when the image is processed by vulnerable software.

Answer 42

Image-Based Threat Vectors

Question 43

Attack methods that use files, such as documents or executable files, to deliver malware or exploit vulnerabilities in a system.

Example: An attacker sends a PDF file with an embedded macro that, when opened, installs ransomware on the target system.

Answer 43

File-Based Threat Vectors

Question 44

The unauthorized transfer of data from a system to an external location or attacker-controlled destination, often to steal sensitive information.

Example: A hacker extracts confidential company files and sends them to an external server via email or FTP.

Answer 44

Data Exfiltration

Question 45

A social engineering attack where an attacker creates a fabricated scenario (pretext) to obtain sensitive information or gain unauthorized access, often by impersonating someone trusted.

Example: An attacker pretends to be from the IT department and calls an employee to ask for their username and password to “fix a technical issue.”

Answer 45

Pretexting

Question 46

A method of attack where malicious software targets the client-side application or software on a user’s device, such as web browsers or email clients, to exploit vulnerabilities.

Example: A phishing email contains a malicious link that, when clicked in the browser, exploits a vulnerability to install malware on the user’s device.

Answer 46

Client-Based Software Threat Vector

Question 47

A threat method that involves a software agent (such as a monitoring or management agent) installed on a device, which can be exploited by attackers to control or access sensitive data on the system.

Example: An attacker exploits a vulnerability in an endpoint security agent to gain access to a network and execute commands remotely.

Answer 47

Agent-Based Threat Vector

Question 48

An attack where an attacker sends false ARP (Address Resolution Protocol) messages onto a local network, associating their MAC address with the IP address of another device, such as the gateway. This allows them to intercept or alter network traffic.

Answer 48

ARP Spoofing

Question 49

An attack where a malicious user sends frames to a different VLAN (Virtual Local Area Network) by exploiting misconfigurations in network switches, allowing them to bypass network segmentation and access restricted resources.

Answer 49

VLAN Hopping

Question 50

A physical attack where an attacker taps into a network cable to capture or alter the data being transmitted, often used in man-in-the-middle attacks.

Answer 50

Cable Tapping

Question 51

A technique used to capture and analyze network traffic passing through a specific port, typically to monitor, troubleshoot, or exploit vulnerabilities in network communication.

Answer 51

Port Sniffing

Question 52

A type of attack where malicious code is injected into the memory of a running process to alter its execution, often to perform unauthorized actions like code execution or data manipulation.

Answer 52

Memory Injection

Question 53

An attack where valid data transmissions (such as authentication tokens or messages) are captured and retransmitted (or “replayed”) by an attacker to gain unauthorized access or perform malicious actions.

Example: An attacker intercepts a legitimate login request and sends it again to access the system without needing to know the password.

Answer 53

Replay Attack

Question 54

A technique used in programming where a pointer (a variable that holds the memory address of another value) is used to access the value it points to. Improper dereferencing can lead to vulnerabilities, such as accessing uninitialized memory or causing a segmentation fault.

Answer 54

Pointer Deference

Question 55

A security flaw in software or hardware that is unknown to the vendor or the public, and for which no patch or fix is available, making it a target for exploitation by attackers.

Example: An attacker discovers a flaw in a popular web browser and exploits it before the vendor releases a security patch, allowing them to execute malicious code.

Answer 55

Zero-Day Vulnerability

Question 56

A technique used by attackers to inject malicious DLL files into a running process, allowing them to execute their own code within the context of that process. This can be used to manipulate the behavior of the program or escalate privileges.

Answer 56

DLL Injection

Question 57

A type of software error that occurs when multiple threads or processes attempt to access shared resources simultaneously, leading to inconsistent or unexpected behavior.

Example: Two threads attempt to update the same file at the same time, causing data corruption.

Answer 57

Concurrency Error

Question 58

A technique in programming where multiple threads (smaller units of a process) are executed concurrently within a single process. This allows for more efficient use of CPU resources, especially on multi-core processors.

Answer 58

Multithreading

Question 59

An error that occurs when there is a failure to properly synchronize access to shared resources between threads or processes, leading to race conditions, deadlocks, or inconsistent results.

Answer 59

Synchronization Error

Question 60

A type of concurrency error or vulnerability that occurs when a system checks the state of a resource (time-of-check) and then uses it later (time-of-use), but the resource’s state changes in between, leading to inconsistent or malicious behavior.

Example: An attacker changes a file’s permissions between the time it’s checked for access and the time it’s actually used, allowing unauthorized access.

Answer 60

TOC/TOU (Time-of-Check to Time-of-Use)