Cybersecurity Fundamentals Week 5 Flashcards
Black hat hackers (crackers)
Hackers who attempt to obtain unauthorized access to computer systems to damage their operations or to steal confidential data.
Bot/Botnet
A computer system network that as been compromised and is under the attackers control. They are used to carry out diff schemes and cyberattacks.
Buffer overflow
Buffers that store data temporarily during a transfer.When data volume exceeds the memory buffers capacity, a buffer overflow occurs. When this happens memory areas are overwritten.
Clickjacking
An attack that tricks victims into unintentionally clicking on a malicious link or button that is usually disguised as a harmless element.
Command and control (c&c/c2)
A tactic used to communicate between a compromised system and an attacker.
Common vulnerabilities and exposures (CVE)
A global program whose goal is to ID, define, and classify publicly disclosed cybersecurity vulnerabilities.
Credential stuffing
A type of attack in which attackers utilize compromised lists of user credentials to infiltrate a system.
Cybersecurity Framework
A collection of documentation that defines the best practices for organizations to manage and handle cyber threats. These decrease organizations exposure to weaknesses and threats.
Denial-of-service attack (DoS, DDoS)
Attack designed to shut down a system or network by making its resources unavailable to users by overwhelming the target causing it to fail. DDoS is same but uses many more devices and has a more significant attack.
Dictionary attack
A password attack that uses billions of potential passwords from a vast dictionary to discover a users password.
DNS Cache Poisoning
The act of providing a victim with a phony DNS record that redirects them to a different website.
Ethical hacking
The process of detecting security vulnerabilities, bugs, misconfigurations, etc before attackers do to fix them. Aka penetration testing.
Exploit
A program, software, piece of data, or command that manipulates a system or computer bug to cause undesirable or unexpected behavior. It is not the malicious program itself, but the method attackers employ to deliver it.
Firewall
A tool that monitors incoming and outgoing network traffic to allow or deny connections aligned with security policies.
Grey hat hacker
A hacker who doesn’t fit either the white or black hat hacker categories and who typically carries out penetration testing on networks without the owners consent. It’s not necessarily malicious, but it is illegal.
HTTP Flood
A type of DDoS attack when the attacker takes advantage of a genuine HTTP GET or POST request to target a web server or application.
HTTPS spoofing
Attacker uses a domain that strongly resembles the target website to trick victims into believing they are visiting the actual website.
ICMP(ping) flood
DDoS attack that attempts to overload a tarts device with many ICMP echo requests. (Pings)
Mitre att&ck
A knowledge database and model for cyber attacker behavior representing the stages of an attack lifecycle.
NICE Framework
A national resource that assist employers in enhancing their cybersecurity workforce. Establishes a common terminology for characterizing cybersecurity work and personnel, no matter where or for whom.
Protecting
A type of social engineering attack involving pretexts to get unsuspecting persons to disclose sensitive information.
SMB protocol
A network protocol that allows users to connect with various computers and servers to access their resources and distribute, open, and modify files.
SYN Flood
DDoS attack that leverages the TCP three-way handshake to waste system resources and make the target server unavailable.
Unknown exploit (zero day)
A vulnerability that is not disclosed to a programs developers and is typically found after it has been exploited.
Vishing
Phishing attacks that uses phone calls.
Worm
Malware that replicates itself and spreads across a network automatically. It takes advantage of security software weaknesses to execute harmful actions.
Zero-day Attacks
Uses zero-day exploits to target unknown vulnerabilities. Since the vendor isn’t aware, there is no patch yet.
