Cybersecurity Vocab.

Question 1

Domain hijacking

Answer 1

Domain hijacking is a type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Brandjacking is another term for domain hijacking.

Question 2

typosquatting

Answer 2

Typosquatting relies on users navigating to misspelled domains. An attacker registers a domain name with a common misspelling of an existing domain. Users who misspell a URL in the web browser arrive at the attacker’s website.

Question 3

kiting

Answer 3

Kiting is the act of continually registering, deleting, and reregistering a name within the five-day grace period without having to pay for it.

Question 4

tasting

Answer 4

Tasting is a Domain Name Server (DNS) exploit that involves registering a domain temporarily to see how many hits it generates within the five-day grace period.

Question 5

hoax attack

Answer 5

In a hoax attack, an email alert or web pop-up will claim to have identified some sort of security problem, such as a virus infection, and offer a tool to fix the problem. The tool, of course, will be some sort of Trojan application.

Question 6

pharming

Answer 6

Pharming relies on corrupting the way the victim’s computer performs Internet name resolution, so that they redirected them from the genuine site to the malicious one.

Question 7

tailgating

Answer 7

Tailgating is a means of entering a secure area without authorization, by following close behind the person that has permission to open the door or checkpoint.

Question 8

Spam

Answer 8

Spam or bulk unsolicited messages, usually sent in the form of email advertisements or other appealing material, may deliver malware or lure a user to another form of attack.

Question 9

whaling

Answer 9

Whaling is a spear phishing attack directed specifically against upper levels of management in the organization (CEOs and other “big fish”).

Question 10

spear phishing

Answer 10

Spear phishing is a phishing scam where the attacker has some information that makes an individual target more likely to be fooled by the attack.

Question 11

spyware attack

Answer 11

Spyware is a program that monitors user activity and sends the information to someone else. This can occur with or without the user’s knowledge.

Question 12

phishing attack

Answer 12

Phishing is a combination of social engineering and spoofing, where the attacker sets up a spoof website to imitate a trusted one.

Question 13

rogueware attack

Answer 13

Rogueware is a fake antivirus web pop-up that claims to have detected viruses on the computer and prompts the user to initiate a full scan, which installs the attacker’s Trojan.

Question 14

vishing

Answer 14

Vishing describes a phishing attack conducted through a voice channel (telephone or VoIP, for instance).

Question 15

SMiShing

Answer 15

SMiShing refers to fraudulent SMS texts. Other vectors could include instant messaging or social media sites.

Question 16

Phishing

Answer 16

Phishing is a type of email-based social engineering attack. The attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim. Pharming is a means of redirecting users from a legitimate website to a malicious one.

Question 17

Pharming

Answer 17

Pharming relies on corrupting the way the victim’s computer performs Internet name resolution, which redirects the user from the genuine site to the malicious one.

Question 18

domain hijacking

Answer 18

Domain hijacking is a type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Brandjacking is another term for domain hijacking.

Question 19

kiting

Answer 19

Kiting is the act of continually registering, deleting, and reregistering a name within the five-day grace period without having to pay for it.

Question 20

tasting

Answer 20

Tasting is a Domain Name Server (DNS) exploit that involves registering a domain temporarily to see how many hits it generates within the five-day grace period.

Question 21

shoulder surfing

Answer 21

Shoulder surfing refers to stealing a password or PIN (or other secure information) by watching the user type it, either in close proximity or remotely.

Question 22

lunchtime attack

Answer 22

If a user leaves a workstation unattended while logged on, an attacker can physically gain access to the system (often described as a lunchtime attack).

Question 23

credential harvesting

Answer 23

Credential harvesting is a campaign specifically designed to steal account credentials. The attacker has more interest in selling the database of captured logins than trying to exploit them directly.

Question 24

watering hole attack

Answer 24

A watering hole attack relies on the circumstance that users may use an unsecure third-party website, like a local pizza firm, which the attacker has compromised.

Question 25

colocation

Answer 25

A colocation is a data center that contains racks with networking equipment owned by different companies.

Question 26

authority

Answer 26

Many people find it difficult to refuse a request by someone they perceive as superior to them. Social engineers can try to exploit this behavior to intimidate their target by pretending to be someone of authority.

Question 27

consensus

Answer 27

With consensus/social proof impersonation, an attacker fools users into believing that a malicious website is legitimate by posting fake reviews. The victims believe the reviews and place their trust in the website.

Question 28

urgency

Answer 28

Creating a false sense of urgency can disturb people’s ordinary decision-making process. The social engineer can try to pressure his or her target by demanding a quick response.

Question 29

liking

Answer 29

One of the tools of social engineers is to be likable and to present the requests they make as completely reasonable.

Question 30

piggy backing

Answer 30

Piggy backing is a situation where the attacker enters a secure area with an employee’s permission.

Question 31

shoulder surfing

Answer 31

Shoulder surfing refers to stealing a password or PIN (or other secure information) by watching the user type it, either in close proximity or remotely.

Question 32

SPIM

Answer 32

SPIM is spam (or mass unsolicited messages) but over instant messaging or Internet messaging services.

Question 33

social media

Answer 33

Most companies and the individuals that work for them publish a large amount of information about themselves on the web and on social media sites like Facebook, LinkedIn, Twitter, Instagram, and YouTube.

Question 34

deep web

Answer 34

The deep web is where cyber threat actors, such as organized crime and hacktivists, exchange information beyond the reach of law enforcement.

Question 35

dark net

Answer 35

The dark net is a type of deep web, established as an overlay to Internet infrastructure by software that acts to anonymize usage and prevent a third-party from knowing about the existence of the network or analyzing any activity taking place over the network.

Question 36

dark web

Answer 36

The dark web is another type of deep web that has sites, content, and services accessible only over a dark net.

Question 37

Consensus/social proof

Answer 37

With consensus/social proof impersonation, an attacker fools users into believing that a malicious website is legitimate by posting fake reviews. The victims believe the reviews and place their trust in the website.

Question 38

Familiarity/liking

Answer 38

One of the tools of social engineers is to be likable and to present the requests they make as completely reasonable.

Question 39

Authority

Answer 39

Many people find it difficult to refuse a request by someone they perceive as superior to them. Social engineers can try to exploit this behavior to intimidate their target by pretending to be someone of authority.

Question 40

Bulk text messages

Answer 40

SMiShing is a phishing technique that uses simple message service (SMS) text communications as the attack vector. The text message may include a link to a fake website asking a user to log in.

Question 41

Fake security alert

Answer 41

A hoax is a fake security alert. In some instances, when combined with a phishing technique, it can cause the user to provide private information or make a payment.

Question 42

Fraudulent invoice

Answer 42

Invoice scams are a type of identity fraud. The fraudster will usually spoof the invoice details of a genuine supplier but change the bank account number.

Question 43

A dictionary word

Answer 43

Password crackers can exploit weaknesses in a protocol to calculate the hash and match it to a dictionary word or brute force it.

Question 44

A rainbow table

Answer 44

Rainbow tables are associated with attacks where an attacker uses a set of related plaintext passwords and their hashes to crack passwords.

Question 45

A Pre-Shared Key (PSK)

Answer 45

A Pre-Shared Key (PSK) refers to using a passphrase to generate the key used to encrypt communications. Group authentication is another term for PSK since a group of users shares the same secret.

Question 46

Wi-Fi Protected Access (WPA)

Answer 46

Wi-Fi Protected Access (WPA) is an encryption scheme for protecting Wi-Fi communications, designed to replace WEP.

Question 47

replay attack

Answer 47

In a replay attack, the attacker captures some data, like a cookie file, used to log on or start a session legitimately. The attacker resends the data to re-enable the connection.

Question 48

clickjacking attack

Answer 48

Clickjacking occurs when the attacker inserts an invisible layer into a trusted web page that can intercept or redirect input without the user realizing it.

Question 49

API attack

Answer 49

An application programming interface (API) intrusion occurs when an attacker takes advantage of unsecure communication with application services to perform denial of service attacks using multiple API calls, for example.

Question 50

document object model (DOM) based

Answer 50

Document Object Model (DOM) Cross-Site Scripting (XSS) exploits vulnerabilities in client-side scripts to modify the content and layout of a web page.

Question 51

stored cross-site scripting (XSS)

Answer 51

Stored (or persistent) Cross-Site Scripting (XSS) is a server-side script attack that inserts code into a back-end database used by the trusted site.

Question 52

reflected cross-site scripting (XSS)

Answer 52

Reflected Cross-Site Scripting (XSS) is a server-side input validation exploit that injects a script into a website. Once the victim visits the infected website, the malicious code executes in the user’s browser.

Question 53

cross-site request forgery (XSRF)

Answer 53

A Cross-site Request Forgery (XSRF) is a malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser. This is successful if the server does not check if the user actually made the request.

A client-side request forgery or cross-site request forgery is an attack that forces a user to execute unwanted actions to a web server that the user is currently authenticated to.

Question 54

command injection

Answer 54

A command injection attack runs OS shell commands from the browser and allows commands to operate outside of the server’s directory root, forcing commands to run as the web “guest” user.

Question 55

directory trasversal

Answer 55

Directory traversal is an injection attack that submits a request for a file outside the web server’s root directory by submitting a path to navigate to the parent directory (../). Access permissions on the file are the same as on the web server directory.

Directory traversal is an application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory.

Question 56

transitive access

Answer 56

Transitive access describes the problem of authorizing a request for a service that depends on an intermediate service.

Question 57

SQL injection

Answer 57

A structured query language (SQL) attack embeds or inserts SQL code to a website to query and output information from a database such as password hashes, for example.

Question 58

dynamic link library injection (DLL)

Answer 58

DLL injection is a software vulnerability that can occur when a Windows-based application attempts to force another running application to load a dynamic-link library (DLL) in memory, that could cause the victim application to experience instability or leak sensitive information.

Question 59

XML injection

Answer 59

XML injection is fundamentally the same thing, but targeted against web servers using XML applications rather than SQL.

Question 60

shimming

Answer 60

Shimming is the process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable.

Question 61

refactoring

Answer 61

Refactoring means the code performs the same function by using different methods. Refactoring means that the antivirus software may no longer identify the malware by its signature.

Question 62

improper input handling

Answer 62

Improper input handling exposes software to input validation attacks. When an attacker exploits improper input handling, it crashes the process hosting the code, performs

Question 63

an integer

Answer 63

An integer overflow attack causes the target software to calculate a value that exceeds the upper and lower bounds.

Question 64

a pointer

Answer 64

A pointer is a reference to an object in memory. Attempting to access that memory address is called dereferencing. An integer is a positive or negative whole number.

Question 65

a shim

Answer 65

A shim is a code library that intercepts and redirects calls to enable legacy mode on a system. The shim database represents a way that malware with local administrator privileges can run on reboot (persistence).

Question 66

a race condition

Answer 66

A race condition is a software vulnerability that occurs when the execution processes are dependent on the timing of certain events, and those events fail to execute in the order and timing intended.

Question 67

a buffer overflow

Answer 67

To exploit a buffer overflow vulnerability, the attacker passes data that deliberately overfills the buffer (an area of memory) that the application reserves to store the expected data.

Question 68

a pointer dereference

Answer 68

Pointer dereference is a software vulnerability that can occur when the code attempts to remove the relationship between a pointer and the thing it points to (pointee). Dereferencing may crash the application and corrupt memory.

Question 69

a replay attack

Answer 69

A replay attack consists of intercepting a key or password hash, then reusing it to gain access to a resource. Using once-only session tokens or timestamping sessions prevents this type of attack.

Question 70

a pass-the-hash-attack

Answer 70

Pass-the-hash occurs when the attacker steals hashed credentials and uses them to authenticate to the network. Using once-only session tokens or timestamping sessions prevents this type of attack.

Question 71

a downgrade attack

Answer 71

A downgrade attack facilitates a Man-in-the-Middle (MitM) attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths.

Question 72

a birthday attack

Answer 72

A birthday attack is a type of brute force attack aimed at exploiting collisions in hash functions. This type of attack can forge a digital signature.

Question 73

resource exhaustion

Answer 73

A resource exhaustion attack overloads resources like CPU time, memory, or disk capacity using distributed denial of service (DDoS) requests.

Question 74

server-side request forgery

Answer 74

A server-side request forgery abuses the functionality and services of backend servers to read and update internal resources. This can expose, for example, database information, even without an authenticated session.

Question 75

client-side request forgery

Answer 75

A client-side (or cross-site) request forgery is an attack that forces a user to execute unwanted actions to a web server that the user is currently authenticated to.