Deck A Prt. 2 Flashcards

1
Q

PGP Encryption

A

Is a type of Encryption that can be used on emails such that receivers public key can be used to encrypt the email message on the senders side.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Password Salting

A

Is a common countermeasure to protect against rainbow table attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Port 48101

A

Is a common port that used for IOT Devices, and this is the port to block first in case you are suspicious that an IoT Device has ben compromised

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Quid Pro Quo

A

Latin Phrase that meaning “Something for something” in this technique attackers keep calling random numbers within a company claiming to be calling from technical support this is a Baiting Technique where attackers offer their service to end users in exchange of confidential data or login credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Remediation

A

Is the process of applying fixes on vulnerable systems to reduce teh impact and serverity of Vulnerabilites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Replay Attack

A

Attacker records the Frequency required to share information between connected IoT Devices. After obtaining the frequency Attacker captures the original DATA when commands are initiated by the connected devices. Once the original data is collected Attacker uses Free Tools such as URH(Universal Radio Hacker) to segregate the command sequence and Injects those on the same frequency into the IoT Network with a goal to capture the signals of the IoT devices. This Replays the commands or captured signals of the Devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Robots.txt

A

Is a FILE that hackers like to Capture that allows them to discover the Structured of a Targe Website during Web Server Footprinting. A website Owner Creates a robots.txt file to list the files or directories a web crawler should index for providing search results. Poorly Written robots.txt files can cause the complete indexing of website files and directories. If confidential Files and Directories are indexed, and attacker may easily OBTAIN Information such as Passwords, Email Addresses, Hidden Links, Membership Areas. An attacker can also download the robots.txt file of a targe website using the Wget Tool.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SNMP

A

Simple Network Management Protocol that sends Unencrypted Traffic though port UDP 161. It is Recommended to use SNMPv3 which is secure and fully encrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

STP Attack

A

Spanning Tree Protocol is a Layer 2 Attack in which the Attacker install an UNAUTHORIZED Rogue Switch to an unused port in the LAN with apriority lower than any other switch in the network so that he can make it into a ROOT Bridge so he can start SNIFFING and Capturing all the traffic in the Network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SaaS

A

Is a CLOUD MODEL where the customer themselves are responsible for Management of user Accounts. The provider takes care of the Hardware, Operating System, & Software Administration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SSRF Attack

A

Server Side Request Forgery Attack THAT is Used to Obtain a Remote FEED and attacker can change the URL input to the local Hosts to View all the Local Resources on the Targe Server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Session Fixation Attack

A

A Technique where the Attacker First Fetches a Valid Session ID by logging into a service and later feeds the same Session ID to the Targe Employee. The Session ID ends up linking the Targe Employee to Attackers Account Page without disclosing any information to the victim. As soon as the victim clicks on the link, it links the SENSITIVE Payment details from the victims account to Attacker Account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Slowloris Attack

A

Attack in which partial HTTP Requests are sent to the Web Infrastructure or Applications. Upon receiving a partial request, the Targe servers allow multiple connections and keeps waiting for the requests to complete causing the server to crash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TCP Mailmon Scan

A

IS A PORT Scanning Technique in which the attacker Sends FIN/ACK probes and determines that an RST Packet is sent in response by the Targe Hosts, so they know that the Targe port is Closed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

TPM

A

Trusted Platform Module Is a Special Chip on the Motherboard of a server that generates Encryption Keys to and Prevents Decryption of the DISK of one Server on Another Random Hardware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Trojan

A

Is a TYPE of Malware that can be discovered on a Machine using Netstat and by checking for outgoing confections to random IP Addresses or Web Domains.

17
Q

Untethered Jailbreaking

A

Is the IOS Jailbreaking Technique in which the attacker patches the Kernel during the Device Boot so that it becomes Jailbroke after each successive reboot.

18
Q

VRFY

A

Command in LINUX checks for Valid Users on an SMTP Server

19
Q

WEP

A

An Old Wireless Encryption Protocol that was designed to MIMIC Wired Encryption and uses 40 Bit RC4 Encryption.

20
Q

WPA3

A

A new Wireless Security Protocol that Allows 192 Bit minimum Security Protocols and CRYPTOGRAPHIC Tools to Protect sensitive DATA, such as GCMP-256, HMAC-SHA384, and ECDSA using a 384 Bit Elliptic Curve.

21
Q

Weaponization Phase

A

Phase in Cyber Kill Chain 2nd Phase in which the HACKER can harvest emails of employees from some public sources and could create a Client Side backdoor to send it to the Employees via Email.

22
Q

Web Stat Tool

A

Is A tool to monitor the company’s website, analyze the website traffic, and track teh Geographical Location of the users visiting the company website.

23
Q

Website Mirroring

A

Is an ATTACK where the Hackers copy the Entire Website and its content on a local drive to view the complete profile of the site directory structure, file structure, external links, images, webpages

24
Q

aLTEr Attack

A

Is an Attack on cellular system in which the Attackers set up FAKE Virtual communication Tower between two Authentic Endpoints to mislead the Victim. The Hackers uses these virtual Towers to interrupt the DATA Transformation between the user and Real Tower, Attempting to Hijack an Active Session. It ends up Redirecting the victim to a malicious website.

25
Q

httpd.conf

A

httpd.conf file is an Attractive Targe of the Hackers. The http.conf files on a web server can be misconfigured and provide useful information for hacker such as VERBOSE ERROR Messages and all the details about the errors and issues.