Domain 1.0: Attacks, Threats, and Vulnerabilities Flashcards
Virus
Malicious computer program, infect systems and spread copies of themselves.
Worms
Similiar to virus, does not require host to replicate
Trojan
Disguised malicious code within useful application
Logic bombs
Trigger on a particular condition
Rootkits
Installed and hidden on a computer mainly for the purpose of compromising the system
Ransonware
Encrypts the disk using crypto-malware and demand the ransom payment to provide decryption to release the data.
Spyware
Monitors browser & OS activity. Logs keystrokes and may impact computer performance.
What can cause a computer to run slowly and generate pop-up advertisement?
Spyware and adware
Armored virus
Armored viruses use special tricks to make the tracing, disassembling, and understanding of their code more difficult.
Phishing
Social Engineering attack done mainly through email across a large audience
Spear Phishing
Social engineering attack via email that aims an individual, or a group of individuals
Whaling
Same as spear phishing, but with big or high-value targets such as CEO.
Vishing
This is the term for voice phishing. Often uses fake caller ID to appear as trusted organization and attempt to get the individual to enter account details via the phone.
Pharming
Based on farming and phishing. It does not require user to be tricked into clicking on a link. Instead, it redirects victims to a bogus website, even if they correctly entered the intended site.
DoS and DDoS
DoS - Denial of Service. DDoS - Distributed Denial of Service.
They involve disruption of normal network service and include attacks based on the ICMP echo reply called Smurf attacks.
Spoofing
Process of making data look as if it came from a trusted or legitimate origin.
On-path attack
A third system intercepts traffic between two systems by pretending to be the other system
Replay attacks
Reposting captured data
Zero-day vulnerability
Not detected by the antimalware software yet. No patches exist for them too.
What includes repeated guessing of logons and passwords?
Password guessing, brute-force and dictionary attacks.
Dictionary attacks
A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary as a password
DNS poisoning
Redirect traffic by changing the IP record for a specific domain
ARP poisoning
Layer 2 attack that deceives a device on a network and poisons the MAC table associated with devices.
What does XSRF stand for? What is it?
Cross Site Request Forgery
An attack in which the end user executes unwanted actions on a web application while currently authenticated.
What does XSS stand and what is it?
Cross Site Scripting - it’s a vulnerability that can be used to hijack a user’s session
Injection Attacks
It’s attack that includes SQL, LDAP, DLL and XML. These attacks insert code or malicious input to try to force unauthorized activity or access.
Rogue access point
Unauthorized wireless access point
What kind of attack rogue access point can provide to attackers?
On-path attack, which is also referred as evil twin.
Bluejacking
Tricks user into accepting the prompt to establish bluetooth connection with an attacker’s device.
Bluesnarfing
Following bluejacking, user’s data becomes available for unauthorized access, modification and deletion.
What is the danger of unencrypted network traffic
They can be captured by packet sniffer and decode them from its raw form into readable form.
Threat actor attributes include the actor’s relationship to the following:
Organization, motive, intent and capability.
What are threat actor types?
Script kiddies, insiders, hacktivists, organized crime, competitors and nation-states.
OSINT
Open Source Intelligence describes information for collection from publicly available information sources such as publications, geospatial information, and many online resources.
Black-box test
the assessor have no information or knowledge about the inner workings of the system
Four primary phases of a penetration test
planning, discovery, attack and report.
White-box techniques
Often tests to see whether programming constructs are placed correctly and to carry out the required actions. The assessor have knowledge about the inner workings of the system or knowledge of the source code.
Gray box testing
Combination of white and black box techniques. The test have some understanding or limited knowledge of the inner workings.
What occurs during the attack phase of a penetration test?
Initial exploitation, escalation of privilege, pivot and persistence.
Vulnerability scan
Identifies vulnerabilities, misconfigurations and lacking security controls
Credentialed vulnerability scan reduces what issue?
False posiitives
What is a race condition?
A race condition occurs when two or more threads can access shared data and they try to change it at the same time.
It can result in system malfunction and unexpected results. Resulting errors can cause crashes and may allow attackers to escalate their privileges.
What problem can default accounts and password pose?
They can provide a simple means for an attacker to gain access.
What attack can proper input handling prevent?
It prevents input that can impact data flow, which would allow an attacker to gain control of a system or remotely execute commands.
What will happen if we turn off SSID broadcast?
It hides the network from appearing, but does not effectively protect a wireless network from attack.
What is a false positive?
Typical or expected behavior is identified as irregular or malicious
What is false negative?
An alert should been generated did not occur at all.
SIEM
System Information and Event Management is a tool that collect, correlate, and display data feeds that support response activities.
SOAR
Security Orchestration, Automation and Response - it combines security orchestration & automation with threat intelligence platforms and incident response platforms.
Threat Hunting
Proactive approach to finding an attacker before alerts are triggered.
Rogue access point
Unauthorized wireless access point set up
What is bluejacking?
Attackers generate messages that appears to come from the device itself, leading users to follow obvious prompts and establish open Bluetooth connection to the attacker’s device.
What is bluesnarfing?
Following successful & unauthorized Bluetooth connection, user’s data becomes open for unauthorized access, modification and deletion.
What is danger of unencrypted traffic across the network?
Attacker can use packet sniffer to capture and decode them from its raw form into readable text.
What does threat actor attributes include the actor’s relationship to?
Organization, motive, intent and capability
What are types of threat actor?
Script kiddie, insiders, hacktivists, organized crime, competitors and nation-states.
