Domain 2 (Threats, Vulnerabilities, and Mitigations) Flashcards
Practice Questions unofficial sources
____ attacks seek to undermine confidentiality
Disclosure
Making sensitive information available to individuals or the general public without the owner’s consent
___ ___ are violations of confidentiality
Data Breaches
When confidentiality data loss occurs
___ ___ removes sensitive information from an organization’s control
Data Exfiltration
___ attacks seek to undermine integrity
Alteration
Hacker seeking to intentionally alter information, or a service disruption accidentally affecting data stored in a system
____ attacks seek to undermine availability
Denial
Denial-of-service attacks try to either overwhelm a system or cause it to crash, to deny legitimate users the access they need
___ risks involve monetary loss to the organization
Financial
Might include the cost of restoring damaged equipment and data, conducting an incident response investigation, etc.
___ risk impacts how stakeholders view our organization; may be difficult to quantify
Reputational
When the negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, and other stakeholders
___ risk jeopardizes our ability to meet our major goals and objectives
Strategic
Organization may become less effective in meeting major goals and objectives as a result of a breach
___ risk affects our ability to carry out day to day activities
Operational
May slow down business processes, delay delivery of customer orders, or require implementation of time heavy workarounds
___ risk involves potential violations of laws or regulations
Compliance
Could include HIPAA if a hospital loses patient medical records, etc.
First step of end of life process for a product; Product will no longer be offered for purchase, but the vendor will continue to support existing customers
End of Sale
Next step of end of life process for a product; Vendor will reduce or eliminate support for existing users of the product; may become vulnerable
End of Support
Last step of end of life process for a product; Vendor will no longer provide any support or updates for the product; is vulnerable and exposed to risk
End of Life
This limits user permissions; when a user should only have the minimum necessary set of permissions required to do their job
Least Privilege
Processes and practices used to design systems; A set of well defined practices and processes used to build complex technical systems
IT architecture
When new devices are connected to a network, but old devices are not promptly disconnected, leading to security vulnerabilities; devices not managed using a full system lifecycle
System Sprawl
Every piece of malware that you encounter will have two components:
A propagation mechanism and a payload
The way that a malware object spreads from one system to another
Propagation Mechanism
The malicious action that the malware performs
Malware Payload
Spreads from system to system based upon some type of user action
Viruses
Spreads from system to system without any user interaction; they reach out and exploit system vulnerabilities; uses one infected system as the bae for spreading to other parts of the local area network or the broader internet
Worm
Infected about 10% of the Internet, was the first major worm outbreak, written by Robert Morris, eye opening event for security
The RTM Worm
Created in 2010, infiltrated Iranian nuclear facility, first worm to cross the virtual/physical barrier in a major way
Stuxnet Worm
Virus that hides itself; pretends to be legitimate software that the user may want to download and install, software performs as normal, but also carries malicious hidden payload
Trojan Horse
Provide backdoors to hacked systems; provide hackers with the ability to remotely access and control infected systems
RAT Remote Access Trojans
OSI Model
7 layers from top to bottom: Application, Presentation, Session, Transport, Network, Data Link, Physical
Layer 1 OSI
Physical layer
Layer 2 OSI
Data Link Layer
Layer 3 OSI
Network layer
Layer 4 OSI
Transport layer
Layer 5 OSI
Session layer
Layer 6 OSI
Presentation layer
Layer 7 OSI
Application layer
TCP model
4 layers from top to bottom: application, transport, internet, network interface
Layer 1 TCP
Network Interface layer
Layer 2 TCP
Internet layer
Layer 3 TCP
Transport layer
Layer 4 TCP
Application layer
Gathers information without the user’s knowledge or consent, information is then reported back to the malware author
Spyware
Malware that blocks access to data; blocks a user’s legitimate use of a computer or data until they are paid
Ransomware
Malware that takes over the computing capacity of a user’s system to mine cryptocurrencies
Crypto-malware
Spyware techniques
Logging keystrokes, monitoring web browsing, searching hard drives and cloud storage
Capturing every key that a user presses and then reporting back to the malware author
Logging keystrokes
Tracks user data then may use it to target advertising to the user or report it back to the malware author
Monitoring web browsing
When malware reaches inside a system and searches services used by the user, seeking out sensitive information
Searching hard drives and cloud storage
Adware and spyware that often come bundled with software that the user wants to download
Bloatware
Malware that embeds itself in other programs; programmer provides workaround access for themselves in the future
Backdoors
Malware that embeds itself in other programs; delivers a triggered payload; set to execute a payload when certain conditions are met
Logic Bombs
Backdoor mechanisms
hardcoded accounts, default passwords, unknown access channels
Where there’s a specific username and password that will always grant access to the system
Hardcoded accounts
When there are passwords that users might not remember or know to change
Default passwords
Where there’s a way to gain access to a system without going through the normal authentication process
Unknown access channels
A special superuser account that provides unrestricted access to system resources; normally reserved for system administrators
The root account
A type of malware that originally were designed for privilege escalation; now also describes software techniques designed to hide other software on a system
Rootkits
Run with normal user privileges, are easy to write and difficult to detect
User mode rootkits
Run with system privileges, are difficult to write and easy to detect
Kernel mode rootkits
A form of malware that remain in memory; seek to avoid detection by simple antivirus software; never write any data to disk, operate completely within memory
Fileless viruses
Network of infected machines; collections of zombie computers used for malicious purposes
Botnet
A sequence of instructions written in a programming language to automate our work; can be found on operating systems, hosted on websites, and within our own applications
A script
These are designed to be run at the command line and integrate with the operating system; allow the script developer to manipulate files and perform other operating system tasks
Shell scripts
These run within a software application and integrate with that application; allow interaction with the application in a programmatic matter
Application scripts
These allow the creation of general purpose code; allow us to write scripts that carry out virtually any task
Programming Languages
A scripting language used on Linux and Mac systems; a powerful scripting language that system administrators love because it integrates directly with the Mac and Linux operating systems
Bash
A scripting language that allows Window administrators to automate routine Windows tasks.
Powershell
Scripts that run within an application environment, allowing the automation of tasks within that application
Macros
A macro script for applications used with Microsoft Office productivity suite
Visual Basic (VBA)
A powerful general purpose programing language used to create a diverse set of scripts; used to write code to perform virtually any task
Python
Hackers that operate with permission and good intent; work with the full permission of the target company and have the motivation of finding security flaws that they can fix
White hat hackers/Authorized attackers
Hackers that operate illegally with malicious intent; those who don’t have permission to hack
Black hat hackers/Unauthorized attackers
Hackers that operate without permission but with good intent; fit somewhere in the middle as they don’t have permission and their activity is usually illegal, but they hack with the motivation of helping their victims improve their security; this is frowned upon by both security professionals and law enforcement
Grey hat hackers/Semi-authorized attackers
Ethical disclosure when you find a vulnerability
1 Notify the vendor of the vulnerability
2 Provide the vendor reasonable time to create a patch
3 Disclose the vulnerability publicly
A vulnerability in a product that has been discovered by at least one researcher but has not yet been patched by the vendor
Zero-Day vulnerability
The time between the discovery of a zero-day vulnerability and the release of a security update
window of vulnerability
Attackers that are well-funded and highly skilled, typically government sponsored, have access to zero days and other sophisticated weapons, work methodically to gain access to a target, targets typically have military or economic value
APT Advanced Persistent Threats
Manipulating people into divulging information or performing an action that undermines security
Social Engineering
Six main reasons that social engineering attacks are successful
authority, intimidation, scarcity, urgency, familiarity
A sophisticated form of email phishing that targets businesses and individuals. Typically involves attackers impersonating a business or executive to trick employees, partners, or customers into transferring funds or sensitive information
BEC Business Email Compromise
A BEC scam that involves impersonating a high ranking executive
CEO fraud
A complex form of BEC where the attacker infiltrates a vendor’s email to send a fake invoice with fake payment details to trick the client
Vendor Email compromise
A form of BEC aimed at obtaining employee tax information for use in identity theft
W-2 Solicitation
False information that is spread unintentionally, unknowingly
Misinformation
False information that is spread intentionally, with the goal of deceiving others; deliberate intent to deceive
Disinformation
Form of disinformation, strategically spreading biased or misleading information to promote a political cause or point of view
Propaganda
This refers to false news stories that appear credible and are spread over social media; creation and sharing of false information disguised as news from credible sources
“fake news”
These involve the use of artificial intelligence to create realistic false images or videos; can manipulate speech, actions, video, etc. to create a fabricated event
Deepfakes
Can spread disinformation through exploiting search engine optimization tactics to ensure false content appears high in search results, giving it an air of credibility
SEO Search Engine Optimization
A mathematical function that converts a variable length input into a fixed length output; produces different output for each input, must be computationally difficult to retrieve the input from the output, must be computationally difficult to find two different inputs that generate the same output
Hash Function
This states that collisions become very common when the sample becomes large enough
the Birthday Problem
When the attacker guesses all possible password combinations; only effective against short, non-complex passwords
Brute Force attack
Attacks that assume people use words as passwords and they try all the words in the English language against the password file
Dictionary attacks
An attack that assumes people uses words as passwords and tries all of them against the password file, but also takes variations of the words into account
Hybrid attacks
This attack precomputes common password hashes
Rainbow Table Attack
An attack where the attacker exploits the user reusing passwords across sites
Credential Stuffing
The language used by relational databases that allows users and applications to create, update, delete, and retrieve data
SQL Structured Query Language
This occurs when the web application inspects the input provided by a user to make sure that it’s in an appropriate format; this protects against unsafe user input by checking it on the server before executing commands; SQL injection prevention technique
Input Validation
This precompiles SQL code on the database server to prevent user input from altering query structure; SQL injection prevention technique
Parameterized SQL
These attacks occur when an attacker embeds malicious scripts in a third-party website that are later run by innocent visitors to that site; can take place without the victim’s knowledge
Cross-Site Scripting XSS
Cross site request forgery can be referred to as
CSRF, XSRF, and “sea surf”
These attacks leverage the fact that users are often logged into multiple sites at the same time and use one site to trick the browser into sending malicious requests to another site without the user’s knowledge
Cross-Site Request Forgery
A request forgery attack that targets servers, rather than users, by manipulating servers into retrieving malicious data from what it believes to be a trusted source
Server-Side Request Forgery SSRF
When the developer fails to check that the input provided by the user is short enough to fit in the buffer; user content may overflow from the area reserved for input into an area reserved for other purposes, creating unexpected results
Buffer Overflow Attacks
Areas of memory set aside by developers to store user-supplied content
Buffers
A process that is possible if cookies are not randomly generated; using cookies to figure out user’s passwords
Cookie Guessing
A process that is possible if cookie values are not encrypted in transit; an attacker eavesdrops on a user’s connection and steal the cookie value to use the cookie to login as the user
Session Replay
Code execution attacks where the attacker runs commands of his or her choice
Arbitrary Code Execution
These occur when an attacker exploits a vulnerability in a system that allows the attacker to run commands on the system
Code Execution Attacks
Code execution attacks that take place over a network connection
Remote code execution
Attacks that seek to take normal user accounts and transform them into accounts with administrative rights
Privilege Escalation Attack
This occurs when developers fail to check on the backend whether a user is authorized to access a particular function of an application
Broken Access Control
These occur when an insecure web application accidentally exposes sensitive information to eavesdroppers
Cryptographic Failures
These occur when an attacker is able to insert code into a request sent to a website and then trick that website into passing the code along to a backend server where it’s executed
Injection Flaws
This traces security issues back to the initial creation of code, which fails to meet security requirements
Insecure Design
These occur because web applications depend upon a large number of complex systems that each have their own security settings. An error anywhere in those settings could jeopardize the security of the entire system
Security Misconfigurations
An attack that uses directory navigation references to try to move up and down the directory structure
Directory Traversal Attack
In a Linux file system, this references the current directory
. (a single period)
In a Linus file system, this references the directory one lever higher in the hierarchy
.. (two periods)
This occurs when the proper functioning of a security control depends upon the timing of actions performed by the user or computer; wrong time may cause the software to behave in an unexpected manner
Race Condition
When software checks to see whether an activity is authorized and then some time elapses before it performs that action
Time of Check/Time of Use/Talk to Vulnerability
When the attacker guesses repeatedly at the encryption key until they get the correct value for that key, can take a long time but require little information to start
Brute-Force Attacks
List of all possible keys; The set of all possible encryption keys usable with an algorithm
Keyspace
The attacker tries to break the code through some statistical analysis of the ciphertext to try to detect patterns; knowing things such as the most common letters in the English language and what that may look like in ciphertext
Frequency Analysis Attack
When the attacker can create an encrypted message of their choice because they have a copy of ciphertext and plaintext
Chosen Plaintext attack
Attacker searches for possible collisions in a hash function that may allow an attacker to exploit that function
Birthday Attack
A mathematical problem that describes the probability of two people in a room sharing the same month and day of birth
Birthday Problem
An attack that leverages a botnet to overwhelm a target; requests come from all over the place, so it is hard to distinguish them from genuine users; bandwith is a limiting factor
Distributed Denial of Service Attack
This attack tricks browsers into using unencrypted communications
SSL stripping
A service that translates common domain names into IP addresses for the purpose of network routing
DNS Domain Name System
An attack that consists of registering domain names similar to official sites, hoping that users will make a typo and visit their sit
Typosquatting
An attack where the attack takes over a domain registration from the true owner without permission
Domain Hijacking
Attacks that place content on a legitimate site that automatically forwards a user from that legitimate site to a malicious site
URL redirection
A threat intelligence capability that helps cybersecurity analysts identify whether traffic is coming from a known and trusted domain, or whether that domain is associated with past malicious activity
Domain reputation
These attacks depend on capturing initialization vectors (IVs)
WEP(Wired Equivalent Privacy) attacks
A type of DOS attack where attackers will cruise neighborhoods and commercial areas, using tools that capture information about wifi networks
Wardriving attacks
Not safe network connections
WEP or WPA
Safe network connections
WPA2 or WPA3
A type of DOS attack where attackers will cruise neighborhoods and commercial areas using aircraft, drones, or other aerial vehicles, to capture information about wifi networks
Warflying attacks
these occur when someone connects an unauthorized wireless access point to an enterprise network
Rogue access points
When wireless access points may force a wireless device to immediately disconnect from the network
Disassociation
An attack where the attacker send Bluetooth spam to a user’s device, usually trying to entice the user to take some action that will lead to a more advanced attack; are rare today
Bluejacking
An attack where the attacker exploits a firmware flaw in older bluetooth devices, forces pairing between a victim’s device and their own and steal information from the device; rare today
Bluesnarfing