Domain 3: Threats and Vulnerablilities Flashcards
OVAL
open vulnerability assessment language.
IRC
internet relay chat (used by bots, zombies and control centers).
SPIM
spam over instant messaging.
XSS
cross-site scripting (cookie stealing).
Viruses
simple, needs user interaction. single host.
Worms
no user interaction. replicates fast.
Trojan Horse
concealed as a “good” program.
Backdoor
Illicit server process.
Steganography
hiding program or message inside an image.
Logic Bomb
waits for activity or date. inside job.
Rootkit
hides malicious activity.
Replay
successful logon captured by a protocol analyzer.
Phishing
sent to millions, no targeting.
Spear Phishing
targeting an individual.
Whaling
high-value targets.
Vishing
phishing over VoIP.
Pen Testing Tool
program used by ethical hackers to send exploits
Vulnerability Assessment Tool
tool that determines vulnerability by passive techniques
Return Address Pointer
a memory location for resuming processing
Pharming
redirecting users to malicious sites via DNS
Open Relay
way of forwarding spam
Alternate Date Streams
technique for hiding files
Buffer Overflow
corrupting the memory of a host