Indicators of Attacks

Question 1

Virus

Answer 1

Viruses are malicious programs that must be triggered by the activation of their host; objective is to spread.

Question 2

Worm

Answer 2

Worms are stand-alone malicious programs that can self-replicate and propagate independently as soon as they have breached the system.

Question 3

Ransomeware

Answer 3

Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Ransomware requires that someone pay the ransom.

Question 4

Crypto-malware

Answer 4

Crypto-malware can operate indefinitely on a system, benefiting the criminal without the victim having to do anything, and may never be noticed.

Question 5

Malware

Answer 5

Malicious Software

Question 6

Trojan

Answer 6

A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network. A Trojan acts like a bona fide application or file to trick you.

Question 7

RAT

Answer 7

A Remote Access Trojan (RAT) is a type of malware that allows covert surveillance, a backdoor for administrative control and unfettered and unauthorized remote access to a victim’s machine. The RAT is very dangerous because it enables intruders to get remote control of the compromised computer.

Question 8

Bot

Answer 8

A botnet is a collection of internet-connected devices (IoT devices) infected by malware that allow hackers to control them. Cyber criminals use botnets to instigate botnet attacks, which include malicious activities such as credentials leaks, unauthorized access, data theft and DDoS attacks.

Question 9

Command and Control

Answer 9

A command-and-control [C&C] server is a computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network. It can be used to disseminate commands that can steal data, spread malware, disrupt web services, and more. Runs the botnet.

Question 10

Fileless Virus

Answer 10

Fileless malware is a type of malicious software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect and remove. Stays in RAM.

Question 11

Logic Bomb

Answer 11

A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.

Question 12

Spyware

Answer 12

Spyware describes software with malicious behavior that aims to gather information about a person or organization and send such information to another entity in a way that harms the user.

Question 13

Rootkit

Answer 13

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. Root privilege’s on the computer.

Question 14

Backdoor

Answer 14

A backdoor is a malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware.

Question 15

Adversarial Artificial Intelligence

Answer 15

Adversarial AI is a technique employed in the field of artificial intelligence which attempts to fool models through malicious input. This technique can be applied for a variety of reasons, the most common being to attack or cause a malfunction in standard AI models.

Question 16

Adversarial Artificial Intelligence: Evasion

Answer 16

Evasion attacks are the most prevalent type of attack.. Samples are modified to evade detection; that is, to be classified as legitimate. This does not involve influence over the training data. A clear example of evasion is image-based spam in which the spam content is embedded within an attached image to evade textual analysis by anti-spam filters. Another example of evasion is given by spoofing attacks against biometric verification systems.

Question 17

Adversarial Artificial Intelligence: Poisoning

Answer 17

Poisoning is adversarial contamination of training data. Machine learning systems can be re-trained using data collected during operations. For instance, intrusion detection systems (IDSs) are often re-trained using such data. An attacker may poison this data by injecting malicious samples during operation that subsequently disrupt retraining.

Question 18

Adversarial Artificial Intelligence: Model Stealing

Answer 18

Model stealing (also called model extraction) involves an adversary probing a black box machine learning system in order to either reconstruct the model or extract the data it was trained on. This can cause issues when either the training data or the model itself is sensitive and confidential. For example, model stealing could be used to extract a proprietary stock trading model which the adversary could then use for their own financial benefit.

Question 19

Malicious USB Cables

Answer 19

A malicious cable is any cable (electrical or optical) which performs an unexpected, and unwanted function. The most common malicious capabilities are found in USB cables. Data exfiltration, GPS tracking, and audio eavesdropping are the primary malicious functions.

Question 20

Malicious USB Drives

Answer 20

Malicious USB sticks are leveraged where an attacker needs physical access to a computer. In the most basic of USB drop attacks, the user clicks on one of the files on the drive.

Question 21

Card Cloning / Skimming

Answer 21

Cloning, also known as skimming, refers to the copying of credit or debit card information using software or an electronic device, in order to gain unauthorized access to your account.

Question 22

Supply Chain Attacks

Answer 22

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry or government sector.

Question 23

Keyloggers

Answer 23

A keylogger is an insidious form of spyware. Keyloggers are activity-monitoring software programs that give hackers access to your personal data.

Question 24

Hashcat

Answer 24

Allows you to crack passwords via gpu.

Question 25

Rainbow Table Attack

Answer 25

A rainbow table is a precomputed table for caching the output of cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a key derivation function up to a certain length consisting of a limited set of characters.

Question 26

Privilege Escalation

Answer 26

Privilege escalation is a type of network attack used to obtain unauthorized access to systems within the security perimeter, or sensitive systems, of an organization.

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

Question 27

SSL Stripping

Answer 27

SSL Stripping or an SSL Downgrade Attack is an attack used to circumvent the security enforced by SSL certificates on HTTPS-enabled websites. In other words, SSL stripping is a technique that downgrades your connection from secure HTTPS to insecure HTTP and exposes you to eavesdropping and data manipulation.

Question 28

Pass the Hash

Answer 28

PtH attacks exploit the authentication protocol, as the passwords hash remains static for every session until the password is rotated. When a user logs onto a Windows workstation or server, they essentially leave behind their password credentials.

A pass the hash attack is an exploit in which an attacker steals a hashed user credential and, without cracking it, reuses it to trick an authentication system into creating a new authenticated session on the same network.

Question 29

Vertical Privilege Escalation

Answer 29

Vertical privilege escalation, also known as privilege elevation, where a lower privilege user or application accesses functions or content reserved for higher privilege users or applications (e.g. Internet Banking users can access site administrative functions or the password for a smartphone can be bypassed).

Question 30

Horizontal Privilege Escalation

Answer 30

Horizontal privilege escalation, where a normal user accesses functions or content reserved for other normal users (e.g. Internet Banking User A accesses the Internet bank account of User B).

Question 31

HSTS

Answer 31

https strict transport security

Question 32

Cross-site Scripting XSS

Answer 32

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

Cross-site scripting is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

Question 33

Injections

Answer 33

Injection attacks refer to a broad class of attack vectors. In an injection attack, an attacker supplies untrusted input to a program. This input gets processed by an interpreter as part of a command or query. The primary reason for injection vulnerabilities is usually insufficient user input validation.

Question 34

DLL Injection Attack

Answer 34

DLL injection is used to manipulate the execution of a running process. Most DLL injection attacks are performed to do reverse engineering attacks. As the name suggests, “DLL injection” primarily tricks an application to call a malicious DLL file which then gets executed as part of the target process.

Question 35

LDAP Injection Attack

lightweight directory access protocol

Answer 35

LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy.

Question 36

XML Injection Attack

Answer 36

XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intend logic of the application.

Question 37

Input Validation

Answer 37

Input validation, also known as data validation, is the proper testing of any input supplied by a user or application. Input validation prevents improperly formed data from entering an information system.

Question 38

Pointer Dereference

Answer 38

The program can potentially dereference a null pointer, thereby raising a NullPointerException. Null pointer errors are usually the result of one or more programmer assumptions being violated. A null-pointer dereference takes place when a pointer with a value of NULL is used as though it pointed to a valid memory area. Uses an asterix.

Question 39

Directory Transversal

Answer 39

A directory traversal attack exploits insufficient security validation or sanitization of user-supplied file names, such that characters representing “traverse to parent directory” are passed through to the operating system’s file system API.

Question 40

Buffer Overflows

Answer 40

Attackers exploit buffer overflow issues by overwriting the memory of an application. This changes the execution path of the program, triggering a response that damages files or exposes private information.

Question 41

Race Conditions: TOCTOU

Time of Check, Time of Use

Answer 41

In software development, time-of-check to time-of-use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by a race condition involving the checking of the state of a part of a system (such as a security credential) and the use of the results of that check.

Question 42

Error Handling

Answer 42

Improper error handling results when security mechanisms fail to deny access until it’s specifically granted. This may occur as a result of a mismatch in policy and coding practice. It may also result from code that lacks appropriate error handling logic.

Question 43

Improper Input Handling

Answer 43

Improper Input Handling is the term used to describe functions such as validation, sanitization, filtering, or encoding and/or decoding of input data. Improper Input Handling is a leading cause of critical vulnerabilities that exist in today’s systems and applications.

Question 44

Replay Attacks

Answer 44

A replay attack is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a spoofing attack by IP packet substitution. MITM attack. Stealing session information and reusing it. Can you session tokens to defeat this.

Question 45

Request Forgeries
Cross-site request forgery - CSRF
Session Riding

Answer 45

Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are submitted from a user that the web application trusts.

Question 46

API Attacks:

API is the acronym for Application Programming Interface, which is a software intermediary that allows two applications to talk to each other.

Answer 46

An API attack is hostile usage, or attempted hostile usage, of an API. APIs essentially act as a software intermediary that allows systems and applications to communicate with each other in simple, programmatic ways.

The most prevalent are login attacks. Similar to providing login credentials to access a secure website, APIs also have an authentication process. API management systems may reject invalid login attempts, but they usually don’t have adequate mechanisms to stop clients from continuously trying new combinations in an automated fashion, also known as credential stuffing. To remain undetected in these attempts, hackers keep request rates below rate limits and periodically change IP addresses to make detection difficult.

Question 47

Server Side Request Forgery: SSRF

Answer 47

Server Side Request Forgery (SSRF) is a type of attack that can be carried out to compromise a server. The exploitation of a SSRF vulnerability enables attackers to send requests made by the web application, often targeting internal systems behind a firewall.

Counter by input validation.

Question 48

Driver Manipulation:

Shimming, Refactoring

Answer 48

Device drivers allow an operating system such as Windows to talk to hardware devices such as printers. Sophisticated attackers may dive deep into the device drivers and manipulate them so that they undermine security on your computer.

Question 49

Integer Overflow

Answer 49

An integer overflow occurs when you attempt to store inside an integer variable a value that is larger than the maximum value the variable can hold. In practice, this usually translates to a wrap of the value if an unsigned integer was used and a change of the sign and value if a signed integer was used.

Question 50

Resource Exhaustion

Answer 50

Resource exhaustion attacks are computer security exploits that crash, hang, or otherwise interfere with the targeted program or system.

Question 51

Memory Leak

Answer 51

Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a low memory condition.