Information Security Attacks Flashcards
Describe the following classification of attacks:
a) Passive
b) Active
c) Close-In
d) Insider
e) Distribution
a) Intercept and monitor traffic but do not tamper with the data.
b) Tamper with the data while in transmission.
c) Performed when attacker is in close proximity of the target.
d) Using privileged access to intentionally cause harm to an organization.
e) When attackers tamper with hardware/software prior to installation.
What is hacking?
Exploiting system vulnerabilities to gain unauthorized acces to a systems resource.
Describe the following steps in EC-Councils Hacking Methodology:
a) Footprinting and Reconnaissance
b) Scanning
c) Gaining Access
d) Maintaining Access
e) Clearing Tracks
a) Preparatory phase where the attacker gathers information about a target prior to ana attack.
b) When the attacker scans the network to gather informated about the hosts, ports, services, OS details and device types.
c) When the attacker obtains access to the OS or applications on the target computer or network.
d) When the attacker tries to retain persistent ownership of the system.
e) When the attacker hides their malicious attacks.
Describe these steps of the Cyber Kills Chain:
a) Reconnaissance
b) Weaponization
c) Delivery
d) Exploitation
e) Installation
f) C & C
g) Actions on Objectives
a) Gather info on target
b) Create the malicious payload
c) Send the payload via email, USB, etc.
d) Exploit the vulnerability of target system
e) Instal malware on target system
f) Creates a channel to communicate with attacker to pass data back and forth.
g) Perform actions to achieve intended objectives/goals.
Describe the following:
a) Tactics
b) Techniques
c) Procedures
a) Describe the way an attacker performs the attack.
b) Are the technical methods used by an attacker.
c) Is the step-by-step process attackers use to launch an attack.
MITRE Attack Framework
a) Recon
b) Weaponize
c) Deliver
d) Exploit
e) Control
f) Execute
g) Maintain
What is the Diamond Model of Instrusion and its components?
It is a framework that provides a structured way to organize information about an attack. Its components are:
a) Adversary - who was behind the attack
b) Victim - where the attack was peformed
c) Capability - how the attack was performed
d) Infrastructure - What the adversary used to reach the victim.
What is Packet SNiffing?
The process of monitoring and capturing data packets passing through a given network.
What is a Man-in-the-middle (MITM) attack?
Is used to intrude on an existing connection to intercept the messages being exchanged.
What is DNS Poisoning?
Is the unauthorized manipulation of IP addresses in the DNS cache. Corrupted entries can lead user to a malicious website.
What is Domain Hijacking?
When domain ownership is changed to the attacker’s server witht their consent of the owner.
What is ARP Spoofing/Poisoning?
Involves sending a large number of forged or manipulated entries to the ARP cache.
What is a DHCP Starvation Attack?
Is the process of sending fake DHCP requests to use up all the available IP address within a network.
What is MAC Spoofing?
When an attacker uses a legitimate users MAC addres to receive all the traffic destined for the user.
What is DHCP Spoofing?
The process of setting up a rogue DHCP server to assign bogus IP address to hosts.
What is Switch Port Stealing?
Is an attack that exploits the dynamic MAC address table of a switch, allowing an attacker to intercept network traffic by repeatedly stealing the association between a port and a device’s MAC address.
What is MAC flooding?
Involves flooding the CAM table of a switch with fake MAC and IP address pairs until the table is full.
What is IP Spoofing?
Changing the source IP address so it appears the traffic is coming from somewhere else.
What is DoS?
Is an attack that prevents/reduces/restricts accessibility of a systems resources.
What is DDoS?
Uses a multitude of compromised systems (Botnet) to attack a single attack, to cause a DoS.
What is DRDoS?
Involves using layers of intermediary hosts to reflect the attack traffic to the target.
What are APTs?
Advanced Persistent Threats; where an attacker gains unauthorized access to a system for a long period of time.
Describe the following:
a) SQL Injections
b) Command Injections
c) LDAP injections
a) Injecting malicious SQL queries in to user input forms.
b) Injecting malicious code through a web app.
c) Injecting malicious LDAP statements.
What is XSS?
When attackers inject malicious client-side scripts into web pages.