LP - Threat Actors & Vectors Flashcards
MaaS stands for
Malware as a Service
APT stands for
Advanced persistent threats
What is the phishing variant whaling?
It is a spear phishing attack against high-level and highly privileged employees
What is the phishing variant smishing?
It uses various text messing formats to communicate
What is the phishing variant vishing?
It uses VoIP or phone as the hoax vector
XSS Variant DOM (document object model) -based is also called
local XSS or type 0
XSS DOM-base involve insecurely written
HTML pages or the end users system or local gadets and widgets
What are Shellcode?
A small stub of code used as a payload
DLL stands for
Dynamic link library
What is a DLL?
a shared library of functions that multiple programs can access
What is a process?
It is an instance of a program being executed
What is a thread?
It is a small sequence of instructions or a component of a process
What does a VirtualAllocEx do?
It reserves or changes a region of memory
Shellcode injects malicious code into a running
application of powershell
What is process hollowing?
It starts a legitimate process whose sole purpose is to be a container for malicious code.
What is a Reflective DLL injection?
contents of a rogue DLL are injected into memory.
Reflected XSS is also called
Non-persistent or type 1
Reflected XSS is a input
trust vulnerability, it is when the the attacker sends something the developer did not expect
Stored XSS is also called
Persistent or Type 2
In stores XSS the web server persists with the
input
CSRF/XSRF stands for
Cross-site request forgery
CSRF attacks force an end user to
perform undesirable actions in a web application in which they are authenticated
RCE stands for
remote code execution
RCE allows for some firmware to be
remotely reprogrammed
