malware Flashcards
What is malware?
this a blanket term that stands for certain types of attacks or threats to a network
What is a virus?
This is a attack that needs to attach to a host app and is activated by the host.
What is a Marco virus?
It is a subset of a application like excel that gets imbedded with a virus or malware.
What is a boot sector virus?
A virus that gets attached to the boot sector of harddrive that communicates with the hardware of your computer
what are attachment viruses?
An attachment in a email that is part of a phishing scam
What is a file infector?
It will typically get in a game or file on your computer and infect it so when the file is opened then virus is executed
What are polymorphic virus?
can change it look or signature so it can move around in the system unfound
What is a network virus/
This is a network virus that uses network devices and move through communications
What is a worm?
It is self-sufficient, self replicating and goes to take up all your computers resources and causes crashes
What is file-less malware?
It is stealthy because it runs in the memory and is not stored usually downloaded from a phishing email
What is a root-kit virus?
This is a virus that goes for privileged accuses and escalating their rights, they are hard to find due to low-level access that get in with the hardware
What is a key-loggers?
It is a byproduct of malware, it captures all your keyboard inputs and sends it back to the hacker. This can be a physical attack like a USB
What is a backdoor?
It is like a Trojan and is software-based malware and can be part of applications made by the developers or a disgruntled employee
What is a logic bomb?
It sits dormant until a certain time, date, or action or inaction occurs then executes and infects your computer
What is ransomware?
a form of malware that infects your network and encrypt files then holds them for ransom until it is paid and then will give a decryption key that often doesn’t work
what is a bot?
a collection of exploited devices, infected by a trojan and RATs (remote access trojan) help construct and communication network used in command and control or C2
What is a trojan?
It looks benign and delivers malware it paves the way for RATs, keloggers and orther viruses, usually download of a program
What is a Pups?
It is unwanted software that gets downloaded with other software and not know about
What is a password attack?
a attack against authentication systems that are automated to crack the password of a the user
What is brute force attack?
This is a guessing attack by trying every possible combination until the system unlocked, can be a very long process
What is a dictionary attack?
It is a brute force attack type using a database of common passwords to get into the system
What is a rainbow table attack
this is a brute force attack that uses configured chains of passwords or hashes and the chains are stored in tables that can be up TB in size, and reduce how long the process attack
What is password spraying?
This attack takes a single password and tries it against a whole user database. That usually will work using common passwords
What is system resource?
CPU, memory, storage, network communication
Affects on resources and memory during a attack?
It will attack resources to exhaustion and let out memory leaks which is when a application is online and it keeps consuming your memory.
What is a DLL injection attack?
a sophisticated attack and a modification of a driver functionality it exploits a legitmate process
What are the driver manipulation types?
- Shimming: a small libraries that performs some kind of action that helps legacy devices continue to work on the network, it enables backwards compatibility. This can be exploited
- refactoring: these modify internal code and the behavior may not change and usually is a design improvement of the application. This can be exploited
What does a driver do?
It takes the high level programming language and changes it so that hardware can understand,examples: windows kernal or linux kernal
What is a race condition?
When a process is run and the output of that process is used for process 2, but the 2nd process doesn’t wait for the results of the 1st process or both processes run at the same
What is TOC/TOU?
This usually happens when something has shared resource, when user 1 and user 2 try to access something while another user, user 3 is already using this resource but will get booted off that project. TOC = Time of check, TOU = time of use
Pointer/object de-reference attacks
are common in some programming languages, and inject in de-referenced network communication container within a packet. to allow access to memory or execute code or denial of service attacks
What is a interger overflow?
When the memory location for a binary value is bigger than the actual size of the process like 8 to 9 bits that xtra bit can have code injected into it
What is cross-site scripting?
It a type of attack that injects malicious script into a web browser.
What is a reflected XSS attack?
A user interacts with a web browser, from a interaction through a malicious link in a email. inside the url the hacker injects code that performs a action to steal information, Example session token attack. More common because less complex
What is a stored XSS attack?
This happens when a hacker injects a malicious script into a comment section of a web browser page, the script gets stored and a user then goes to that site and the script get executed and downloaded on the user computer. The difference is this is stored
What is a DOM based XSS attack?
More advanced XSS attack there’s of processing of untrusted data which writes to the DOM. This is a client-side attack
What are the Request forgery types?
Client side request forgery - A user visits a websites logs in to the webserver, the user clicks on a link in a email with malicious script that does a forged request for a funds transfer through a web request
Server-side request forgery - a hacker sends a http request through a web application which is sent to the web server and sense that server has access to back-end database it then gets into the back-end server due to the lower security within a LAN network
What is a replay attack?
its a re-transmission of data, a hacker doing packet sniffing and captures the user login and re-transmits that access request and then gaining access to the resource server
What is a pass the hash attack?
When the user logins to a webs server he sends his hashed password, the hacker gets that from packet sniffing and then re transmit that hashed password to gain access to the system.
Ways to protect against replay attacks?
A time-stamp is given for each web request and that time-stamp can be tracked and analyzed by the protocols like TCP and if timing is off that packet is thrown out
What is a DNS
It is a domain name server, it takes the website name or domain name in a web request and changes it to a IP address for that site
What is the DNS process?
A user types a website and this goes to the DNS cache that is stored if it is not there then it goes to the DNS server then to its DNS cache, that it was given to by the root DNS server.
What is DNS poisoning?
The hacker sends a http request answer to a DNS server and that gets stored in the servers DNS cache, now that hackers domain site will be given to users and then the user gets information stolen or infected
What is DNS hi-jacking?
The attacker manipulates the TCP/IP properties of the network adapter, and mainpulated the DNS server the user usually connects to and replaces it with a malicious DNS with malicious web server
What is domain hi-jacking?
the hacker does dns lookup and goes to website. the hacker gets the owner of a domain registar information from possibly a phishing attack, and changes the domain registar to their site or duplicates the site with a malicious one