Malware, Hacker Exploits, and Encryption Flashcards
What is Malware (Malicious Code)?
software or code deliberately written and released for the purpose of causing unwanted actions
What can malware do?
Can be destructive, create back doors on a network, locate and steal sensitive info, etc.
What are the two most common ways to get Malware?
Email Attachments
Web Links in emails, instant message, facebook, etc.
What does a Virus do?
Replicates by attaching to a program of file, spread by humans
Spreads from Computer to Computer through user action (downloading, copying, running file)
Passed through emails, disks, peer to peer, visiting infected websites
What does a Worm do?
Replicates and contains a payload like a virus
Can spread over a network without any user action
Difference between a worm and virus?
Difference is a worm is self reliant and does not need to attach itself to a program
What is a Trojan Horse?
Malicious software that is disguised as legitimate (tricks users into opening or running it)
What is social engineering?
non-technical, human deception to further goals or aims to get access to a system that they aren’t authorized to access.
What is a “Key Logger”?
devices that capture every key typed by the victim including space, back space, return, etc.
Are Key Stroke Loggers hardware or software?
They can be both, but usually they are software
Where are key stroke loggers most common?
public computers
What are “Script Kiddies”?
Derogatory slang word that refers to beginner hackers who go to websites and copy the code instead of creating it themselves
What are Zero Day Exploits?
Initial periods of time from where the hacker tool or exploit is released, until the security team comes up with a counter measure
What is “Google Hacking”?
Using google or any other search engine to further your hacking activity
What is Port Scanning?
Scanning your targets ports to see which ones are open
What is Port Sweeping?
Interested in one port, usually for a specific target and see if that port is open and if target is using that port
Info Gathering:
What is Operation System and Resource Discovery?
Find out what hardware and software your target is using so the hacker can find exploits in these items
Info Gathering:
What is “Escalation of Privilege” in the steps of Attack Methodology?
Looking for higher levels of power accounts that allow you access to more things or access more information
ultimately an attacker will want “Administrator” or “Root” access
Info Gathering:
What is “Housekeeping” in the steps of Attack Methodology?
Attempting to erase signs that they were ever in the system (Using root kits, log deletion or alteration)
Password Cracking:
What is a Dictionary Attack?
tries every word in a predetermined dictionary
Password Cracking:
What is Brute Force Attack?
tries every combination of letter, #’s, and characters on the keyboard (a, aa, aaa, ab, aab, etc)
Password Cracking:
What is a Popular Password Attack?
choosing a Geographical area and picking a word that you think a lot of people would use as a password and run it (ex. DC area using “Redskins” as a password)
What are “Exploits”?
Tools or techniques that take advantage of flaws (vulnerabilities) in software or hardware, or poor network design/security
What are “Input Validation Attacks”?
Class of hacking tool/technique where a user enters data into software/environment/website to see what might happen
occurs when software or system is not properly checking input from the outside world
Most common is SQL
What is a “Structured Query Language (SQL) Injection Attack”?
normally run against servers or ecommerce sites
Injecting or using the hackers own SQL language on the website to see if it will access information in that websites database
Hackers put this language into any of the open field (username, password, search, etc)
What can SQL Injection Attacks do to a system?
Allow an attacker to completely compromise the database system
Create, read, update, and/or delete any arbitrary data available to the application
Obtain customer records/info; e-shoplift, change account setting and balances
What is SQL language?
a language that speaks to and interacts with databases
definition of input validation attack:
hacker tries to run commands of their own against a software or system to see what happens
What are Denial of Service Attacks?
an attack that denies the service of the computer system or network to its users
Not usually for financial gain
(ex. Overloading Amazon.com)
What are Zombie Networks or Botnets?
An army of computers that are hacked or infected with Denial of Service related malware that are under the control of the attacker
Infected computers are commanded to flood the victim network either using an IP address or domain name
What is a “Syn Flood”?
Computes flood the website with data packet info requests but never do the final step of the acknowledgement that websites would send before sending the packets
What is Phishing? Spear Phishing?
Use of spoofed emails and fraudulent websites designed to fool recipients into divulging personal financial information/data (ie. a link that brings the user to a fake website
spear phishing - selectively targeting people you think/know are associated with that financial institution (Phishing with Social Engineering)
What is Pharming?
the act of forcing the victim to visit an attackers website when the victim is trying to access a legitimate site
attacker infects victim with malware that tells the DNS to go to the fake site not the legit site
What is a DNS Re-Direction Attack?
Redirecting the DNS server that the computer looks to when going to a website, making them go to the DNS server that you set up
This involves the use of an “Evil DNS Server”
What investigative issues can you run into with these attacks?
Hacked website is in a foreign country
Hacked site is not logging IP addresses
IP leads to Proxy Server or Anonymizer
Subject is using a hacked or free WiFi connection