Part-3 Flashcards
XOR operation
This is a technique used in obfuscation
Exclusive or
It is the smaller part of the larger block encryption
When are XOR operations commonly used?
They are commonly used to obfuscate malicious code.
XOR are used by knowledgeable malware authors to hide their malware from detection because why?
XOR operations are quick, simple, and require a little processing overhead
Security through obscurity
The practice of attempting to hide the existence of vulnerability is from others.
Cryptographic modules
Any software or hardware solution that implements one or more cryptographic concepts.
CSP
Cryptographic service provider
Windows software library that implements Microsoft crypto API. Developers can design their applications to call a CSP so that it can perform one or more cryptographic services for the application.
PKI
Public key infrastructure
A system that is composed of certificate authorities, certificates, software’s, services, and other cryptographic components, for the purpose of enabling authenticity and validation of data and entities.
PKI components
Digital certificate,
(OID) object identifier, (CA)certificate authority, (RA)registration authority,
(CSR) certificate signing request
Digital certificate
These are the most fundamental components of a PKI. The certificate validates that just a certificate holders identity Through a digital signature and is also a way to distribute the holders public key
OID
Object identifier
The identity Information included in his certificate is provided through OID’s
CA
Certificate Authority
A CA is a server that issues digital certificates and maintains the associated private/public key pair.
RA
Registration Authority
This server is responsible for verifying users and device identities and approving or denying request for digital certificates.
Some larger CA’s might have local registration authorities LRA’s
CSR
Certificate signing request
This is a message sent to ACA in which a resource applies for a certificate.
CA hierarchy or trust model
This is a single CA or group of CPAs that work together to issue digital certificates. Every CA in the hierarchy as a parent child relationship with the CA directly above it.
Chain of trust
When are use your device or other entity is present of a certificate, it validates the certificate through this which is also called certificate training
Certificate pinning
This is a method of trusting certificates and a more direct way that I typical see a hierarchy. This planning effectively bypasses the CA hierarchy and channel trust in order to minimize the man in the middle attack .
Root CA
This is the top most CA in the hierarchy and the most trusted authority
The route CA must be secured because if it is compromised all other certificates become invalid.
Private route CA
This is created by a company for use primarily with in the company itself. It can be set up and configured in house or contracted to a third-party vendor.
Public route CA
This is created by third-party or commercial vendor for general access by the public.
Symantec is a well-known provider a public certificate services
Subordinate CAs
Is there any CAs below the route in the hierarchy. Subordinate CA’s issue certificates and provide day-to-day management of the certificates, including renewal, suspension, and revocation.
Types of certificates
Self-signed, route, user, computer, email, code signing, (SAN) subject alternative name, wild card, (DV) domain validation, (EV)extended validation
Self signed certificate
This requires the client to trust the entity directly
SAN
Subject alternative name
An organization that owns multiple domains may want to combine those domains into a single SSL/TLS certificate.
Wild card
The certificate is similar to SAN certificate, but instead of enabling the use of multiple domains, it enables the certificate to apply to multiple subdomains.