Part 7, Dangerous data / data on your computer Flashcards
these can be configured within disk optimization on windows
where can
TRIM setting
be configured on windows
this part of the accronym stands for
integrity
from a security perspective this means that data should remain unchanged unless intended people are editing it
describe the
I
of the acronym CIA
this is some danger that can exploit a vulnerability
describe what a
threat
is
what will be inside a flash memory cell if it is interpreted as the following
1. read as 1
2. read as 0
within a flash memory cell what will each of these charges be interpreted as
1. filled with electrons (negative charge)
2. filled with no electrons
what is a
live system image
this is the process of taking an image of ram while it is running
what are some settings a
registry hive
may hold
some settings these might hold are:
- Desktop settings
- Printers
- Network settings
- Environmental settings
describe what a
zero day
is
this is a vulnerability that is unknown to software developers and security companies.
notes
- These types of vulnerabilities are sold on the black market and when used are known as a zero day attack.
- The purchase price for one of these can be worth hundreds of thousands when speaking about a major OS or browser
- On average when one of these becomes known to the the developers it can take on average 300 days to fix the vulnerability
to produce a hash from a given input this will use a combination of:
- constants
- AND, OR, NOT logic operators
- modulus operator with large prime numbers to produce smaller numbers from large numbers
what will a
hash algorithm
use in order to produce a hash from a given input
this is the heart of the virus and contains the viruses destructive code such as corrupting or collecting data or creating back doors
describe the
payload
of a virus
how does a
peer-to-peer botnet
maintain resillience
this maintains resillience by having each zombie only knowing the address of a few other zombies
destroying a commander or server does not cripple the entire botnet since only the botnets in its address range will be affected and any other zombie can pick up the role of the disabled commander or server
what
data might you typically find in ram
held in here you may find
- Instructions and data that will be needed by the processor
- The operating system
- Information about running programs and processes
- Networks a computer is connected to
- Decrypted passwords and files as well as the keys that decrypted them
- Registry hives
give two examples of a
vulnerability
some examples of this include
- allowing employees to insert any usb into network attached computers
- having out of date operating system or antivirus
give two examples of a
threat
some examples of this are
- zero-day attacks
- employees wishing to cause harm
name two technical factors that
malware
could use to gain entry to a computer
technical factors that this could exploit to gain entry to a computer could be
- using known weaknesses (exploits) in either software or hardware
- using a zero-day
with this the malware will rewrite its own code without effecting its functionality. therefore the data created will have a new signature
what is
metamorphic malware
to fully acheive this
- encryption should be used when data is being sent from client to server
- hashing should be used to store all data.
- Further encryption may be used to hide the hash
when
protecting passwords
describe where the following should be used
- encryption
- hashing
this is One way SSDs mitigate wear and involves not repeatedly using the same area of the drive but instead spread out new writes across the drive
what is
wear levelling
this accronym stands for
1. confidentiality
2. integrity
3. availability
what does the accronym
CIA
stand for
this is a software or an option within software that can ensure that a disk image is read only. Ensuring that the disk image remains unchanged even if it is mounted and navigated
what is a
write blocker
these are mainly concerned with spreading itself across networks. and may lie dormant until a command is received to do something
how do
botnets
operate
this type of attack involves iterating over a dictionary to see if you can get a password match
describe what a
dictionary attack
is
describe
adware
Forces users to view advertising and may report their internet use to advertisers or its creators.
what are
heuristics
used by antivirus programmes
these are rules used to identify malware and relies on using previous knowledge about how malware operates
what is a
write blocker
this is a software or an option within software that can ensure that a disk image is read only. Ensuring that the disk image remains unchanged even if it is mounted and navigated
when this is performed:
- file is sent to the recycle bin and renamed so it begins with $R
- an additional file known as the $I file is created in a hidden location and will hold the metadata from the $R file
(NOTE: the $I file allows recovery of the original file)
what happens when you perform a
soft delete
on windows
some settings these might hold are:
- Desktop settings
- Printers
- Network settings
- Environmental settings
what are some settings a
registry hive
may hold
this is the term used when two different files produce the same hash and so hashing algorithms are created in a way that reduces this to a near zero likelihood
what is a
hash collision
this stands for
Programmable logic controller
what does the accronym
PLC
stand for
what are three drawbacks of using
signatures
to detect malware
some drawbacks of using these is that
- an antivirus can only detect malware if it holds one of these for that particular malware
- authors of malware frequently update their malware creating a variant and producing the same problem as the above
- sophisticated malware is built to be polymorphic or metamorphic
describe the term
Information assets
this is s a term used by cybersecurity professionals which describes information such as names, addresses and passports.
Individuals also posses this in the form of personal photos e.t.c
these may be found and used within
- electrical generation and distribution
- Water and sewage pumps
- Car engines
name three places you may find a
Programmable logic controller (PLC)
describe a
client-server botnet
These are an older type of botnet and is made up of zombies which all speak to a command and control server.
this is the process of creating a disk image from a hard drive that has been removed from a computer
(often carried out for forensic investigation)
what is
dead system imaging
some examples of this are
- zero-day attacks
- employees wishing to cause harm
give two examples of a
threat
give three examples of a
countermeasure
three examples of this are
1. installing and updating antivirus software
2. configuring a network with security in mind
3. seperation of duties
within a peer-to-peer botnet describe the
server zombie
this will be a zombie in charge of managing sections of the botnet such as zombies within a companies intranet
what is the
signature
that antivirus programmes use to detect malware
this is data created by the malware which can be detected within memory or inside a file
- Every different piece of plaintext produces a unique hash
(The benefit of this is that you cannot find resemblance between two pieces of plain text)
- Every hash produced will be the same length
(the benefit of this is you cannot know the length of the original plaintext)
- From a hash its almost impossible to find the original plaintext
(this makes it great to store passwords in this form since their is no easy way to find the original plaintext)
give three main points about
hashing
Forces users to view advertising and may report their internet use to advertisers or its creators.
describe
adware
describe and give an example of
identification
this is the process of claiming you are a particular individual
(example: when you give your name at the airport)
to perform this human factors/traits that are exploited could be
- Curiosity
- Greed
- Helpfulness/politeness
- Friendship
name four
human traits/factors that are exploited during a social engineering attack
this is software that allows you to read data on a binary level
what is a
hex editor
this is an exact copy (bit for bit) of a storage device. It will typically be stored as a compressed file
what is a
disk image
These can be accessed and seen as the first folders within the registry editor.
These in turn hold registry keys which hold more registry keys or a registry value
where can
registry hives
be viewed via the GUI
describe what
Advanced persistent threats (APTs)
are
this is a combination of attacks used that leave organisations exposed for prolonged periods of time
where can
registry hives
be viewed via the GUI
These can be accessed and seen as the first folders within the registry editor.
These in turn hold registry keys which hold more registry keys or a registry value
these are a self replicating program just like viruses however they do not rely on human interaction to spread themselves across networks and computers they can copy and transport themselves instead
(note: Worms are the most common type of malware currently in use)
describe what a
worm
is
what are the two methods in which
malware
can gain access to a computer
this can gain entry to a computer by exploiting either
- human factors
- technical factors
the fact these have no moving parts is their main benefit
the benefits of this are:
- less likely to encounter physical damage to internal components
- all data is loaded with equal performance
- battery power is saved
- file fragmentation is no longer an issue since all data is loaded with equal performance
what is the main benefit of
Solid State Drives (SSDs)
and what are four benefits that come of this
in real life and on the internet these three steps allow you to be
identified as an individual and given the access you are permitted to have
what does
Identification, authentication and authorization
allow as a whole
what are the two
main types of botnet
these have two main types being
- client-server
- peer-to-peer
this is the act of finding and recovering a file by using the magic number associated with that file type.
Since the magic number is usually in the header with the file length it is possible for the software to recover all of the deleted data, assuming it had not been overwritten in any way or been highly fragmented
describe
File carving / data carving
describe in three points a
peer-to-peer botnet
a description of this is that
- This is a more modern approach to creating a botnet
- does not rely on a single command and control server
- each zombie knows the address of a few other zombies and any zombie can take on different roles
what is
ata secure erase
this is a protocol and command built into the firmware of most SSDs.
When used it will reset an entire SSD by sending a spike of voltage to all memory cells and in turn removing all data from the SSD
this is typically performed on a list of stolen passwords
how is a
dictioanry attack
usually carried out
how were
Programmable logic controllers (PLCs)
born
these were born out of the need to quickly recalibrate or set-up new assembly lines
before these assembly lines could take months to setup for new parts or models
with the birth of these it became days
within a
virus
what are the three main programming concepts that you will find
this will contain
- an infection mechanism
- a trigger
- a payload
this will be a zombie that receives commands from the botnet operator and then issues them across the botnet
describe the
commander
within a peer-to-peer botnet
this is s a term used by cybersecurity professionals which describes information such as names, addresses and passports.
Individuals also posses this in the form of personal photos e.t.c
describe the term
Information assets
describe the
A
of the acronym CIA
this part of the accronym stands for
availability
this means that data should be available to read and edit whenever desired by intended people
what happens when you perform a
soft delete
on windows
when this is performed:
- file is sent to the recycle bin and renamed so it begins with $R
- an additional file known as the $I file is created in a hidden location and will hold the metadata from the $R file
(NOTE: the $I file allows recovery of the original file)
give five uses of a
botnet
this may be used to
- send spam email
- click on advertisements (click fraud)
- attempt to decrypt passwords (Brute-force decryption)
- bitcoin mining
- denial of service attack
this is the process of proving your identification
(example: when you show your passport at the airport)
describe and give an example of
authentication
how do
client-server botnets
typically communicate with their servers
these typically communicate with their servers using
internet relay chat which was originally designed for instant messaging
these were born out of the need to quickly recalibrate or set-up new assembly lines
before these assembly lines could take months to setup for new parts or models
with the birth of these it became days
how were
Programmable logic controllers (PLCs)
born
describe what a
dictionary attack
is
this type of attack involves iterating over a dictionary to see if you can get a password match
what is a
registry hive
for every new user that logs on to a machine a new registry hive is created
the registry hive is a collection of low to high level settings and describes a users profile.
what is a
hex editor
this is software that allows you to read data on a binary level
- Pc is infected with worm
- It will then scan all ports of the system and ports of other systems to see if there is any open and any that are vulnerable to attack such as not being patched for a known bug
- Once a port is found that is vulnerable it will scan the destination pc to see what operating system and apps it has installed to see if it is suitable for infection
- once a successful scan has been run it sends a copy of itself across that port to the destination pc
describe in four steps
how a worm spreads itslef
when this is performed:
- all references including the $I if applicable are deleted
(NOTE: only references to the original file are deleted meaning that the data still exists although the operating system has no access to it)
what happens when you perform a
hard delete
this will contain
- an infection mechanism
- a trigger
- a payload
within a
virus
what are the three main programming concepts that you will find
how is a cell within flash memory given a charge
to hold a charge this will have an electric voltage applied to the top of it. this causes negative electrons to be attracted to it giving it a negative charge.
since it is insulated the charge is maintained even when there is no power
what is
polymorphic malware
with this the malware uses an encryption key in order to scramble its data and therefore creating a variety of signatures
describe and give an example of
authentication
this is the process of proving your identification
(example: when you show your passport at the airport)
what is
stuxnet
this was a virus discovered in the summer of 2010 and was the first of its kind in the sense that instead of targeting a huge number of publicly owned computers it was specifically designed to attack and control siemens PLCs
a description of this is that
- This is a more modern approach to creating a botnet
- does not rely on a single command and control server
- each zombie knows the address of a few other zombies and any zombie can take on different roles
describe in three points a
peer-to-peer botnet
these typically communicate with their servers using
internet relay chat which was originally designed for instant messaging
how do
client-server botnets
typically communicate with their servers
this is a technique used to bring down an entire peer-to-peer botnet.
it involves editing the address list of all the zombies so that they all speak to a server known as a sinkhole computer which is owned by the parties attacking the botnet. Since all zombies then only speak to the sinkhole the botnet is left effectivelly useless
(note: these can also be used in the collection of information about the owners of the botnet)
when speaking about peer-to-peer botnets describe what a
sinkhole
is
this is a combination of attacks used that leave organisations exposed for prolonged periods of time
describe what
Advanced persistent threats (APTs)
are
these have two main types being
- client-server
- peer-to-peer
what are the two
main types of botnet
describe and give an example of
authorization
this follows the process of identification and authentication and provides access
(example: the guard allowing entry to a country once they are satisfied with your identification and authentication)
this may be used to
- send spam email
- click on advertisements (click fraud)
- attempt to decrypt passwords (Brute-force decryption)
- bitcoin mining
- denial of service attack
give five uses of a
botnet
describe the steganography technique known as
Least significant bit (LSB)
this is a simple yet effective method of implementing Steganography.
It works by having a message you want to hide already in bits and then for each pixel change either the last or last two bits so that they match your hidden message.
To retrieve the message one would simply have to gather the least significant bits used to hide the message and use them to reconstruct the hidden message
what does the accronym
CIA
describe
This is an acronym to describe the guiding principles behind information security
this part of the accroynym stands for
Confidentiality
from a security perspective this means data should only be read by the intended people
describe the
C
of the acronym CIA
this can gain entry to a computer by exploiting either
- human factors
- technical factors
what are the two methods in which
malware
can gain access to a computer
this part of the accronym stands for
availability
this means that data should be available to read and edit whenever desired by intended people
describe the
A
of the acronym CIA
when speaking about peer-to-peer botnets describe what a
sinkhole
is
this is a technique used to bring down an entire peer-to-peer botnet.
it involves editing the address list of all the zombies so that they all speak to a server known as a sinkhole computer which is owned by the parties attacking the botnet. Since all zombies then only speak to the sinkhole the botnet is left effectivelly useless
(note: these can also be used in the collection of information about the owners of the botnet)
name four
human traits/factors that are exploited during a social engineering attack
to perform this human factors/traits that are exploited could be
- Curiosity
- Greed
- Helpfulness/politeness
- Friendship
this is data created by the malware which can be detected within memory or inside a file
what is the
signature
that antivirus programmes use to detect malware
what is a
hash collision
this is the term used when two different files produce the same hash and so hashing algorithms are created in a way that reduces this to a near zero likelihood
this part of the virus is in charge of finding new files, disk space or devices to infect
describe the
infection mechanism
of a virus
is a network of compromised machines known as zombies. A single one of theses may be made up of thousands or millions of zombies.
describe a
botnet
what is
TRIM
this is software used by SSDs and involves removing any unreferenced data and getting it ready to be written to while there is downtime on the drive.
This process speeds up writing since the memory cell does not need to be cleaned before writing since it has already been done
Attempts to access personal information by monitoring keystrokes or patterns of activity.
describe
spyware
describe what a
countermeasure
is
this is some action that protects assets from vulnerabilities and threats
what is the main weakness of
client-server botnets
the main weakness of these comes from having a single command and control server which if cut of disables the botnet entirely
describe the terms
Cybersecurity / information security
these are terms to describe the tools, knowledge and best practices regarding the protection of:
- Computers
- Communication networks
- Programs
- Data
name three places you may find a
Programmable logic controller (PLC)
these may be found and used within
- electrical generation and distribution
- Water and sewage pumps
- Car engines
this is software used by SSDs and involves removing any unreferenced data and getting it ready to be written to while there is downtime on the drive.
This process speeds up writing since the memory cell does not need to be cleaned before writing since it has already been done
what is
TRIM
some drawbacks of using these is that
- an antivirus can only detect malware if it holds one of these for that particular malware
- authors of malware frequently update their malware creating a variant and producing the same problem as the above
- sophisticated malware is built to be polymorphic or metamorphic
what are three drawbacks of using
signatures
to detect malware
what is
wear levelling
this is One way SSDs mitigate wear and involves not repeatedly using the same area of the drive but instead spread out new writes across the drive
with this the malware uses an encryption key in order to scramble its data and therefore creating a variety of signatures
what is
polymorphic malware
what must happen to a
solid state drive (SSD) memory cell
before it is written to
when this is to be written to it must first have its content completely removed
this means that slack space on an SSD will no longer contain old data
this is essentially a computer that runs a set of installed instructions. The instructions may be for example to move a robotic arm
what is a
Programmable logic controller (PLC)
technical factors that this could exploit to gain entry to a computer could be
- using known weaknesses (exploits) in either software or hardware
- using a zero-day
name two technical factors that
malware
could use to gain entry to a computer
one drawback of these is that they rely on previous knowledge about malware any malware using new techniques will go unnoticed by the antivirus
what is one drawback of antivirus programmes using
heuristics
what does
Identification, authentication and authorization
allow as a whole
in real life and on the internet these three steps allow you to be
identified as an individual and given the access you are permitted to have
one advantage these hold is that they are relatively cheaper to buy
what is one advantage
hard disk drives (HDDs)
have over solid state drives (SSDs)
this follows the process of identification and authentication and provides access
(example: the guard allowing entry to a country once they are satisfied with your identification and authentication)
describe and give an example of
authorization
describe a
botnet
is a network of compromised machines known as zombies. A single one of theses may be made up of thousands or millions of zombies.
this is a vulnerability that is unknown to software developers and security companies.
notes
- These types of vulnerabilities are sold on the black market and when used are known as a zero day attack.
- The purchase price for one of these can be worth hundreds of thousands when speaking about a major OS or browser
- On average when one of these becomes known to the the developers it can take on average 300 days to fix the vulnerability
describe what a
zero day
is
what is
Enhanced Metafile (EMF)
this is an image file format that was originally created by microsoft.
One purpose for it is that when a file is printed windows converts the file into an EMF format it is then held in the printers spooler file and in turn RAM
describe what a
trojan
is
this is a virus that is built into an application the application itself will seem legit and performs the advertised task however it will contain a virus. Trojan viruses are not self replicating and rely on human interaction to spread
how do
botnets
operate
these are mainly concerned with spreading itself across networks. and may lie dormant until a command is received to do something
this is the act of hiding data within other data such as an image.
what is
steganogaphy
the reason that hashing passwords alone cannot protect against this attack is because the dictionary used for this attack can also be hashed and so a match can still be found
why can hashing passwords alone not protect against a
dictionary attck
describe what a
threat
is
this is some danger that can exploit a vulnerability
what is a
Programmable logic controller (PLC)
this is essentially a computer that runs a set of installed instructions. The instructions may be for example to move a robotic arm
what is an
image mounter
this is software that is able to read and write to disk images.
Upon mounting a disk image it will appear as a physical disk and can be navigated as normal via the OS you are using
name 5 potential places that words for a
dictionary which will be used for a dictionary attack
could come from
this could contain words from
- The a-z dictionary
- Most used passwords
- Professional terminology such as medical terms
- Literature
- Tv and film
descibe what a
vulnerability
is
this is a point at which there is potential for a breach
the main weakness of these comes from having a single command and control server which if cut of disables the botnet entirely
what is the main weakness of
client-server botnets
this is a semiconductor material surrounded by an insulator and is able to hold a charge even when there is no power
what is a cell within
flash memory
describe the
payload
of a virus
this is the heart of the virus and contains the viruses destructive code such as corrupting or collecting data or creating back doors
this is an isolated environment that mimics an operating system
what is a
sandbox
describe the
I
of the acronym CIA
this part of the accronym stands for
integrity
from a security perspective this means that data should remain unchanged unless intended people are editing it
what is
metamorphic malware
with this the malware will rewrite its own code without effecting its functionality. therefore the data created will have a new signature
for every new user that logs on to a machine a new registry hive is created
the registry hive is a collection of low to high level settings and describes a users profile.
what is a
registry hive
describe the
infection mechanism
of a virus
this part of the virus is in charge of finding new files, disk space or devices to infect
what is one drawback of antivirus programmes using
heuristics
one drawback of these is that they rely on previous knowledge about malware any malware using new techniques will go unnoticed by the antivirus
what is the main benefit of
Solid State Drives (SSDs)
and what are four benefits that come of this
the fact these have no moving parts is their main benefit
the benefits of this are:
- less likely to encounter physical damage to internal components
- all data is loaded with equal performance
- battery power is saved
- file fragmentation is no longer an issue since all data is loaded with equal performance
to hold a charge this will have an electric voltage applied to the top of it. this causes negative electrons to be attracted to it giving it a negative charge.
since it is insulated the charge is maintained even when there is no power
how is a cell within flash memory given a charge
Hidden programs used by attackers to remotely control or access a computer.
describe
rootkits
what is a
disk image
this is an exact copy (bit for bit) of a storage device. It will typically be stored as a compressed file
this maintains resillience by having each zombie only knowing the address of a few other zombies
destroying a commander or server does not cripple the entire botnet since only the botnets in its address range will be affected and any other zombie can pick up the role of the disabled commander or server
how does a
peer-to-peer botnet
maintain resillience
describe the
C
of the acronym CIA
this part of the accroynym stands for
Confidentiality
from a security perspective this means data should only be read by the intended people
this is some action that protects assets from vulnerabilities and threats
describe what a
countermeasure
is
how is a
dictioanry attack
usually carried out
this is typically performed on a list of stolen passwords
when
protecting passwords
describe where the following should be used
- encryption
- hashing
to fully acheive this
- encryption should be used when data is being sent from client to server
- hashing should be used to store all data.
- Further encryption may be used to hide the hash
what are two techniques that antivirus programmes use when working with
heuristics
when using this the antivirus programme may
- decompile a suspected programme and see if it contains instructions such as copying itself or overwriting operating system files
- put the programme within a sandbox and then execute the programme to see what instructions it tries to execute
what is one advantage
hard disk drives (HDDs)
have over solid state drives (SSDs)
one advantage these hold is that they are relatively cheaper to buy
this spreads by relying on human interaction such as a file being shared via a medium such as email
how does a
virus
spread
this is a point at which there is potential for a breach
descibe what a
vulnerability
is
when speaking in terms of file carving what is the
magic number
this is a number that is a kind of signature for a file type.
each file type will produce its own one of these which is usually located inside the header
this is the term used to describe using human factors/nature to defeat the security of a device
describe the term
social engineering
what is a
ram dump
this is the process of viewing or copying the contents of ram
within a flash memory cell what will each of these charges be interpreted as
1. filled with electrons (negative charge)
2. filled with no electrons
what will be inside a flash memory cell if it is interpreted as the following
1. read as 1
2. read as 0
describe in four steps
how a worm spreads itslef
- Pc is infected with worm
- It will then scan all ports of the system and ports of other systems to see if there is any open and any that are vulnerable to attack such as not being patched for a known bug
- Once a port is found that is vulnerable it will scan the destination pc to see what operating system and apps it has installed to see if it is suitable for infection
- once a successful scan has been run it sends a copy of itself across that port to the destination pc
These are an older type of botnet and is made up of zombies which all speak to a command and control server.
describe a
client-server botnet
three examples of this are
1. installing and updating antivirus software
2. configuring a network with security in mind
3. seperation of duties
give three examples of a
countermeasure
describe the
commander
within a peer-to-peer botnet
this will be a zombie that receives commands from the botnet operator and then issues them across the botnet
this is some action that will make the virus deliver its payload such as a date or an execution of a file
describe the
trigger
of a virus
This is an acronym to describe the guiding principles behind information security
what does the accronym
CIA
describe
this is the process of claiming you are a particular individual
(example: when you give your name at the airport)
describe and give an example of
identification
Redirect browsers to unwanted websites, either to earn advertising clicks or to download further malware. Some of the sites masquerade as legitimate websites and are designed to harvest personal information such as logins and credit card details.
describe
hijackers
this is the process of viewing or copying the contents of ram
what is a
ram dump
this is a virus that is built into an application the application itself will seem legit and performs the advertised task however it will contain a virus. Trojan viruses are not self replicating and rely on human interaction to spread
describe what a
trojan
is
this is an image file format that was originally created by microsoft.
One purpose for it is that when a file is printed windows converts the file into an EMF format it is then held in the printers spooler file and in turn RAM
what is
Enhanced Metafile (EMF)
describe the term
social engineering
this is the term used to describe using human factors/nature to defeat the security of a device
what happens when you perform a
hard delete
when this is performed:
- all references including the $I if applicable are deleted
(NOTE: only references to the original file are deleted meaning that the data still exists although the operating system has no access to it)
this is the process of taking an image of ram while it is running
what is a
live system image
where can
TRIM setting
be configured on windows
these can be configured within disk optimization on windows
describe
hijackers
Redirect browsers to unwanted websites, either to earn advertising clicks or to download further malware. Some of the sites masquerade as legitimate websites and are designed to harvest personal information such as logins and credit card details.
describe
spyware
Attempts to access personal information by monitoring keystrokes or patterns of activity.
this will be a zombie in charge of managing sections of the botnet such as zombies within a companies intranet
within a peer-to-peer botnet describe the
server zombie
this is a number that is a kind of signature for a file type.
each file type will produce its own one of these which is usually located inside the header
when speaking in terms of file carving what is the
magic number
describe what a
worm
is
these are a self replicating program just like viruses however they do not rely on human interaction to spread themselves across networks and computers they can copy and transport themselves instead
(note: Worms are the most common type of malware currently in use)
this is software that is able to read and write to disk images.
Upon mounting a disk image it will appear as a physical disk and can be navigated as normal via the OS you are using
what is an
image mounter
what is
dead system imaging
this is the process of creating a disk image from a hard drive that has been removed from a computer
(often carried out for forensic investigation)
held in here you may find
- Instructions and data that will be needed by the processor
- The operating system
- Information about running programs and processes
- Networks a computer is connected to
- Decrypted passwords and files as well as the keys that decrypted them
- Registry hives
what
data might you typically find in ram
what is a cell within
flash memory
this is a semiconductor material surrounded by an insulator and is able to hold a charge even when there is no power
describe
File carving / data carving
this is the act of finding and recovering a file by using the magic number associated with that file type.
Since the magic number is usually in the header with the file length it is possible for the software to recover all of the deleted data, assuming it had not been overwritten in any way or been highly fragmented
these maintain resillience by
- using encryption
- using multiple servers in different countries
how do
client-server botnets
maintain resillience
this is a protocol and command built into the firmware of most SSDs.
When used it will reset an entire SSD by sending a spike of voltage to all memory cells and in turn removing all data from the SSD
what is
ata secure erase
give three main points about
hashing
- Every different piece of plaintext produces a unique hash
(The benefit of this is that you cannot find resemblance between two pieces of plain text)
- Every hash produced will be the same length
(the benefit of this is you cannot know the length of the original plaintext)
- From a hash its almost impossible to find the original plaintext
(this makes it great to store passwords in this form since their is no easy way to find the original plaintext)
what does the accronym
CIA
stand for
this accronym stands for
1. confidentiality
2. integrity
3. availability
describe the
trigger
of a virus
this is some action that will make the virus deliver its payload such as a date or an execution of a file
what will a
hash algorithm
use in order to produce a hash from a given input
to produce a hash from a given input this will use a combination of:
- constants
- AND, OR, NOT logic operators
- modulus operator with large prime numbers to produce smaller numbers from large numbers
what does the accronym
PLC
stand for
this stands for
Programmable logic controller
these are terms to describe the tools, knowledge and best practices regarding the protection of:
- Computers
- Communication networks
- Programs
- Data
describe the terms
Cybersecurity / information security
this could contain words from
- The a-z dictionary
- Most used passwords
- Professional terminology such as medical terms
- Literature
- Tv and film
name 5 potential places that words for a
dictionary which will be used for a dictionary attack
could come from
this is a simple yet effective method of implementing Steganography.
It works by having a message you want to hide already in bits and then for each pixel change either the last or last two bits so that they match your hidden message.
To retrieve the message one would simply have to gather the least significant bits used to hide the message and use them to reconstruct the hidden message
describe the steganography technique known as
Least significant bit (LSB)
this is a programme that is able to self replicate but not self spread and will typically inject or attach itself to an application or file
describe what a
virus
is
how do
client-server botnets
maintain resillience
these maintain resillience by
- using encryption
- using multiple servers in different countries
some examples of this include
- allowing employees to insert any usb into network attached computers
- having out of date operating system or antivirus
give two examples of a
vulnerability
how does a
virus
spread
this spreads by relying on human interaction such as a file being shared via a medium such as email
why can hashing passwords alone not protect against a
dictionary attck
the reason that hashing passwords alone cannot protect against this attack is because the dictionary used for this attack can also be hashed and so a match can still be found
describe what a
virus
is
this is a programme that is able to self replicate but not self spread and will typically inject or attach itself to an application or file
describe
rootkits
Hidden programs used by attackers to remotely control or access a computer.
what is a
sandbox
this is an isolated environment that mimics an operating system
these are rules used to identify malware and relies on using previous knowledge about how malware operates
what are
heuristics
used by antivirus programmes
when this is to be written to it must first have its content completely removed
this means that slack space on an SSD will no longer contain old data
what must happen to a
solid state drive (SSD) memory cell
before it is written to
what is
steganogaphy
this is the act of hiding data within other data such as an image.
when using this the antivirus programme may
- decompile a suspected programme and see if it contains instructions such as copying itself or overwriting operating system files
- put the programme within a sandbox and then execute the programme to see what instructions it tries to execute
what are two techniques that antivirus programmes use when working with
heuristics
this was a virus discovered in the summer of 2010 and was the first of its kind in the sense that instead of targeting a huge number of publicly owned computers it was specifically designed to attack and control siemens PLCs
what is
stuxnet
