Random Stuff I need to learn Flashcards
PAP
Password Authentication Protocol (PAP) - Username and password
TCP & UDP
Transmission Control Protocol & User Datagram Protocol
Layer 4
Enables different types of data transmission from a network source to the destination. TCP is more reliable, while UDP prioritizes speed and efficiency
ICMP
Internet Control Message Protocol
Error-reporting protocol that network devices such as routers use to generate error messages to the source IP address when network problems prevent delivery of IP packets
Reports on network congestion and reachability. Utilities such as ping and tracert use ICMP as their transport mechanism
NOT a transport protocol
Server Clusters
Server clusters include two or more servers working together to offer services
NAT
Network Address Translation
Used in routers. Maps multiple local private addresses to a public one before transferring the information
Translate a set of IP addresses to another set of IP addresses
RAID 0
Provides data STRIPING across multiple disks to increase performance. Focused on speed and performance. Atleast 2 hard drives
RAID 1
Provides redundancy by MIRRORING the data identically to 2 hard drives. Atleast 2 hard drives
RAID 5
Provides redundancy by STRIPING data and PARITY data across the disk drives. Requires at least of 3 disk drives
RAID 6
Provides redundancy by STRIPING and DOUBLE PARITY data across the disk drives. Requires at least 4 hard disks
RAID 10
Creates a striped RAID of two mirrored RAIDs (combines RAID 1 & RAID 0)
Bluejacking
The sending of unsolicited messages to Bluetooth enabled devices (sends info)
Bluesnarfing
Unauthorized access of info from a wireless device over Bluetooth (takes info)
XSS/CSS
Cross-Site Scripting
When malicious code is inserted into the website
XSRF/CSRF
Cross-Site Reference Forgery
When an attacker forces a user to execute actions on a web server that they are already authenticated (logged into)
Daemons
Computer program that runs as a background process, rather than being under the direct control of an interactive user
SCADA
Supervisory Control and Data Acquisition - Type of ICS (Industrial Control System) that manages large-scale, multi-site devices and equipment spread over a geographic region.
Commonly used in manufacturing companies
SNMP
Simple Network Management Protocol - A TCP protocol that aids in monitoring network attached devices and computers
Provides info about memory & CPU usage and other device details. Port 161 UDP
Data Sovereignty
The legal concept that says data is subject to the laws of the country where it is stored
Applicable laws and regulations based on the physical location of digital data.
Legal Hold
Process designed to preserve all relevant information when litigation (lawsuit) is reasonably expected to occur
The legally required implementation of evidence preservation
Chain of Custody
Requires evidence to be gathered in a legal manner, documented, and securely stored at all time
The process of handling evidence so that it is admissible in court. Evidence should be labeled, locked away when not in use, and if it is transferred to someone else it needs to be documented who and when.
Chain of custody forms list every person who’s worked with or who has touched the evidence that is a part of an investigation
PKI
Public Key Infrastructure
A group of technologies used to request, create, manage, store, distribute, and revoke digital certificates. Allows users to communicate securely without personally knowing one another
Governs the issuance of digital certificates to protect sensitive data, provide unique digital identities for users, devices and applications and secure end-to-end communications
A hierarchy of digital security certificates
Entire system of hardware, software, policies, procedures, and people that is based on asymmetric encryption
Logic Bomb
Malicious code that is embedded into a system and may only be activated when certain conditions are met, like timers or system events
Smash the Stack
Occurs when an attacker fills up the buffer with NOP so that the return address may hit a NOP and continue on until it finds the attacker’s code to run
RPs
Provide services to members of a federation
What happens during reconnaissance?
Testers will look for info about an organization such as domain names and email addresses.
Retinal scan
Takes several photos of the back of your eye, visualizing your retina, optic disc, and blood vessels
Iris Scan
Rely on the matching of patterns on the surface of the eye using near-infrared imaging, and is less intrusive than retinal scanning (the subject can continue to wear glasses, for instance) and much quicker
Much less likely to be affected by diseases
IMAP
Internet Message Access Protocol (IMAP) - TCP/IP application protocol that provides a means for a client to ACCESS EMAIL messages stored in a mailbox on a remote server using TCP
Port 143
User and entity behavior analytics (UEBA)
System that can provide automated identification of suspicious activity by user accounts and computer hosts
Cognitive Password
Form of knowledge-based authentication that requires a user to answer a question, presumably something they intrinsically know, to verify their identity.
If you post a lot of personal info about yourself online, this password type can easily be bypassed
DaaS/VDI
Desktop as a Service - provides a full virtualized desktop environment from within a cloud-based service. Also known as VDI (Virtualized Desktop Infrastructure)
Virtualization implementation that separates the personal computing environment from a user’s physical computer
*ShadowPC
Pharming
Attack intended to redirect a website’s traffic to another, fake site by installing a malicious program on the computer.
Can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software
Occurs when an attacker attempts to obtain personal or private information through domain spoofing or poisoning a DNS server
Rogue anti-virus
Form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and to pay money for a fake malware removal tool (that actually introduces malware to the computer)
OCSP
Status of certificates…provides validity such as good, revoked
Virtual Switch
Software application that allows communication between virtual machines
Enumeration
Process of extracting usernames, machine names, network resources, shares, and services from a system
CSR (certificate signing request)
What is submitted to the CA (certificate authority) to request a digital certificate
ARP
Address Resolution Protocol
Layer 2 protocol used to map MAC addresses to IP addresses
Procedure for mapping a dynamic IP address to a permanent physical machine address in a local area network (LAN)
Protocol that enables network communications to reach a specific device on the network.
SIP traffic
Used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications
Voice and video..VoIP
In Linux, what command shows the first 10 entries in a text-based application log file?
head
In Linux, what command shows the last 10 entries in a text-based application log file?
tail
Implicit Deny
Traffic is denied the ability to enter or leave the network because there’s no specific rule that allows it
All access to a resource should be denied by default and only allowed when it’s explicitly stated
When a user or group are not granted a specific permission in the security settings of an object, but they are not explicitly denied either
Explicit Deny
Traffic is denied the ability to enter or leave the network because there’s an ACL rule the specifically denies it
Smurf attack
Uses a single ping with a spoofed source address sent to the broadcast address of a network. This causes every device within the network to receive a single ping, which appears to come from the device with the spoofed source address.
Form of DDoS attack
Explicit Allow
Traffic is allowed to enter or leave the network because there’s an ACL rule that specifically allows it
Security Logs
Shows auditing entries related to activities such as logon attempts or file access
Logs the events such as successful and unsuccessful user logons to the system
Application Logs
Logs the events for the operating system and third-party applications
File that contains info about events that have occurred within a software application
Event Log
File containing records of event data
Records events from various sources and stores them
Access Log
Contains detailed information about each request made to the serve
Contains a list of each of the files accessed on a server
Steganography
Technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection;
IaaS
Infrastructure as a Service
Model that provides the user with the hardware needed to get up and running, the end user is responsible for the operating system, the application, and any ongoing maintenance tasks
3rd party provides you with infrastructure services, like storage and virtualization, as you need them, via a cloud, through the internet
Allow organizations to manage their business resources — such as their network, servers, and data storage — on the cloud
Focused on moving your servers and computers into the cloud
PaaS
Provider hosts the hardware and software on its own infrastructure and delivers this platform to the user as an integrated solution, solution stack, or service through an internet connection.
Provides that platform for software developers to create, allowing them to concentrate on the software itself instead of any external issues
Allow businesses/developers to host, build, and deploy application
Saas
Software as a Service
Provides an entire application that is managed by a provider, via a web browser
DHCP
Dynamic Host Configuration Protocol
Used to dynamically assign IP addresses
Assigns IP addresses and other configurations to devices when they connect to a network
Port 67
FACT: Wifi Channels can be changed
Hashes vs Encryption
Hashes provide assurances of messages authenticity and integrity. Hashes ensure original dada hasn’t been changed
Encryption provides confidentiality not integrity
Blowfish
Symmetric. Block cipher
RC4
Symmetric. Stream cipher
MD5
Hashing algorithm, neither symmetric or asymmetric
RSA
Asymmetric
Wireshark
Open source packet capturing and analysis tool.
chmod
Linux command…used to manipulate system permissions
Change/modify file system permissions
nmap
Network reconnaissance and assessment tool used to scan hosts for open network service port
Network scanner that discovers hosts and services on a computer network by sending packets and analyzing the responses
Port scanner commonly used for host discovery and service identification
nslookup
Name server lookup. Used to troubleshoot DNS problems. Name resolution
Proxy Server…4 types?
A device that acts as a middle man between a device and a remote server.
4 types: IP proxy, caching proxy, internet content filter & web security gateway
Helps prevent an attacker from invading a private network and is one of several tools used to build a firewall
A system or router that provides a gateway between users and the internet. Therefore, it helps prevent cyber attackers from entering a private network
Process requests on another network device’s behalf
Identity federation
Uses security tokens generated by a trusted identity source to allow access to resources such as websites
Single identity is created for a user and shared with all of the organizations in a federation
System of trust between two parties for the purpose of authenticating users and conveying information needed to authorize their access to resources.
Quantitative Risk Analysis
Identifies assets and risks and uses calculations such as ALE (annual loss expectancy) to prioritize and budget funds to manage these risks.
Uses numerical and monetary values to calculate risk
Requires detailed financial data, complex calculations and is time consuming.
Uses exact numbers
Qualitive Risk Analysis
One that uses judgment to determine potential losses if an incident occurs. Values cannot be ascertained with precision. They can include damages to reputation or brand image
Subjective and requires expertise on systems and infrastructure. Cheaper and faster
Categorizes things based on the likelihood and impact of a given incident using non-numerical terms, such as high, medium, and low.
ALE
Annual Lost Expectancy - Expected cost of a realized threat of a year.
ALE = SLE x ARO
ARO
Annual Rate of Occurrence - The likelihood of a failure in a year
Kerberos
Authentication protocol that grants tickets to authenticated entities. Port 88
Ticket Based Authentication
CHAP
Challenge Handshake Authentication Protocol - Uses shared secret (typically user credentials) known by both ends of a connection. The secret is hashed
SOC 2 Type 1
System & Organization Controls reporting (Auditing)
Audits design and implementation of controls at a single point in time. The auditor will review evidence from your systems as it exists at a particular “moment in time”
Assesses the design of security processes at a specific point in time
SOC 2 Type 2
System & Organization Controls reporting (Auditing)
Documents operation efficiency of IT systems within a specific time frame
Assesses the design of security processes over time…(6 months)
Public Keys
Often used to encrypt user files directly…or to generate file encryption keys, then encrypt files. Keys can be stored in a protected file on a disk or on a smart card
Can be used to encrypt data and verify digital signatures.
Private Keys
Can be used to decrypt data and create digital signatures.
Session Keys
Generally symmetric, the same key is used for encryption and decryption
NIC
Network Interface Cards - Hardware component that allows computer to connect to a network
Full Backup
Archives all data even if it hasn’t changes since the last full backup. Requires more storage and time to perform but the restoration is the quickest since its a single backup set
Differential Backup
Backs up anything that has changed since the last full backup
Minimize backup time but take longer to restore than full backups
Incremental Backup
Starts with a full backup. Backs up anything that has changed since the last full or incremental backup
Minimize backup time but take longer to restore than full backups
SYN flood
Variant of a Denial of Service (DOS) attack where the attacker initiates multiple TCP sessions but never completes the 3-way handshake. This uses up resources on the server since it cannot complete the handshake and keeps resources reserved for the attacker’s computer while it awaits the handshake’s completion
What are the 7 Layers of the OSI Model?
Conceptual framework used to describe the functions of a networking system
Bottom 1. Physical Please
2. Data Link Do
3. Network Not
4. Transport Throw
5. Session Sausage
6. Presentation Pizza
Top 7. Application Away
All People Seem To Need Data Processing
Host Base firewalls
Monitors traffic coming into and leaving a computer
Protects a single computer form unwanted internet traffic
Linux cat command
Used to view contents of text files
Used to concatenate (join) files and print on the standard output
catfile1.txt
Linux chmod command
Used to manipulate Linux file system permissions
Used to change/modify file system permissions
Linux grep commmand
Line filtering.
Searches a file for a particular pattern of characters, and displays all lines that contain that pattern
Used to print lines that match patterns.
head command
Used to display beginning lines from a text file
IP header
Header information at the beginning of an Internet Protocol (IP) packet
Contains the source IP address and the TTL (time-to-live) value
BTU value
British Thermal Units
Measures thermal energy (heat).
Your server room AC must be able to displace the BTUs generated by your computing equipment; otherwise, the server room will be much too warm for your equipment.
BitLocker
Windows software that allows you to encrypt files
tcpdump
Linux command line tool
Used to capture network traffic
Command line tool that allows you to capture and analyze network traffic going through your system
P2P Network
Peer-to-Peer Network
Network created whenever two or more devices/computers are connected and share the same resources
Vulnerable to Trojans and spyware
dd command
Linux command that can be used to create an exact copy of a disk volume, while leaving the original disk volume intact
Command line utility used to copy disk images using a bit by bit copying process
nslookup
Used to test DNS server connectivity and name resolution
SMTP
Used to send email over internet
Port 25
SSID
Service Set Identifier.
The name of a wireless network
*When not broadcasted the wireless network is not visible when you’re scanning for wireless networks
Business Impact Analysis (BIA)
Studies the impact that an incident presents to a business.
PowerShell
A cross-platform task automation and configuration management framework
Uses a verb-noun type of syntax and is used by network administrators to manage computers
“Get-Service | Where{$_.status –eq “Running”}”
taskautomation and configuration management program
SNMP
Simple Network Management Protocol
Industry standard for managing and monitoring printers, servers, workstations, routers, switches, IP phones, and so on
A TCP protocol that aids in monitoring network attached devices and computers
Port 161
SNMPv3
Simple Network Management Protocol version 3
Provides Encryption and interity functionality
Exchanges management data…port 161
SMTP
Simple Mail Transfer Protocol - transmits Internet e-mail messages to other SMTP hosts and can be configured to encrypt the transmission.
Port 25
Fuzzing
Sample/random data is passed to the application to test its security and functionality
A5
Symmetric. Stream Cipher
Layer 1 (OSI Model)
Physical layer -Responsible for the physical cable or wireless connection between network nodes
Layer 2 (OSI Model)
Data Link Layer - provides node-to-node data transfer (between two directly connected nodes), and also handles error correction from the physical layer.
Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. In the networking world, most switches operate at Layer 2
Layer 3 (OSI Model)
Network Layer - Responsible for packet forwarding, including routing through different routers. You might know that your Boston computer wants to connect to a server in California, but there are millions of different paths to take. Routers at this layer help do this efficiently
Deals with IP addresses and routing
Layer 4 (OSI Model)
Transfer layer -deals with the coordination of the data transfer between end systems and hosts. How much data to send, at what rate, where it goes, etc
Deals with TCP and UDP details including port numbers,
Layer 5 (OSI Model)
Session layer - creates communication channels, called sessions, between devices. Responsible for opening sessions, ensuring they remain open and functional while data is being transferred, and closing them when communication ends
When 2 computers or other networked devices need to speak with one another, a session needs to be created. Functions at this layer involve setup, coordination (how long should a system wait for a response) and termination between the applications at each end of the session
Layer 6 (OSI Model)
Presentation layer - prepares data for the application layer. Defines how 2 devices should encode, encrypt, and compress data so it is received correctly on the other end
Presents data for the application or the network.
Example of this is encryption and decryption of data for secure transmission
Layer 7 (OSI Model)
Application layer - specific functionality, such as a web browser connecting to a specific URL.
Layer that is the “closest to the end user”. It receives info directly from users and displays incoming data to the user.
Used by end-user software such as web browsers and email clients. Provides protocols that allow software to send and receive info and present meaningful data to users.
Application layer protocols are the HTTP, FTP, POP, SMTP, & DNS
Symmetric Encryption
When the same key is used to encrypt and decrypt
Shared key
Asymmetric Encryption
Uses one key to encrypt and a second key to decrypt.
2 Seperate Keys
DLP
Data Loss Prevention - Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data.
Can used to help identify insider threats
Can ensure blaock and monitor data transfers to unauthorized locations. Ensures that private data stays private
TLS
Transport Layer Security - Network security protocol commonly used to secure web application connections using HTTPS
Cryptographic protocol designed to provide communications security over a computer network
Port 443
Exploit
Takes advantage of a vulnerability
DRP
Disaster Recovery Plan
DHCP
Dynamic Host Configuration Protocol - Used to dynamically assign IP addresses. It will also assign subnet masks, default gateways, etc.
Automatically provides and assigns IP addresses, default gateways and other network parameters to client devices
Port 67
Host-based firewalls
Firewall on a host computer. Monitors traffic going through the host network
Can protect the remote users’ computers from network attacks originating from their internet connection
Attack Surface
An aspect of your software application that’s vulnerable for an attacker to exploit
Ex. Open port, or a running network service
Virtual Private Cloud (VPC)
Can run a public facing application but still maintain a private back end with servers that aren’t publicly accessible
Network Access Translation (NAT)
Designed for IP address conservation. It enables private IP networks that use unregistered IP addresses to connect to the Internet.
Used in routers to translate private internal IP addresses to routable public addresses
Conserves the number of public addresses used within an organization
Runbook
Part of SOAR. Set of rules that can be largely automated
Playbook
Part of SOAR. Lists step-by-step actions that need to occur within the SOAR process. Actions are typically performed by humans
SSH
Secure Shell, Port 22. Provides encrypted remote access channel to a host system
Encrypted Tunnel
DNS
Domain Name Service, Port 53.
HTTPS
Provides encrypted web connection to the router
Secure web communication using SSL/TLS
Port 443
CIS Controls
Center for Internet Security. AKA Top 20 controls. Top 20 control groups
Job Rotation
Ensures that no employee retains the same amount of access control for a responsibility for more than a given period
Serparation of Duties
Policy that ensures that one single individual isn’t tasked with high-security and high-risk responsibilities.
Critical responsibilities are separated between several users to prevent corruption and errors.
IPFIX
IP Flow Information Export
Common representation of flow data and a standard means of communicating, as required for transmitting traffic flow information over a network for collection
Groups traffic into flows to then send on to a centralized collection point. IPFIX is based on NetFlow v9.
Link-Level Security
Authenticates the actual communications link before data transmission begins. Data encryption can also be performed in this mode after the link is authenticated.
CRL
Certificate Revocation Lists - Where revoked certificate serial numbers are stored
Embedded Systems
Include gaming systems, printers, appliances, in-vehicle systems, medical devices, cameras, home automation, and HVAC (heating, ventilating, and air conditioning) controls that are network enabled, and sometimes Internet connected, for remote access
Combination of computer hardware and software designed for a specific function. Embedded systems may also function within a larger system
Blockchains
Publicly accessible ledgers that record online transactions, based on peer-to-peer technology.
A party initiates a block, which is then verified by all the distributed systems and added to the chain (or rejected if not verified). Difficult to cheat the system. Generally, the larger the blockchain, the safer
Protocol analyzer
Sometimes called sniffers…capture network traffic allowing administrators to view and analyze individual packets
to examine the network packets sent from the web server to the database server. Through detailed analysis, you can discover which of the requests is sending malformed data and thus causing your database server to crash.
RTO
Recovery Time Objectives - Maximum amount of time that is considered tolerable for a service/function to be unavailable
Represents the amount of time it takes to identify that there is a problem and then perform recovery the
Timeframe following a disaster that an individual IT system may remain offline
RPO
Recovery Point Objectives - Maximum acceptable amount of lost data because of an outage
The amount of data loss that a system can sustain, measured in time.
*An RPO of 24 hours means that the data can be recovered (from a backup copy) to a point not more than 24 hours before the database was infected
MTBF
Mean Time Between Failures - Average length of time a specific device is expected to work until it fails
MTTR
Mean Time To Repair - The average length of time from the moment a component fails until it is repaired
Vitualization
The creation of a virtual version of something, such as an operating system (OS), a server, a storage device or network resources. Uses software that simulates hardware functionality to create a virtual system
*You can run different websites on a separate virtual machine (VM) running on the same hardware platform. You can run several VMs on one system, and each VM is isolated from the others, thus preventing security issues with one website from affecting other websites
Cain and Abel (AKA Cain)
Password cracking tool
Ping/Ping Sweep
Ping command is used to ping a single host device to identify its existence…Ping Sweep helps to ping multiple IP addresses simultaneously
Can show which network clients are active and responding to requests
SPF
Sender Policy Framework (SPF) - an email authentication method designed to detect forging sender addresses during email delivery
IP Fragmentation
Common form of DDos Attacks
Microsoft Endpoint Configuration Manager (MECM)
Microsoft Endpoint Configuration Manager (MECM) - provides remote control patch management, software distribution, operating system deployment, network access protection, and hardward/software inventory.
SYN flood attack (DoS)
Repeatedly sends initial connection request (SYN) packets…the attacker is able to overwhelm all available ports on a targeted server machine, causing the targeted device to be overwhelmed
Reverse Proxy
Server that sits in front of one or more web servers intercepting requests from clients
Sits in front of an origin server and ensures that no client ever communicates directly with that origin server
Accepts a request from a client, forwards the request to another one of many other servers, and returns the results from the server that actually processed the request to the client as if the proxy server had processed the request itself.
Reverse Proxy: //www.cloudflare.com/img/learning/cdn/glossary/reverse-proxy/reverse-proxy-flow.svg
Proxy (Forward): https://www.cloudflare.com/img/learning/cdn/glossary/reverse-proxy/forward-proxy-flow.svg
Web Proxy (Forward Proxy)
Server that sits in front of a group of client machines. When those computers make requests to sites and services on the Internet, the proxy server intercepts those requests and then communicates with web servers on behalf of those clients, like a middleman
Sits in front of a user and acts as a mediator between users and the web servers they access. User’s request goes through the forward proxy first and then reaches the web page. Once the data from the internet is retrieved, it is sent to the proxy server, redirecting it back to the requester. *From the perspective of the internet server, the request is made by the proxy server itself and not the user
Reverse Proxy: //www.cloudflare.com/img/learning/cdn/glossary/reverse-proxy/reverse-proxy-flow.svg
Proxy (Forward): https://www.cloudflare.com/img/learning/cdn/glossary/reverse-proxy/forward-proxy-flow.svg
FISMA
Federal Information Security Management Act - United States federal law that defines a comprehensive framework to protect government information, operations, and assets against natural or human-made threats. FISMA requires that government agencies and other organizations that operate systems on behalf of government agencies comply with security standard
Multipartite Virus
Virus that combines boot and program viruses. First attaches to the boot sector and system files before attacking other files on the
computer
Polymorphic Virus
Advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection
Changes PART of its code but retains one part of its code that remains the same to stay undetected
Metamorphic Virus
Virus that is able to rewrite itself entirely before it attempts to infect a file
(advanced version of polymorphic virus)
Completely re-writes its code so that each newly propagated version of itself no longer matches its previous iteration to remain undetected
SAML (Security Assertion Markup Language)
Security Assertion Markup Language - An open standard for exchanging authentication and authorization data between parties between an identity provider and a service provider
OpenID Connect
Simple identity layer on top of the OAuth 2.0 protocol
What are the private IP addresses?*
Private IP addresses are either 10.x.x.x, 172.16-31.x.x, or 192.168.x.x.
Heuristic Analysis
Method employed by many computer anti-virus programs designed to detect previously unknown computer viruses and new variants of viruses already in the wild
Detects viruses by examining code for suspicious properties. Designed to spot unknown new viruses and modified versions of existing threats
Determines whether several observed data points constitute an indicator and whether related indicators make up an incident depending on a good understanding of the relationship between the observed indicators
Netflow
Flow analysis tool. Does not capture the full packet capture of data as it crosses the network sensor but captures metadata and statistics about the network traffic.
Metadata can highlight trends and patterns in the traffic generated by the malicious user, such as the volume of data sent and received
FERPA
Family Educational Rights and Privacy Act - Requires educational institutions implement security and privacy controls for student educational records
School, Students
SOX
Sarbanes-Oxley Act - Affects publicly traded U.S. corporations and requires certain accounting methods and financial reporting requirements
Dictates requirements for storing and retaining documents relating to an organization’s financial and business operations, including the type of documents to be stored and their retention periods
Banner Grabbing
Conducted by actively connecting to the server using telnet or netcat and collecting the web server’s response. Banner usually contains the server’s operating system and the version number of the service being run.
Purging a device vs Clearing a device?
Purging includes methods that eliminate information from being feasibly recovered even in a lab environment. Ex: performing a cryptographic erasure (CE) would sanitize and purge the drives’ data without harming the drives themselves.
Clearing drives leaves the possibility that some tools would allow data recovery
Hping
Assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It was inspired by the ping command but offered far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation.
Hping is useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities.
VLAN
Virtual Land Area Network - logically separate network that is created using switching technology
Subnetwork that can group together collections of devices on separate physical local area networks (LANs)
Enables a group of devices available in multiple networks to be combined into one logical network
*Typically need a router
GPO
Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.
Efficient way to deploy system configuration settings across many Window’s devices
APTs
Advanced Persistant Threats - highly sophisticated nation-state threat actor that quietly gathers information from compromised systems and can lay in waiting for several months during an ongoing attack
Dynamic Code Analysis
Involves running code and examining the outcome, which also entails testing possible execution paths of the code
The process of testing and evaluating a program — while software is running
PAP
Password Authentication Protocol (PAP) - Username and password
What happens during recc
What happens during recc
What happens during recc
What happens during recc
