Security+ Flashcards
Phishing
Social engineering email trying to spoof users into entering in credentials.
Typosquatting
Attackers slightly changing the URL to make it look legit.
Ex - www.googe.com instead of www.google.com
Pharming
Occurs when an attacker redirects one website’s traffic to another
website that is bogus or malicious
Vishing
(voice phishing) Phone call to you
Smishing
SMS phishing, text message to you.
Spear Phishing
targeted phishing with prior reconnaissance done.
Impersonation
attackers impersonate or make up a story to gain your trust or attention.
Ex. “This is Jim calling from Microsoft Support, we need you to call us because there are issues with your computer”.
Dumpster Diving
Physical dumpster diving by an attacker, sifting through trash to get information from things that may have been thrown out.
Shoulder Surfing
Physically looking over someone’s shoulder, looking at your computer and gaining information.
Hoax
A fake situation that is designed to fool your users into thinking its real.
Watering Hole Attacks
Attackers target a third party site that you or your users use. They then attack that site, and thus gain access to your information or user’s information.
Ex. Attacking Vanta and redirecting their DNS to a spoofed site
Influence Campaigns
Attackers advertise online or post propaganda to influence the opinions of others
Ex - Political campaigns involving falsehoods.
Tailgating
Attacker physically follows you inside the building using your credentials.
Invoice Scams
Attacker sends an email with a fake invoice to the user who pays invoices.
Credential Harvesting
Malware software that extracts credentials stored on your local machine and sends them in an email to an attacker.
Botnet
Group of machines that have the same malware on them. Attackers can execute bulk actions on all machines inside the botnet.
Bot
Single host in a botnet
Virus
Needs human intervention to run, can replicate itself
Worms
No human intervention, uses vulnerabilities in the OS or apps installed to move itself from system to system. Usually resolved via firewall rules, which stops the network transmission to other hosts.
Ransomware
encryption of data, ransom has to be met in order for data to be decrypted.
Crypto-malware
Encrypts all data on a machine and only decrypts and restores it using a proper key. This is the underlying technique behind ransomware attacks.
Trojan
Software that pretends to be something else, you run it and it turns out to be malware. Designed to be non-threatening to standard AV and other common types of defenses.
PUP (Potentially Unwanted Program)
Not malicious in character but bothersome and hard to remove.
Ex - an add toolbar within your web browser.
Backdoor
Malware creates a backdoor, or new way of gaining access to your system for easy access in the future. Other malware can use this new backdoor to infect your system, as it now opened a new vulnerability.
RAT (Remote Access Trojan)
Remote administration tool, the ultimate backdoor.
Rootkit
Rootkits modify files in the kernel of the OS, making it invisible to AV since AV does not detect the kernel as malicious.
What makes rootkits so dangerous?
Rootkits focus on stealth and can create an environment on the kernel of the OS which then allows additional malware to run within that environment, undetected.
Adware
Malware that installs a ton of advertisements on your computer and are generally difficult to remove.
Spyware
Malware that spies on your computer and activity. Often is a trojan horse.
Logic Bombs
Waits for a predefined event to happen on a system, then start.
Why is it typically hard to triage a logic bomb?
In most cases, logic bombs delete themselves from the system after running - making it hard to trace the route of attack.
Hashing
technique used to protect user passwords by converting them into a different form called a hash.
What is SHA-256?
A popular hashing algorithm.
Hash Function
the algorithm used to hash the plaintext password values.
Hash Value
The result of the password going through the hash function. These are very very large in length and are nearly impossible to have duplicates unless the plaintext password is the same.
Hash Space
the set of all possible hash values that can be produced by a particular hash function
Hash Collision
when two hash values are the same
Salting
A unique identifier added to plaintext passwords BEFORE running them through a hash function. This is to differentiate them if multiple users use the same password.
Rainbow Tables
Optimized, pre-built table of hash values for common passwords.
How are passwords in databases typically kept?
The passwords in databases are typically salted and hashed.
Spraying Attack
systematically trying a few commonly used passwords against multiple accounts or targets before stopping to avoid detection.
Brute Force
systematically trying all possible combinations of passwords until the correct one is found.
-You can also brute force hashes if an attacker grabs a hash value.
-They can go through a wordlist and put all of them through a hash function until they get a resulting hash value that matches.
Dictionary Attack
systematically trying a list of common words, phrases, or passwords from a pre-existing “dictionary.”
Physical Attacks
Compromised USB devices, cables, etc.
Skimming credit card numbers
Adversarial AI
When PII is put into an AI system and attackers interact with the AI system and get the bot or system to give it PII data that was used to train it.
Supply Chain Attacks
When a third party vendor is attacked and the attack is then transferred over to you.
Ex - LastPass hacked.
Privilege Escalation
Design flaw that allows a normal user to gain access to administrative permissions
Cross Site Scripting (XSS)
type of security vulnerability that occurs when a website or web application allows malicious scripts to be injected and executed in users’ browsers
Stored XSS
On the site itself, anyone who visits the site runs the malicious script.
Reflected XSS
User has to visit the site and click a particular section or button to get the malicious script to run.
Injection Attack
type of security attack where malicious code is inserted into a computer program or system, causing it to execute unintended commands or actions
Ex. - SQL Injections are very common.
Buffer Overflow
a type of security vulnerability that occurs when a program or system writes more data into a buffer (a temporary storage area) than it can handle. This extra data overflows into adjacent memory locations, potentially causing the program to crash or allowing the attacker to execute malicious code.
Replay Attacks
an attacker intercepts and maliciously retransmits captured data to deceive a system or gain unauthorized access. In simple terms, a replay attack occurs when an attacker copies and replays previously captured data to trick a system into accepting it as valid.
Request Forgeries
an attacker tricks a user’s web browser into making an unintended and unauthorized request on their behalf
What is an example of a request forgery attack?
Ex - You’re signed into your bank account on one tab and visit a malicious site on another tab. This site runs a script that makes a request related to your bank account and because you are already signed in, the request goes through without you even realizing.
Driver Manipulation
Attacks that utilize the drivers built into your OS
SSL Stripping
a type of attack where an attacker intercepts communication between a user’s web browser and a website, and downgrades the secure HTTPS connection to an insecure HTTP connection.
Race Conditions
occur when different parts of a program “race” to use the same thing, and the order they finish in affects the final result.
What is an example of a race condition flaw?
You and Jamie wanting to put $50 into the checking account but you both do it at the same time and now you have $100 in the account.
Rouge Access Points
Access point that has been added to your network without your authorization.
Wireless Evil Twin
Malicious Network with same SSID as your real one
Bluejacking
Sending a message to someone else’s device via bluetooth.
Bluesnarfing
attackers gain unauthorized access to information on a Bluetooth-enabled device, such as a smartphone or tablet
Wireless Disassociation
disruption attacks that disrupts or disconnects wireless network connections between devices.
Wireless Jamming
Attackers transmit interference signals that take down a network due to interference.
RFID Attack
can do replay attack and spoof the RFID ID, jam the signal between the RFID
NFC Attack
can do replay attack and spoof the NFC ID, jam the signal between the NFC
Randomizing Cryptography
When the encryption method does not do a good enough job of obscuring the original value.
Ex - “Password” turned into “Passw0rd”. You can still tell the original value.
Cryptographic Nonce
a unique and random number used in cryptography to add extra security to communication and prevent replay attacks
On-Path Attack
MITM (man in the middle) attack, where an attacker inserts themselves into the communication path between two parties. By doing so, they can intercept and manipulate the data being transmitted between them
Address Resolution Protocol (ARP)
a network protocol used to translate or resolve IP addresses to physical or MAC addresses in a local network
MAC Cloning
involves creating a duplicate or fake MAC address to impersonate another device on the network
MAC Flooding
a technique where a large number of MAC addresses are continuously sent to a network switch, overwhelming its memory capacity.
DNS Poisoning
a technique used by attackers to manipulate or corrupt the information in the DNS server’s cache.
Ex - An attacker changes the value in the DNS server to a malicious one. Once a user queries the DNS server, they are redirected to the malicious site.
Denial of Service (DoS)
attacker overwhelms a target system or network with a flood of excessive requests or data.
Malicious Scripts/Scripting
Scripts that can help attackers automate the attack pipeline.
Threat Actor
an entity responsible for an event that has a negative impact on a different entity.
Insider
Someone on the inside of your organization that is doing something malicious
Nation State
Someone from the government that is doing something malicious.
Hacktivist
Hacker +Activist
Script Kiddie
A beginner who runs pre-made scripts to execute cyber attacks but does not necessarily know what is actually going on.
Organized Crime
Professional criminals, motivated by financial gain.
Shadow IT
the user working around their internal IT department.
Ex - Someone purchasing their own laptop and working from that instead of a corporate owned one.
Attack Vector
a method used by attackers
Threat Intelligence
Researching latest threats
Open Source Intelligence (OSINT)
Intel from publicly available sources
Closed Intelligence
Have to pay cost to a provider for expert level intel on vulnerabilities
CVE
Common Vulnerabilities and Exposures
Indicators of Compromise (IOC)
An event that indicates an intrusion
Irregular patterns or abnormalities
SIEM
Security Information & Event Management
SOAR
Security Orchestration Automation & Response
How many “color” security teams are typically in an organization? What are the 4 colors?
4 Teams - Red, Blue, Purple, White
Red Team
Offensive, attackers
Blue Team
Defense, defenders, incident response
Purple Team
Both red and blue team, both share information.
White Team
Oversees the red and blue teams.
Configuration Management
Documenting change of configurations and systems
Baseline Configuration
Getting an idea of what your baseline is so you can build and improve off of it
Standard Naming Convention
defining a standard naming convention for endpoints, APs, and other points of your system.
Data Masking
using asterisk or some form of censorship to protect sensitive data.
PII
Personal Identifiable Information
Data Encryption
Encrypting data to protect it.
Plaintext
data before encryption
Ciphertext
data after encryption
Data At Rest
Data sitting stationary on a drive, not moving.
Data In Motion
Data transmitted over a network
Data In Use
Data actively processing in the memory of an OS
Tokenization
the process of replacing sensitive data, such as credit card numbers or personal identification information, with unique identification tokens
What is a real world example of tokenization?
Used in NFC credit card transactions, your card number never actually gets sent to the merchant.
Information Rights Management (IRM) -
a security approach that allows organizations to control and protect sensitive information throughout its lifecycle. With IRM, users can apply specific access permissions, restrictions, and encryption to their documents or files.
Data Loss Prevention (DLP)
a security strategy and set of technologies that aim to prevent sensitive data from being lost, leaked, or exposed to unauthorized individuals.
Incident Response Plan
plan that executes in the event of an incident.
HoneyPot
A fake system that looks enticing for hackers to attack. No real access to your production system.
Define the user’s role in security in: Infrastructure as a Service (IaaS), such as AWS.
You still have to maintain security in the cloud
Define the user’s role in security in: Software as a Service (SaaS), like Hi Marley.
3rd party service responsible for security and maintenance.
Define the user’s role in security in: Platform as a Service (PaaS), such as AWS Elastic Beanstalk.
3rd party provides building blocks for building web applications, security responsibility is shared between the provider and the user.
MSSP
Managed Security Service Provider
IaaC
Infrastructure as code
VM Sprawl
When you do not spin down VMs after they are no longer needed.
