SG 8 - Study Notecards Flashcards
What is the Purdue Model?
A layered approach to network design for Operational Technology Environments, segmenting fragile devices away from user-centric devices
What is Setoolkit (SET)?
A program that uses Metasploit to automate social engineering attacks
What is Serverless Computing?
A platform for developers to write functions that respond to events without relying on the creation of virtual machines or containers
What is XXE ?
- XXE is XML External Entity
- Allows an attacker to send commands into an underlying operating system using XML-formatted data
What is REST ?
A way of allowing clients and servers to maintain state within an application since HTTP doesn’t maintain state
Representational State Transfer
What is Grid Computing?
A way of using multipple computer systems at the same time to solve problems in a parallels fashion
Examples: Distributed.net and SETI@Home
What are TTPs ?
- Actions attackers take against victims across the entire attack lifecycle
- These TTPs can be identified by victims
Techniques, Tactics and Procedures
What is an HMI ?
A device used in operational technology environments to allow users to operate Industrial Control Systems (ICS)
Human-Machine Interface
What is Fog Computing?
- Used to describe providing computing resources that may be used to support on-premise devices like those in the Internet of Things (IoT).
- It’s not cloud computing, nor on-premise (on the ground)
What is EDR ?
- Software that will monitor systems for malicious activity, including looking for the existance of malware
- EDR will also allow for live investigation and isolation of endpoint systems
Endpoint Detection and Response
What is the
MITRE ATT&CK Framework?
A taxonomy of techniques, tactics and procedures (TTPs) known to be used by attackers
What is ARP Spoofing?
Process of sending gratuitous ARP responses to get systems on a local network to send traffic to the system performing the ARP spoofing
Address Resolution Protocol Spoofing
This is a Man in The Middle (MitM) Attack
What is Credential Stuffing?
- Using collections of known usernames and passwords to break into systems.
- This doesn’t produce the same problem as brute-forcing network requests, which would generate a lot of failed attempts on a single account
What is Simultaneous Authentication of Equals (SAE)?
- A protocol used in the wireless encryption and authentication protocol WPA3
- Allowing both sides of the wireless communication (Ex: station and access point) to validate one another’s identity and share keying info
What is Bluebugging?
Using Bluetooth devices to listen in on audio activities like phone calls