SG 8 - Study Notecards

Question 1

What is the Purdue Model?

Answer 1

A layered approach to network design for Operational Technology Environments, segmenting fragile devices away from user-centric devices

Question 2

What is Setoolkit (SET)?

Answer 2

A program that uses Metasploit to automate social engineering attacks

Question 3

What is Serverless Computing?

Answer 3

A platform for developers to write functions that respond to events without relying on the creation of virtual machines or containers

Question 4

What is XXE ?

Answer 4

• XXE is XML External Entity
• Allows an attacker to send commands into an underlying operating system using XML-formatted data

Question 4

What is REST ?

Answer 4

A way of allowing clients and servers to maintain state within an application since HTTP doesn’t maintain state

Representational State Transfer

Question 4

What is Grid Computing?

Answer 4

A way of using multipple computer systems at the same time to solve problems in a parallels fashion

Examples: Distributed.net and SETI@Home

Question 4

What are TTPs ?

Answer 4

• Actions attackers take against victims across the entire attack lifecycle
• These TTPs can be identified by victims

Techniques, Tactics and Procedures

Question 4

What is an HMI ?

Answer 4

A device used in operational technology environments to allow users to operate Industrial Control Systems (ICS)

Human-Machine Interface

Question 4

What is Fog Computing?

Answer 4

• Used to describe providing computing resources that may be used to support on-premise devices like those in the Internet of Things (IoT).
• It’s not cloud computing, nor on-premise (on the ground)

Question 4

What is EDR ?

Answer 4

• Software that will monitor systems for malicious activity, including looking for the existance of malware
• EDR will also allow for live investigation and isolation of endpoint systems

Endpoint Detection and Response

Question 5

What is the
MITRE ATT&CK Framework?

Answer 5

A taxonomy of techniques, tactics and procedures (TTPs) known to be used by attackers

Question 6

What is ARP Spoofing?

Answer 6

Process of sending gratuitous ARP responses to get systems on a local network to send traffic to the system performing the ARP spoofing

Address Resolution Protocol Spoofing

This is a Man in The Middle (MitM) Attack

Question 7

What is Credential Stuffing?

Answer 7

• Using collections of known usernames and passwords to break into systems.
• This doesn’t produce the same problem as brute-forcing network requests, which would generate a lot of failed attempts on a single account

Question 8

What is Simultaneous Authentication of Equals (SAE)?

Answer 8

• A protocol used in the wireless encryption and authentication protocol WPA3
• Allowing both sides of the wireless communication (Ex: station and access point) to validate one another’s identity and share keying info

Question 9

What is Bluebugging?

Answer 9

Using Bluetooth devices to listen in on audio activities like phone calls

Question 10

What is an XMAS Scan?

Answer 10

A method of port scanning that sends the FIN, PSH and URG flags in a TCP header