SG 8 - Study Notecards Flashcards
What is the Purdue Model?
A layered approach to network design for Operational Technology Environments, segmenting fragile devices away from user-centric devices
What is Setoolkit (SET)?
A program that uses Metasploit to automate social engineering attacks
What is Serverless Computing?
A platform for developers to write functions that respond to events without relying on the creation of virtual machines or containers
What is XXE ?
- XXE is XML External Entity
- Allows an attacker to send commands into an underlying operating system using XML-formatted data
What is REST ?
A way of allowing clients and servers to maintain state within an application since HTTP doesn’t maintain state
Representational State Transfer
What is Grid Computing?
A way of using multipple computer systems at the same time to solve problems in a parallels fashion
Examples: Distributed.net and SETI@Home
What are TTPs ?
- Actions attackers take against victims across the entire attack lifecycle
- These TTPs can be identified by victims
Techniques, Tactics and Procedures
What is an HMI ?
A device used in operational technology environments to allow users to operate Industrial Control Systems (ICS)
Human-Machine Interface
What is Fog Computing?
- Used to describe providing computing resources that may be used to support on-premise devices like those in the Internet of Things (IoT).
- It’s not cloud computing, nor on-premise (on the ground)
What is EDR ?
- Software that will monitor systems for malicious activity, including looking for the existance of malware
- EDR will also allow for live investigation and isolation of endpoint systems
Endpoint Detection and Response
What is the
MITRE ATT&CK Framework?
A taxonomy of techniques, tactics and procedures (TTPs) known to be used by attackers
What is ARP Spoofing?
Process of sending gratuitous ARP responses to get systems on a local network to send traffic to the system performing the ARP spoofing
Address Resolution Protocol Spoofing
This is a Man in The Middle (MitM) Attack
What is Credential Stuffing?
- Using collections of known usernames and passwords to break into systems.
- This doesn’t produce the same problem as brute-forcing network requests, which would generate a lot of failed attempts on a single account
What is Simultaneous Authentication of Equals (SAE)?
- A protocol used in the wireless encryption and authentication protocol WPA3
- Allowing both sides of the wireless communication (Ex: station and access point) to validate one another’s identity and share keying info
What is Bluebugging?
Using Bluetooth devices to listen in on audio activities like phone calls
What is an XMAS Scan?
A method of port scanning that sends the FIN, PSH and URG flags in a TCP header
