Study Flashcards
a non-persistent operating system on a compact disk or USB
live boot media
used to indicate relevancy to the case or part of the case or to show confidentiality and help organize evidence according to keywords or labels
tags
a device that copies signals from the physical layer and the data link layer. Since no network or transport logic is used, every frame is received, allowing reliable packet monitoring.
TAP (Test Access Point)
a measure of cryptographic unpredictability, higher levels indicating higher security
entropy
what are two ways to maximize integrity of the analysis process to ensure non-repudiation is possible?
- use a write-blocker to prevent data from being changed
- create a has before and after analysis and compare checksums
shows the results of risk assessments in a comprehensible document format, including impact, likelihood ratings, date of identification, description, countermeasures, owner/route for escalation, and status.
risk register
a form of segmentation that routes suspicious traffic that is flooding an IP address into another network for analysis
sinkhole
helps to mitigate against spoofing and poisoning attacks. The authoritative server for the zone creates a package of resource records, called an RRset, signed with a private key known as the zone signing key
(DNSSEC) DNS Security Extensions
standard that creates reports that assess the ongoing effectiveness of the security architecture over a period of 6-12 months. highly detailed and designed to be restricted.
Service Organization Control (SOC2) Type II
the concept that fire requires heat, oxygen, and fuel to ignite and burn
the fire triangle
strategy that uses passive discovery techniques so that threat actors do not know they have been discovered
defensive maneuver
what are 9 symmetric algorithms?
- DES
- 3DES
- IDEA
- AES
- Blowfish
- Twofish
- RC4
- RC5
- RC6
name 3 asymmetric algorithms
- Diffie-Hellman (DH)
- RSA
- ECC
encryption type where 2 keys are used, one to encrypt, the other to decrypt
asymmetric
encryption type where sender and receiver use the same private key
symmetric
cipher that uses key stream generator to encrypt data bit by bit using XOR function to create ciphertext
stream cipher
cipher that breaks input into fixed length blocks of data and performs encryption on each block
block cipher
which symmetric encryption algorithm is a stream cipher?
RC4
type of control that includes policies, procedures, legal, and regulatory
administrative controls (aka managerial controls)
name for a freelance ethical hacker
blue hat
highly trained hackers, funded with covert and open source intelligence or funded by nations
Advanced Persistent Threats (APTs)
4 important factors in intelligence/sources
- timeliness
- relevancy
- accuracy
- confidence levels
what are the steps of Lockheed Martin’s kill chain?
- Reconnaissance
- Weaponization
- Delivery
- Explotation
- Installation
- Command and Control
- Actions on Objectives
method of obtaining info through public records, websites, and social media
OSINT (Open Source Intelligence)
framework for analyzing incidents and intrusions by exploring relationships between adversary, capability, infrastructure, and victim
Diamond Model of Intrusion Analysis
knowledge base for adversary tactics
MITRE ATT&CK Framework
a malware infection that sets off a malicious function when logical conditions are met
logic bomb
5 steps for securing the BIOS
- Flash the BIOS (update software)
- Use a BIOS password
- Configure boot order
- Disable external ports and devices
- Enable secure boot
3 tips for securing NAS (Network Attached Storage)
- use data encryption
- use proper authentication
- log NAS access
technology that provides automated identification of suspicious activity using AI and machine learning
UEBA (User and Entity Behavior Analytics)
attack where unsolicited messages are sent to bluetooth devices
bluejacking
attack involving the unauthorized access of info from wireless device over bluetooth
bluesnarfing
an encryption method that provides a small footprint and/or low computational complexity for resource-constrained systems such as an Internet of Things (IoT) device.
lightweight cryptography
the manual review of code to identify oversights, mistaken assumptions, or a lack of knowledge or experience. This may ensure security or improve the code depending on who is peer-reviewing it.
static code analysis
a tool that is placed between an organization’s resources and a cloud service provider that enforces defined security-based policies while monitoring traffic
CASB (Cloud Access Security Broker)
a database of information about vulnerabilities that are codified as signatures.
CVE (Common Vulnerabilities and Exposures)
used to monitor social media for incidents, such as disgruntled consumers posting negative content. In terms of security, this can be used to gather threat intelligence.
sentiment analysis
an appliance designed to perform centralized public key infrastructure (PKI) management, key generation, or key escrow for devices
HSM (Hardware Security Module)
a phishing attack conducted through a voice channel (telephone or VoIP, for instance)
Vishing
an encryption method that allows computation to be performed directly on encrypted data without requiring access to a secret key. Analysis can apply functions on encrypted data without needing to reveal the values of the data
Homomorphic encryption
lists every person who has worked with or who has touched the evidence that is a part of an investigation
chain of custody
collecting information that is widely and openly available from publicly available sources
passive reconnaissance
Put the following in order evidence should be collected based on volatility:
- swap file
- processor cache
- hard drive or usb drive
- random access memory
- Processor cache
- Random Access Memory
- Swap File
- Hard Drive or USB Drive
information about a subject’s opinions, beliefs, and nature afforded specially protected status by privacy legislation
SPI (Sensitive Personal Information)
a pattern matching technique that uses a structured database of string values to detect matches; may use format or sequence
EDM (Exact Data Match)
used to enable access to a directory of resources and uses a client-server model for mutual authentication
LDAPS
access control type that requires all access to be predefined based on system classification, configuration, and authentication
MAC (Mandatory Access Control)
nslookup command that requests DNS records for only the name servers
set type=ns
most common vulnerability found on Windows and Linux systems
missing patches
fire extinguishing system commonly used in data centers and server rooms to protect the servers from fire
FM-200
a popular vulnerability scanner that can be used to check how vulnerable your network is by using various plugins to test for vulnerabilities, and perform compliance auditing
Nessus
a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development
Metasploit
United States federal law that requires financial institutions to explain how they share and protect their customers’ private information
The Gramm-Leach-Bliley Act (GLBA)
a United States federal law that sets new or expanded requirements for all US public company boards, management, and public accounting firms
Sarbanes-Oxley (SOX)
United States federal law that governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments
Family Educational Rights and Privacy Act (FERPA)
creates perfect copies or forensic images of computer data without making changes to the original evidence. The forensic image is identical in every way to the original, including copying the slack, unallocated, and free space on a given drive
FTK Imager
data sanitization technique that involves overwriting data once (and seldom more than three times) with repetitive data (such as all zeros) or resetting a device to factory settings
Clearing
a system on a network used to access and manage devices in a separate security zone
jumpbox
a complete suite of wireless security assessment and exploitation tools that includes monitoring, attacking, testing, and cracking of wireless networks
Aircrack-ng
creates a reverse shell from a victimized machine back to an attacker.
Netcat
a public key certificate that can be used with multiple subdomains of a domain. This saves money and reduces the management burden of managing multiple certificates, one for each subdomain
wildcard certificate
a centralized solution that allows administrators to create and enforce policies for mobile devices, such as pushing updates, preventing certain apps, and turning functions on/off
MDM (Mobile Device Management)
a means of separating personal and work data
storage segmentation
The four steps of patch management
- Planning
- Testing
- Implementing
- Auditing
a method of creating a policy to deploy across a large number of devices
GPO (Group Policy Object)
cryptographic module embedded in a computer to enforce trusted execution and attest to boot settings and metrics
Root of Trust (ROT)
UEFI feature that gathers secure metrics to validate the boot process in an attestation report
measured boot
type of attack where the attacker breaks out of a normally isolated VM by interacting directly with the hypervisor
VM escape
contents of a virtual machine that exist as deleted files on a cloud based server after the deprovisioning of a virtual machine
data remnants
authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner
Kerberos
authentication protocol in which users supply authentication information to authentication client devices, which are then passed to an AAA server that processes the request
RADIUS
regulation that applies to companies of any size that accept credit card payments
PCI-DSS (Payment Card Industry Data Security Standard)
password-based authentication protocol that is widely used as an authentication method in PPTP-based (Point to Point Tunneling Protocol) VPNs and can be used with EAP
MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 2)
a framework in a series of protocols that allows for numerous different mechanisms of authentication, including things like simple passwords, digital certificates, and public key infrastructure
EAP (Extensible Authentication Protocol)
positioned at the cloud network edge and directs traffic to cloud services if the contents of that traffic comply with the policy.
reverse proxy
what is Cain and Abel used for?
password cracking
attack that uses a single ping with a spoofed address sent to the broadcast address of a network, causing them to respond to the spoofed address and overwhelm the victim with responses to the initial ping
smurf
the team assigned the role of judge, enforcing rules and handling requests and issues in a cybersecurity training exercise
white team
encryption algorithms that break input into 64 bit blocks
DES, IDEA, Blowfish
encryption algorithm that uses 128 bit, 192 bit, 256 bit blocks
AES
encryption algorithm that uses 128 bit blocks
Twofish
encryption algorithm that uses a variable key size of 40 bits to 2048 bits
RC4
type of attacker that usually quietly gathers information from compromised systems
APT
involves removing sensitive data from a hard drive using the device’s internal electronics or an outside source such as a degausser, or by using a cryptographic erase function if the drive supports one. data cannot be recovered even in a lab environment
purging
