Study Flashcards
Authentication Factors
Something you know, have or are
Authentication Attributes
Less certain factors like IP or location
/etc/passwd
Contains user info + hashed passwords
/etc/shadow
Contains encrypted passwords + security info
%SystemRoot%System32\config\SAM
Where Windows stores passwords
TAP Active
Network management, boosts signal strength + makes data better to send to a monitoring tool
TAP Passive
Copies network traffic
SPAN (Mirror)
Copies traffic from a bunch of ports and mirrors to one port
swapfile
When RAM is full data goes here
cdmlet
PowerShell command to control 1+ computers at once
Recovery Point Objective (RPO)
How much data a company can lose in a disaster event
RAM
Short term memory, data that is being actively used or processed
Cache Memory (CPU Memory)
Part of RAM, temporarily stores most frequently used instructions to make CPU process it faster
Hard Disk Drive (HDD)
Old school data storage
Solid State Drive (SDD)
Like HDD but newer and better
Controller Cache
Temporary storage area that saves frequently accessed data to speed
Dump Files
Captures what happens when program/system crashes
Self Encrypting Drive (SED)
Built in protection, very secure, good for performance but expensive
Full Disk Encryption (FDE)
Can be applied to any drive, cheaper but takes time to encrypt/decrypt everythang
Honeypot
Single system/resource
Honeynet
Bunch of connected honeypots
Honeyfile
1 decoy
DNS Security Extensions (DNSSEC)
Combats DNS poisoning, uses cryptographic signatures to ensure websites are legit
DNSSEC Stages
- Signing the Data (making public/private keys)
- Key Distribution
- Signing Resource Records (Signing it)
- Authentication
- Chain of Trust (confirmation)
IEEE802.1X
Network security, controls which devices are let in. Checks via device, switch and authentication server
Security Enhanced Android (SEAndroid)
Security enhancements, assigns labels to everything, like what entity can do
Memory Leak
Program/app not releasing temp memory when it’s done
Exception Handling
Code tries to do something it can’t/bugs out it doesn’t shut down
Clickjacking
Malicious website overlays/disguises their content over a legit one
UEM (Unified Endpoint Management)
Controls multiple types of devices despite different OS’. Can do actions, change policies and update software
XSS (Cross Site Scripting)
Attacker injects malicious script into legit website
PAP (Password Authentication Protocol)
Old way of transmitting credentials, plaintext so unsecure unless using secure tunnel like IPSec. Basic username/password login
IPSec (Internet Protocol Security)
Encrypts data sent over network, provides integrity and authentication. Verifies identity of users involved
AH (Authentication Header)
Used in IPSec and encrypts the whole packet. Privudes authentication/integrity and protects against replay attacks
ESP (Encapsulated Security Payload)
Part of IPSec, encrypts the actual data payload
L2TP (Layer 2 Tunneling Protocol)
Creates tunnel between 2 endpoints. Creates VPN when used with IPSec
C2 Server (Command & Control Server)
Commands bots + botnets. Malware connects endpoints to C2.
Hash Collision
2 different data inputs return the same hash
DLL (Dynamic Link Library)
Precompiled functions from different apps to save resources
DLL Injection
Insert code into running process. Can mask malware with legit code
LDAP
Manages + accesses directory info over a network. Commonly used for user authentication and authorisation
Directory Traversal Attack
Attack uses ../ to break free from directory and access forbidden ones
Race Condition
Several processes trying to access the same resources at the same time = freak out, processes wont work properly and mistakes will be made
Improper Input Validation
Data input isn’t checked so users can insert malicious stuff
Network Replay Attack
Attacker resends user data to access users stuff. Attacker snooped on user comms and took info, then resends that info so it gets sent to them = access to user/network stuff
Session ID
Website assigns users loging a session ID so they don’t have to keep logging in
SSRF (Server Side Request Forgery)
Take control of a server and uses it as a proxy for naughty activities
On Path Attack
Man in the middle
Shimming
Adding extra code (a shim) to smooth over compatibility issues, doesn’t affect core code
Refactoring
Changing essential code, malware refactors so it doesn’t match attack signature
Sideloading
Downloading app from non official app store
Prepending
Adding extra characters (01,02,03) for filing and security (random hashes/characters)
Fuzz Testing
Throwing random inputs to software to test it
Pass the Hash
Attacker logs in with just the hash not plaintext
Bluejacking
Spam via bluetooth
Bluesnarfing
Unauthorised access to a device via bluetooth
Wireless Dissociation Attack
Kicking user off WiFi
2V (Initialisation Vector)
Like a salt, adds random data to result in diff ciphertexts for same data
ARP Poisoning
Associate my MAC address with default gateway IP so network traffic gets sent to me
DNS Poisoning
DNS translates URL to IP to take you where wanna go. This attack changes IP to take you somewhere else
Pharming
DNS poisoning falls under pharming, can also send you to identical looking website
OT (Operational Technology)
Physical tech like machines or power plants
Federation
Use one company’s credentials for multiple logins, like Google
SAML
Document that contains AAA about the user, used for SSO
OAuth (OpenAuthorisation)
Used in SSO/federation, lets apps access some user data without their credentials
Proxy/Proxy Server
Sits between users devices and external networks. It mediates comms, performs security, privacy, content filtering, and network performance optimisation. Forwards user requests
Jump Server
Sits at edge of network and decides which external users are allowed access to internal servers. Users connect to jump server first
ATT&CK (Attacks, Tatics, Techniques & Common Knowledge)
Part of Mitre, framework basically logs all known ATT for education and security purposes
SDK (Software Development Kit)
Set of tools, libraries, documentation devs use to built stuff. Means devs can focus on working not on low level implementation stuff
DOM (Document Object Model)
Interface for web documents. Translates docs (like HTML/XML) into a tree like structure with nodes. Makes it easier to change stuff in the doc
VBA (Visual Basic)
Macro programming language, file extension is .vba or .bas
RAD (Rapid Application Development)
Methodology for writing software faster
Powershell
Command line and scripting language for Windows, file extension is .ps1
Unix
OS with great command line interface. File extension .sh
CVE
Directory of known exploits
NVD (National Vuln Data)
Made by NIST, even better American CVE
AIS (Automated Indicator Sharing)
USAs real time sharing of threat indicators
STIX
Standardised language for sharing threat info/indicators
TAXII
How people share infosec info like IoC and TTPs
S/MIME
Email encryption, uses public key cryptography, relies on PKI, and allows use of digital signatures
SOAR (Security Orchestration, Automation + Response)
Integrates diff tools, focuses on automated incident response, better for large orgs
DEP (Data Execution Prevention)
Prevents code from being executed in memory that should only contain data, reduces exploits
DHE (Diffie Helman Ephemeral/Exchange)
Asymmetric encryption where each key is newly generated for each session. Means past sessions can’t be comprimomised with current keys and vice versa
Often used in TLS
Nmap TCP/SYN Scan -sS
Stealthy way of checking for open ports on nmap
Nmap -O
Show open ports and OS but not the version
tcpdump
Capture and analyse network traffic
nslookup
Lookup domain and IPs via querying DNS
traceroute (tracert)
Find network topology. Traces route packets take from source to destination + records time it takes.
tracert - Windows
traceroute - Linux/Mac
ip/ifconfig
Network interface info
ipconfig - Windows, gives IP, subnet mask, default gateway and DNS server
ifconfig - Linux, gives IP, subnet mask, broadcast address
netstat
Shows network statistics, and traffic between local device and other devices on the network
Shows open ports, routing tables and network connections, etc
rootkit
Virus that can change files and admin rights to gain privileges
Fault Tolerance
Ensuring a system can survive failure, through things like redundancy and load balancing
Elasticity
System adaptability
Configuration Validation
Verifying config settings and ensuring they’re right
Recovery Point Objective (RPO)
The amount of data loss an org/system can sustain
Work Recovery Time (WRT)
How long after disaster recovery until reg work activities can resume
Recovery Time Objective (RTO)
Max amount of time disaster recovery can take
RADIUS
AAA solution, scalable, works with network devices like switches and routers.
Only encrypts passwords. Centralised, open source. Works for stuff like WiFi and VPNs
TACACS+
AAA solution, same as RADIUS but is a Cisco proprietary control. Works primarily with Cisco devices but encrypts entire packet. More granular
Kerberos
AAA solution, the default Windows solution. Network authent, used for SSO and mutual authen between client/server - prevents onpath/replay attacks. Cryptographic ticketing system. Not every device compat with Kerberos
AS gives user a TGT
User gives TGT to TGS
User also gets ST from TGS to acces specific stuff like email
User sends ST to SS which decrypts it TGS
EAP
Butter that smooths over the AAA solutions/diff authentication solutions and allows them to work together
EAP-TLS
Uses digital certs for mutual authentication - most secure EAP
EAP-PEAP
Uses TLS to produce encapsulate EAP messages in a secure tunnel
EAP-FAST
Sets up secure tunnel with PAC (Protected Access Credential) which securely transport credentials
Privilege Attribute Certificate (PAC)
Part of Kerberos, contains authorisation info about the user
EAP-TTLS
Like PEAP (secure tunnel) but uses a server side certificate, has mutual authentication between client and server
Cryptographic primitive
A hash or a/symmetric encryption
Cryptographic system
Bunch of primitives like a cipher suite
SCADA
Manages industrial processes, monitors/controls/optimises processes/infra in real time. Does everything from remote control/security/alarms
Piggybacking
Like tailgating but tricking someone to let you in
Pivoting
Using a compromised account/system to gain access to other accounts/systems. Lateral movement
EDR (Endpoint Detection + Response)
Detects/responds to advanced threats at endpoint level, does everything Bitdefender can basically
EDR Traditional vs NG EDR
NG has AI, ML, user analytics, proactive threat hunting, good with cloud + helps protect diverse environments. Trad is none of that and is reactive
RAID Level 0, 1, 5
0 is no redundancy but high performance (striping without parity), 1 is duplicating all data to another drive (mirroring), 5 is spreading data across a bunch of drives and having one drive that holds the full data (striping with parity)
Signature Based Detection
Assign signatures to malware/malicious processes/attacks, etc Needs frequent updating to keep up with new attacks. Used by AV
Sectoral/Directional Antennas
Sectoral for P2M and Directional for P2P
Business Process Analysis (BPA)
Analyse stuff to understand how business process works.
1. Process inputs/outputs
2. Roles/responsibilities
3. Process flow/sequence
4. KPIs
5. Dependencies/interactions (want low dependencies)
Load Balancer Layer 4 (Transport Layer)
Uses TCP and UDP, doesn’t inspect data transmissions, distributes info based on header info like IPs/ports - used for streaming services too
Load Balancer Layer 7 (Application Layer)
HTML based, routes info based on URLs, cookies, etc as well as on data transmission content. It can test applications states
Digital Certificates
Cryptographic document that binds the identity of an entity to a public key. Has public/private key pairs.
Only valid for x amount of time
Adheres to X.509 standard
Digital Certificate Frequent Uses
Code signing certs for software validity
Email security (using key pairs for encryption)
In TLS/SSL protocols for security
X.509
Standard that defines the format of public key certificates
Certificate Authorities (CA)
Assigns the certificates, entire PKI system is based on trust of the CA.
Root CA - top of hierarchy, assigns intermediary CAs
Intermediary CAs - assign certificates to entities
If intermediary CA gets compromsied the root CA is still secure which is vital, limits the impact of compromise
PKI (Public Key Infrastructure)
The framework that runs digital certificates
RA (Registration Authority)
Investigates/verifies the identities of the entities applying for certificates
CRL (Certificate Revocation List)
Lists that CAs update to tell entities when their certificates are expiring
Interconnection Security Agreement (ISA)
When orgs need to work together or share data the ISA sets the ground rules of what is/n’t allowed
Software Defined Networking (SDN)
Separates control plane from data plane in network devices. Makes network structure more flexible and efficient
Control, Data and Management Planes
Control plane is the instructions on what to do (what to prioritise, secure or switch)
Data plane is the action of doing it
Management - monitors traffic and network status
Order of Volatility
System memory cache, data on mass storage devices, remote monitoring data, archival media
arp command
Helps detect spoofing attacks
Service Oriented Architecture (SOA)
Prioritises services which are chunks of code that function independently and can be put in other apps or used for different stuff
Microservices
Uses API to break app into ‘microservices’ for flexibility and scalability. Can change code in each microservice rather than whole app
VM Sprawl + Countermeasures
Uncontrolled growth of VMs in a virtual enivronment. Usage audits + asset documentation
VM Escape + Countermeasures
Malware running on guest OS escapes to another OS or to the host. Sandboxing + patch management
CHAP
Standard login but sends password as a hash
SLE (Single Loss Expectancy)
Loss expected from one event
ALE (Annualised Loss Expectancy) + ALEm
Loss over a year, ALEm is with Mitigation so loss expectancy over a year with mitigation startegies included
SLExARO=ALE
EF (Exposure Factor)
(Value of Loss/Asset Value) x100
ARO (Annual Rate of Occurrence)
How many times a year will this happen
ROSI (Return On Security Investment)
How much is saved
((ALE - ALEm) - Cost of Solution) / Cost of Solution
Cyber Kill Chain Phases (Lockheed Martin)
- Reconnaissance
- Weaponisation
- Exploitation
- Delivery
- Installation
6 Command and Control (C2) - Actions on Objectives
Hypervisor/VMM (Virtual Machine Monitor)
What VMs run on, like VirtualBox
Stream Ciphers
Often used in symmetric encryption. Encrypt one bite at a time, are fast. Often include IV (like a salt) to the encryption
Block Cipher
Often used in symmetric encryption. Encrypts whole blocks at a time, not bite by bite.
Blockchain
Digital, decentralised ledger. Saved in ‘blocks’ and usually hashed. Used for crypto payments, online voting, etc
Hybrid Cloud
Combines two or more cloud types, like public, private or community
Fog Computing
Bridge between IoT (edge) devices and the cloud. Data can quickly be moved to cloud but not stored in there
Edge Computing
IoT devices, they need only themseleves to do their tasks, don’t need to contact the cloud/internet. Like LED light
Containerisation
Instead of using VMs to run each app, you contain each app in a ‘container’ (sandbox) and run them. More streamlined than virtualisation
VPC (Virtual Private Cloud)
Secure sections in a public cloud that holds specific resources
Transit Gateway
Directs users to correct VPC
Normalisation
Removing duplicates of info in a database
SQL Injection Countermeasures
Input validation and stored procedures (only xyz SQL commands accepted)
Code Bloat
Source code being unnecessarily big and complicated
TOTP
Time based one time password
HOTP
HMAC Based One Time Password, generated with a secret key
Multipath I/O
Technique that provides multiple paths between host and storage device. Mitigates single point of failure + enhances availability
NIC (Network Interface Card) Teaming
Combining multiple NICs for performance, load balancing and redundancy
UPS (Uniterruptable Power Supply)
Good for short term emergency power
PDU (Power Distribution Unit)
Distributes power to multiple devices
SAN (Storage Area Network)
Connects storage devices to servers at high speeds. Centralise storage management in a data center
NAS (Network Attached Storage)
Storage device/server in a network that provides file storage to other devices. Shares and manages files
Incremental Backup
Captures data that has changed since the last backup. Typically multiple incremental backups have the full data needed, it’s faster and uses less storage
Differential Backup
Captures all data since the last FULL backup. Takes longer + more storage space but easier to restore
Non-Persistence
When changes made to system are temp so they go away once there’s a reboot
RTOS (Real Time Operating System)
OS where tasks are completed in specific time frames, have to be predictable. Used in medical devices, brakes, missiles, etc
HSM (Hardware Security Module)
Secure hardware device that creates, manages and protects encryption keys. Can work with many devices
Zigbee
Allows IoT devices to talk to each other
Screened Subnet
DMZ, zone were servers/services are isolated usually between internet and internal systems
ECC (Eliptic Curve Cryptography)
Asymmetric encryption method, suits things with low processing power like mobiles
Session Key
Symmetric + used in only one session, used for session IDs
Block Cipher ECB
Weak and shouldn’t be used, replicates encrypted blocks
Block Cipher GCM
Secure encryption, provides CIA - often used with TLS
Block Cipher CFB
Turns block cipher into stream cipher
Null Pointer Dereference
Attacker gets app memory directed to null (no memory) causing it to crash and DoS
SSH
Network protocol for secure data transfer, remote login, command execution, etc
SRTP + RTP (Secure/Real-time Transport Protocol)
Protocol for trasmitting video and audio over internet. SRTP is the secure version
FTP/FTPS (File Transfer Protocol Secure)
Protocol to exchange files over network/internet. FTPS uses SSL/TLS
SNMP (Simple Network Management Protocol)
Protocol for managing/monitoring devices in a network. SNMPv3 is most secure, v1/v2 sent data unencrypted
UEFI
Better replacement of BIOS. Better GUI and secure boot
Trusted Platform Module (TPM)
New hardware section in computer that securely stores cryptographic keys and securing the platform, ensuring secure boot. Only one device
Hardware Security Model (HSM)
Like TPM but only for cryptographic keys
Tokenisation
Replacing security info with unique token like credit card number becomes Token123
Resource Exhaustion
DoS attack involves taking up a lot of resources like memory so nothing works
Network Access Control (NAC)
Says what is allowed on the network, prevents rogue access points
HaaS (Hardware as a Service)
Provider gives you physical things like servers
SaaS (Software as a Service)
A software service like outlook or gmail
PaaS (Platform as a Service)
Platform for buuilding your own apps, gives you dev blocks, like a login page block, etc. Speeds up dev greatly - dont have to code every little thing
XaaS (Anything as a Service)
Anythign that can be delivered over Internet/Network as a service
Latency
Time between x being requested and x actually happening
Virtualisation
Running multiple OS’ on same device, using VMs basically
UC Server (Unified Communications)
Brings together different comm tools into a unified platform
Transparent Proxy
User doesn’t know that there’s a proxy, everything is done automatically
Nontransparent Proxy
User has to configure settings and work with the proxy. Usually used by users who want to anonymity or content filtering
NAT (Network Address Translation)
Translates a bunch of private IP addresses into one public IP when going on the Internet. Conserves public IPs and helps security
WPA3 (WiFi Protected Access 3)
Wifi and wireless network security enhancer. Gradual update from WPA2
SAE (Simultaneous Authentication of Equals)
Key exchange protocol used in WPA3
PSK (Pre Shared Key)
Key exchange security mechanism in WPA and WPA2
WPS (WiFi Protected Setup)
Simple way of connecting devices to wifi like with a pin. Insecure, shouldn’t be used, susceptible to brute forcing
WEP (Wired Equivalent Privacy)
Old version of WPA with tonnes of vulnerabilities, no longer used
OTA (Over the Air)
Wireless delivery of software updates to mobile or IoT devices
RCS (Rich Communication Service)
Better version of SMS, adds media, read receipts, etc
CASB (Cloud Access Security Broker)
Intermediary between users and CSPs, monitors user activity and has security features like encrypting data, only authorised access, lists applications in use
Does not provide security for data on laptops/mobiles but all data transfer are encrypted
OpenID
Like OAuth but provides authentication, often used for SSO
NTP (Network Time Protocol)
Synchronises time across all devices/networks
NTPSec
Secure version of NTP
SAN Certificate (Subject Alternative Name)
Certificate covers many domains, subdomains or hosts
Wildcard Certificate
Certificate that covers different subdomains
Key Escrow
Trusted third party that stores cryptographic key backups
Recovery Agent
Retrieves keys from key escrow
Certificate Chaining
Verifying authenticity of new certificates by checking up the chain to the root CA
netcat
Windows/Linus command can be used for anything from banner grabbing, port scanning, file transfer and proxying
Routing Table
Data table stored in a router with info on network destinations
NXLog
Log management tool that centralises logs, collects, processes and forwards log data.
NetFlow
Cisco network protocol that collects IP traffic info and monitors network traffic flow
IPFIX
Standard for exporting traffic flow info from network devices, used for monitoring, anal and security. Contains info like src/dest IP addresses, protocols, ports and timestamps
Syslog
Standard protocol for collecting and transmitting log messages in a network
Syslog-ng
Open source syslog with better features like centralisation, message filtering, routine and processing
rsyslog
Syslog for LinuxUnix with better features like filtering, input sources and output targets
ISO 27001
Standard that gives guidelines to orgs on how to establish and maintain an ISMS to protect information assets
ISO 27002
Supports 27001, gives guidelines on implementing infosec controls
ISO 27701
Expands on 27001 to include privacy management, PIMS
ISO 27702
Complements 27701, gives additional guidelines
ISO 31000
Guidelines on risk management
Partially Known Environment
Only know some stuff about the environment
Partitioning Data
Splitting data up into smaller chunks based on xyz
Kernel
Bridge between hardware and software and manages system resources
ROM (Read Only Memory)
Non volatile memory and stores data even without power
Process Table
OS stores this info which is every process running on the device
MFD (Multi Function Device)
Like a printer, fax, scanner, etc all in one
SoC (System On a Chip)
All components for a computer on one chip, like memory, CPU, etc
MTTF (Mean Time To Failure)
Average time x thing can operate before a failure
Watering Hole Attack
Attacker knows victim visits x site so they compromise the site to get to victim, also in real life scenarious like knows x person is going to a conference
EAP-MSCHAP
Weak, often unused.
head/tail commands
First/last 10 lines of file
curl command
Retrives a webpage and displays as HTML in command line
grep command
Search for text/x thing in files
OpenSSL
Cryptography library that supports SSL/TLS encryption on web servers
Scanless
Port scan using a proxy - not traced to you
WAF (Web Application Firewall)
Intermediary firewall between web servers and incoming traffic. Mitigates SQL injection, XXS and CSRF
CRSF (Cross Site Request Forgery)
Like malicious clickbait on website. Tricks user on legit site
SSID (Service Set Identitifier)
WiFi name
DNS Sinkhole
Route malicious DNS requests to a bum (sinkhole) server so it can’t cause damage, or devives trying to connect to C2 servers
Measured Boot
Records the integrity of each component of boot process, creates a log of it
Trusted Boot
Like measured but each component in boot process is signed with trusted key - prevents malware being executed
Secure Boot
Enforces use of signed + authenticated bootloaders/OS components. Prevents unsigned/tampered code beign executed
VDI (Virtual Desktop Infrastructure)
Virtual desktop (VM) that can be accessed on thin clients, mobiles, etc
NGFW (Next Gen FireWall)
Traditional firewall functions with application control, intrusion prevention, advanced threat protection, user identity and SSL/TLS inspection
LDAPS (LDAP over SSL)
Secure comms protocol that adds encryption to LDAP data exchanged between client/server
PCI DSS
Standard for credit card security
CSA CCM
Documents for implementing/managing cloud security controls. CSA is the nonprofit
Polymorphic Virus
Virus changes itself each time it’s downloaded. Has to be installed by user
IMAP (Internet Message Access Protocol)
Email protocol for accessing and managing emails on a server like Outlook
PFS (Perfect Forward Secrecy)
Generating unique session key for each session. Past session keys can’t be used for future sessions and vice versa
Data Owner
Senior person who decides who has access, usage policies, etc
Data Processor
Follows instructions of data owner and processes on their behalf. Responsible for security measures during processing
Data Steward
Individual/team responsible for day to day management/quality of data
Data Protection Officer (DPO)
Mediator between org, data subjects and authorities. Monitors data protection, ensures org follows rules
Elasticity
If system/infrastructure, esp in cloud computing, can scale up or down with demand
Least Privilege
Bare minimum access/permissions needed to complete job
FTK Imager (Forensic Toolkit)
Create forensic image of hard drive or USB
Autopsy
Open source tool for analysing/investigating forensic evidence in user friendly way
NIST RMF (Risk Management Framework)
Structure for managing cyber security risk in federal systems
Resource Exhaustion
Lack of space in critical resources like CPU, network bandwidth or memory
HIPS (Host Based Intrusion Prevention System)
IPS on a host, examines stuff like file modifications and network connections
PGP (Pretty Good Privacy)
Widely used encryption program for data comms, usually email. Uses symmetric and asymmetric
WAP (Wireless Access Point)
Lets wifi enabled wireless devices like phones connect to wired network via radio signals
Out of Band Key Exchange
Swapping encryption keys off network, like over the phone for security
VPN Concentrator
VPN that handles a bunch of connections
Stored Procedures
Precompiled/stored SQL queries/statements saved on database for later use
FAR/FRR (False Acceptance/Rejection Rate)
How many false acceptances/rejections biometric reader makes
Data Masking
Scrambling or replacing identifiable data with pseudononymous data for anonymity
OCSP/OCSP Stapling
Protocol that allows web server to check when certificates expires/gets revoked. Stapling is when OCSP responds and ‘staples’ response to the certificate
Static/Dynamic Code Analyser
Static checks it without executing it, dynamic executes to find out
Certificate Pinning
Pins SSL/TLS certificate/public key to a domain. Prevents MITM
Buffer Overflow
Program writes more data than it was allowed to hold, causes crashes
Integer Overflow
Number goes over alloted amount and causes issues like crashes
MAC Cloning
Attacker copies MAC address of authorised device for impersonation, MITM or evasion
Heuristics
AV studies how programs normally acts and flag it when they don’t act right
Anomaly Based Detection
Anything deviates from baseline is flagged
Behaviour Based Detection
Understands entity behaviour over time and flags when deviates from behaviour
netview
Windows command to view every available resource on LAN like computers, servers and shared folders
memdump
Dumping memory (RAM) into file
chmod
Linux command for changing permissions of files and directories
dd
Linux command for copying data from one locations to another and disk imaging
Split Knowledge
Splits knowledge between 2+ people so no one knows everything
Split Tunnel VPN
Some info through VPN like files some not like printer sent
