Terms Deck 2 Flashcards
refactoring
A practice for software developers that involves identifying ways to make code more efficient through better design.
pass-the-hash attack
A type of replay attack in which the attacker provides the hashed password to an accepting authentication scheme.
evil twin
A situation in which an unauthorized wireless access point has been set up to mount on-path attack.
rogue access point
An unauthorized wireless access point.
bluesnarfing
A Bluetooth attack that can expose or alter a user’s information.
bluejacking
An attack used to generate messages that appear to be from the device itself, leading users to follow obvious prompts and establish an open Bluetooth connection to the attacker’s device.
jamming
An attack on a wireless network that is performed by setting up a nearby access point and using a dedicated wireless jamming device.
radio frequency identification (RFID)
A wireless technology that was initially common to supply-chain and inventory tracking.
near-field communication (NFC)
A set of standards for contactless communication between devices.
initialization vector (IV) attack
A fixed-size input of a random or pseudo-random value used with block cipher modes.
man-in-the-middle (MITM) attack
An attack in which a hacker attempts to intercept data in a network stream and then insert his or her own data into the communication. The goal is to disrupt or take over communications.
Address Resolution Protocol (ARP) poisoning
An attack in which a perpetrator tricks a device into thinking any IP address is related to any MAC address. In addition, perpetrators can broadcast a fake or spoofed ARP reply to an entire network and poison all computers.
MAC spoofing
An attack that involves spoofing the hard-coded Media Access Control (MAC) address of a network card.
domain hijacking
An attack that occurs when a domain is taken over without the original owner’s knowledge or consent.
DNS poisoning
An attack that involves redirecting legitimate traffic by changing the IP record for a specific domain.
domain reputation
Protection for registered domains that provides monitoring and threat intelligence.
distributed denial of service (DDoS) attack
An attack that originates from multiple systems simultaneously, causing even more extreme consumption of bandwidth and other resources than a DoS attack.
advanced persistent threat (APT)
A threat that is rooted in the capability to infiltrate a network and remain inside while going undetected. This access often provides the means for a more strategic target or defined objective, including the capability to exfiltrate information over a long period of time.