Threat & Vulnerability Management Flashcards
cross-site request forgery
an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.
SQL injection
placement of malicious code in SQL statements, via web page input.
Rootkit
A rootkit is a set of software tools that enable an unauthorized user to gain control of a computer system without being detected.
Cross-site scripting
An XSS will allow an attacker to execute arbitrary JavaScript within the browser of a victim user (such as creating pop-ups)
Command and control (C2) phase
the adversary is testing that they have control over any implants that have been installed. This can be conducted using web, DNS, and email protocols to control the target and relies on an established two-way communication infrastructure to control the target system using remote access.
Delivery phase
the adversary is firing whatever exploits they have prepared during the weaponization phase. At this stage, they still do not have access to their target, though.
Advanced Persistent Threat (APT)
An APT refers to the ongoing ability of an adversary to compromise network security by using a variety of tools and techniques to obtain and maintain access. Primarily focused espionage and strategic advantage, but some target companies purely for commercial gain.
integer overflow
arithmetic operation results in a large number to be stored in the space allocated for it. a number greater than 0xffffffff, an integer overflow occurs
Password spraying
a type of brute force attack in which multiple user accounts are tested with a dictionary of common passwords.
Port 22
SSH
Port 20,21
FTP
Port 23
Telnet
Port 25
SMTP
Port 53
DNS
Port 69
TFTP
Port 80
HTTP
Port 443
HTTPS or SSTP
Port 88
Kerberos
Port 110
POP3 (non -encrypted)
Port 995
POP3 (encrypted)
Port 119
Network News Transfer Protocol (NNTP)
Port 123
Network time protocol (NTP)
Ports 137, 138, 139.
NetBIOS over TCP/IP (NBT, or sometimes NetBT)
Port 143
Internet Message Access Protocol (IMAP)
