Threat & Vulnerability Management Flashcards
cross-site request forgery
an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.
SQL injection
placement of malicious code in SQL statements, via web page input.
Rootkit
A rootkit is a set of software tools that enable an unauthorized user to gain control of a computer system without being detected.
Cross-site scripting
An XSS will allow an attacker to execute arbitrary JavaScript within the browser of a victim user (such as creating pop-ups)
Command and control (C2) phase
the adversary is testing that they have control over any implants that have been installed. This can be conducted using web, DNS, and email protocols to control the target and relies on an established two-way communication infrastructure to control the target system using remote access.
Delivery phase
the adversary is firing whatever exploits they have prepared during the weaponization phase. At this stage, they still do not have access to their target, though.
Advanced Persistent Threat (APT)
An APT refers to the ongoing ability of an adversary to compromise network security by using a variety of tools and techniques to obtain and maintain access. Primarily focused espionage and strategic advantage, but some target companies purely for commercial gain.
integer overflow
arithmetic operation results in a large number to be stored in the space allocated for it. a number greater than 0xffffffff, an integer overflow occurs
Password spraying
a type of brute force attack in which multiple user accounts are tested with a dictionary of common passwords.
Port 22
SSH
Port 20,21
FTP
Port 23
Telnet
Port 25
SMTP
Port 53
DNS
Port 69
TFTP
Port 80
HTTP
Port 443
HTTPS or SSTP
Port 88
Kerberos
Port 110
POP3 (non -encrypted)
Port 995
POP3 (encrypted)
Port 119
Network News Transfer Protocol (NNTP)
Port 123
Network time protocol (NTP)
Ports 137, 138, 139.
NetBIOS over TCP/IP (NBT, or sometimes NetBT)
Port 143
Internet Message Access Protocol (IMAP)
Port 993
IMAP over SSL (IMAPS)
Simple Network Management Protocol (SNMP)
161 – SNMP (Agents receive requests)
162 – SNMP (Controller receives data)
Port 389
Lightweight Directory Access Protocol (LDAP)
Port 636
LDAPS
Port445
Server Message Block (SMB)
Port 500
Internet Key Exchange (IKE)
Port 989/990.
FTPS
Port 1433
SQL
Port 1723
Point-to-Point Tunneling Protocol (PPTP
Port 1812,1813
RADIUS
Port 3389
Remote Desktop Protocol (RDP)
MITRE ATT&CK framework
provides explicit pseudo-code examples for detecting or mitigating a given threat within a network and ties specific behaviors back to individual actors.
CVSS 3.1 Metrics
access vector (AV), access complexity (AC), privileges required (PR), user interaction (UI), scope (S), confidentiality (C), integrity (I), and availability (A).
parameterized query
(also known as a prepared statement) is a means of pre-compiling a SQL statement so that all you need to supply are the “parameters” (think “variables”) that need to be inserted into the statement for it to be executed.
Nikto
a web application scanner that can perform comprehensive tests against web servers for multiple items