Threats Flashcards
Define Elicitation.
the use of casual conversation to extract non-public information from people without giving them the feeling they are being interrogated.
What is a watering hole attack?
a cyberattack targeting a particular organization, in which malware is installed on a website or websites regularly visited by the organization’s. members
Define P-Cap.
A type of Trojan that enables unauthorized remote access to a compromised system.
What is an LDAP Injection attack?
An attack of LDAP (lightweight directory access protocol) that bypasses authentication.
What is a race condition attack?
Also called Time of Check to Time of Use (or TOCTTOU attacks), Race condition attacks take advantage of the need that computing systems must execute some tasks in a specific sequence.
Define SSRF.
Server-Side Request Forgery is a type of exploit which allows an attacker to take control over a server and use it as a proxy for unauthorized actions.
Define CVSS.
Common Vulnerability Scoring System; an industry standard for assessing the severity of computer system security vulnerabilities.
What is OSINT?
Threat intelligence gathered from publicly available sources.
What is IoC?
Indicators of Compromise is a type of forensic evidence that can be used to detect unauthorized access attempts or other malicious activities.
What is AIS?
Automated Indicator Sharing ; a US government initiative for real-time sharing of cyber threat indicators.
Define shimming.
Shimming is the practice of altering the external behavior of an application without introducing any changes to the application’s code.
What is bluesnarfing?
Bluesnarfing is the practice of gaining unauthorized access to a Bluetooth device.
What is an OT attack?
An OT attack is a type of DDoS attack that targets industrial equipment and infrastructure.
What is a wireless disassociation attack?
A type of denial-of-service (DoS), Deauthentication attack that forces a wireless client to disconnect from a wireless network.
What is ARP poisoning?
A type of attack in which an attacker sends falsified Address Resolution Protocol (ARP) messages to devices on a network. These messages cause the devices to incorrectly associate the attacker’s MAC address with the IP address of another device on the network.
