Threats, Attack and Vulnerabilities Flashcards

1
Q

Virus

A

Replicates, requires user action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Trojan

A

Hidden as something else

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Worm

A

Self-replicating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Logic bomb

A

Virus with specific activation logic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Polymorphic virus

A

avoid signature-based detection by self-mutation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Armored virus

A

Decompilation-resistant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ARP poisoning is commonly used in

A

MITM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The ARP cache

A

maps IPs to MAC addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Replay attack

A

Sniffing and resubmission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Transitive Access Attack

A

Capture credentials through access of honeypot shared folder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Spoofing

A

Masquerade as a trusted system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

DNS Poisoning

A

redirects to malicious server, either local or through DNS provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Smurfing

A

ICMP Flood with a spoofed header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Sniffer attack

A

Used for recon, based on network examination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

XMAS scan

A

Each packet has 3/6 flags to hide the scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Hybrid password attack

A

Bruteforce and dictionary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Birthday attack

A

Bruteforce hash collision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Pharming attack

A

Malicious site through DNS Poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Spearfishing

A

Directed phishing from a fake trusted person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Vishing

A

Telephone Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Whaling

A

Phishing for high-level targets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

War chalking

A

War driving, sniffing unprotected networks en masse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Rogue access point

A

Fake access point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Evil twin

A

A rogue WAP with similar SSID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Session hijacking
Disconnects session (DoS) and impersonates the user
26
Static environment
Hardware that is out of direct control, as processors.
27
Bluesnarfing
Bluetooth hijack for information retrieval
28
Bluebugging
Using bluesnarfing for installing a backdoor
29
MAC Flooding
Overloads CAM on switch leading to traffic being sent on all ports
30
Vishing
Voice phishing with spoofed caller ID
31
Authority Principle
Using an authority figure to pressure in SE attack
32
Threat to act belligerently on an SE attack
Intimidation principle
33
Using an authority figure to pressure in SE attack
Authority Principle
34
Be personable or create a bond for SE attack
Familiarity Principle
35
Citing professional credentials or organizational status for SE attack
Trust Principle
36
Make a social connection claiming someone else can vouch for them in an SE attack
Social Proof Principle
37
Claiming something is urgent in an SE attack
Urgency Principle
38
Claiming you don't have time for verifying your identity in an SE attack
Scarcity Principle
39
Companion virus
Disguised as a legitimate program but with different extension
40
File Infector Viruses
They infect files .com or .exe
41
Macro Viruses
Excel and word macros, VBA
42
Stealth Viruses
Hijack system calls to not reveal corrupted files
43
Metamorphic Virus
Polymorphic but also changes memory payload
44
Pass the hash
Authenticate using hashing credentials that had been intercepted
45
Password spraying
Using very common passwords and testing it against a lot of user accounts to find matches. It exploits the weakest link in the chain, and can be more efficient than bruteforce.
46
Logic bombs usually pass AV detection because they are usually
simple scripts
47
Data Emanation
Interception of data due to EM leakage. Applies to WLAN.
48
Bluejacking
Sending unwanted messages to BL devices for spam.
49
Bluetooth Security Modes
Nonsecure, Service-level, Link-level
50
Bluesnarfing can be prevented by using ____-____ mode
link-level
51
Link-level mode protects Bluetooth by
Authentication on the link level, managed by hardware
52
Service-level mode protects bluetooth
Through app policies
53
Other name for a deauth attack
Disassociation attack
54
Tool for WPS attack
Reaper
55
On-path attack
General form of MITM usually with modification of content
56
You can detect a rogue WAP by
A slightly different SSID or the lack of authentication
57
Most severe WEP attack
IV Attack
58
WEP IV
Initialization Vector
59
Most common WPA attack
TKIP
60
TKIP Attack mitigation
WPA2 with AES
61
Classical attack on WPA2
Deauth, capture handshake and bruteforce or dictionary attack
62
Ping attack
DoS through ICMP pings
63
SYN Flood
Forged SYN packets that leave target waiting for ACK, halting the system meanwhile.
64
DNS Amplification
Request sent to open DNS server with wrong source address, sending response to target
65
Most common way to do MAC spoofing
ARP poisoning
66
Main use of IP Spoofing (in DoS)
Confusing sysadmins, making tracing more difficult
67
Use of IP Spoofing in internal network
Appearing as a trusted system
68
ARP poisoning can be mitigated by
Implementing DHCP
69
Common utility to forge packets
hping3
70
Smurf attack use modified ICMP packets directed to
Broadcast addresses
71
Smurf attacks can be mitigated by disabling
IP Broadcast Addressing
72
Mitigation for TCP/IP Hijacking
Authenticated encryption, ex: IPSec
73
The new exam calls MITM
On-path attack
74
A mitigation for man-in-the-browser attacks is
Out-of-band transaction verification
75
Domain Kiting
Registering a domain repeatedly on a grace period
76
Domain Testing
Using Domain Kiting to test whether a domain is valuable by checking traffic
77
ISACs
Information Sharing and Analysis Centers
78
ISACs/ISAOs usually provide...
threat intelligence
79
AIS
Automated Indicator Sharing
80
TAXII, STIX and CybOX are examples of
Automated Indicator Sharing (AIS) Specifications
81
Threat Hunting is the practice of
Theat Hunting uses Threat Intelligence to actively search for threat actors
82
Threat Hunting and other security activities can be automated by using a ___ platform
SOAR (Security, Orchestration, Automation and Response)
83
SIEM
Security Information and Event Management System
84
SOAR
Security, Orchestration, Automation and Response
85
SIEM vs SOAR
SOAR also assigns criticality and carries automated response once events are detected
86
Third party platforms can increase unmanaged _____ _____
attack surface
87
To reduce third-party risks, an organization needs to perform _____ _____
vendor management
88
Shadow IT
Assets that are not known to the IT team and pose a possible unmanaged attack surface
89
A(n) __________ is a security weakness that could be exploited by a threat.
vulnerability
90
Term that describes the level of harm that results from a threat exploiting a vulnerability
Impact
91
Network Mapper
Determine hosts, OSs and other types of network information through ICMP sweeps and other type of scans. Doesn't scan ports.
92
After systems have been identified with a network mapper, usually a ___ ____ follows.
port scan
93
SMTP port
25
94
FTP ports
20/21
95
Telnet port
23
96
Port 23
Telnet
97
Port 25
SMTP
98
Ports 20/21
FTP
99
LDAP port
389
100
389 Port
LDAP
101
Three most common types of port-scanning
TCP, SYN (TCP with SYN flag), UDP
102
CVE
Common Vulnerabilities and Exposures
103
CVSS
Common Vulnerability Scoring System
104
CVSS is based on vulnerability ______.
criticality
105
CVSS vs CVE
CVSS scores a particular CVE by criticality
106
OVAL
Open Vulnerability and Assessment Language
107
An important consideration of SIEM configuration is server _______.
synchronization
108
Alternative terms for white, gray and black box testing
Known, Partially Known and Unknown Environment Testing
109
While known, partially known and unkown environments describe the knowledge of an attacker or pentester, to describe intent we use the terms
authorized, semi-authorized, unauthorized
110
Red team vs Pentest
Pentest is more strictly defined in scope and duration
111
Purple Team
Mix between blue and red, information sharing during the exercise
112
White team
leads and adjudicates an exercise