Threats, Attacks and Vulnerabilities

Question 1

What is Malware

Answer 1

Malicious software that can cause harm to the user.

Question 2

What are some example of malware?

Answer 2

Keystroke malware
Botnet
Adware
Viruses and worms
Crypto malware

Question 3

How to get malware

Answer 3

Vulnerability exploitation

Installation

Question 4

What does the virus need in order to reproduce itself?

Answer 4

Execute a program

Question 5

How does the anti-virus protect against viruses?

Answer 5

Through virus signatures discovered every week

Question 6

What are some virus kinds?

Answer 6

Program virus (part of a program)
Boot sector virus
Script virus
Macro virus

Question 7

What is a worm?

Answer 7

Virus that can move itself through the network very quickly

Question 8

How can you mitigate worms?

Answer 8

NGFW

IDS/IPS

Question 9

What was the wannacry worm?

Answer 9

It infected a computer and encrypted its files
It looks for other systems in the network that has the same vulnerabilities
Once it finds it, it installs itself and runs on the vulnerable computer
It installs a backdoor from where wannacry is downloaded

Question 10

What is ransomware?

Answer 10

Cryptograph the computer and ask for money in exchange of the decryption

Question 11

How to avoid a ransomware attack?

Answer 11

Have a backup
Keep OS up to date
Keep applications up to date
Keep anti-virus up to date

Question 12

What are Trojans or Remote Access Trojans (RATs)?

Answer 12

It is a software that pretends to be something else

Question 13

What is a backdoor?

Answer 13

A way to go back into the system without going through the visible frontdoor

Question 14

How to avoid Trojans?

Answer 14

Don’t run unknown software
Update anti-virus and anti-malware
Always have backup

Question 15

What is a rootkit?

Answer 15

A software generally invisible to the software in the kernel, which makes it hard to remove

Question 16

What is a keylogger?

Answer 16

A software that saves the keystrokes and send it to a pre-defined location.

Question 17

What is an adware?

Answer 17

Software that pops-up advertisement that can hinder the performance

Question 18

What is a spyware?

Answer 18

It watches for what is done in the computer

Question 19

What is a botnet?

Answer 19

A special kind of malware that turns the computer into bots that waits for a command, usually comes from trojan horse or software installation

Question 20

What is a logic bomb?

Answer 20

A specific kind of malware that waits for an event to happen. Usually difficult to identify and recover from it.

Question 21

What is phishing?

Answer 21

A mixture of social engineering and spoofing that tries to deceive the user and make him click or send login information.

Question 22

How to avoid phishing?

Answer 22

Check the URL, spelling, fonts, graphics

Question 23

What is Vishing?

Answer 23

Voice phishing

Question 24

What is spear phishin?

Answer 24

Customized phishing to focus on a specific target with a sense of real content

Question 25

What is whaling?

Answer 25

Spear phishing a high stake target

Question 26

What is Tailgating?

Answer 26

To use someone else to gain access to a building (ex: dress like the people and blend in)

Question 27

How to prevent tailgating?

Answer 27

Make visitors visible and identifiable
One scan, one person at a time
Train organization to ask who they are?

Question 28

What is impersonation?

Answer 28

To pretend to be someone you aren’t

Can come after a throughout study from the organization

Question 29

How to prevent impersonation attacks?

Answer 29

Never volunteer information
Don’t disclosure personal details
Verify before revealing info

Question 30

What is dumpster diving?

Answer 30

To go into the dumpster and searching for confidential information

Question 31

What is important to dumpster diving?

Answer 31

The timing

Question 32

Is it legal to dumpster dive?

Answer 32

In most of USA, yes. But it is recommended to verify.

Question 33

How to protect the rubbish?

Answer 33

Secure the garbage
Shred your documents
Look at the trash and do a training based on it

Question 34

What is shoulder surfing?

Answer 34

To look at someone else’s screen

Question 35

How to prevent shoulder surfing?

Answer 35

Control your input
Privacy filter
Keep monitor out of sight
Be Careful of who is behind you

Question 36

What are hoaxes?

Answer 36

Threats that don’t really exist (ex: hoax about a virus)

Question 37

What is a watering hole attack?

Answer 37

Instead of attacking the machine itself, it attacks where people access (ex: industry related sites, local coffee shop) and infects who connect to them.

Question 38

How to avoid watering hole attack?

Answer 38

Layered defense
Firewall
IPS
Anti-virus and Anti-malware installed

Question 39

Social engineering principles

Answer 39

In person or online
Authority
Intimidation
Social proof
Scarcity and urgency
Familiarity and trust

Question 40

What is a Denial of Service (DOS)?

Answer 40

To make a service unavailable for any objective

Question 41

How to avoid DoS?

Answer 41

Patch every system and have it updated

Question 42

Are DoS always intentional?

Answer 42

No, it can be unintentional (ex: Network loop, bandwidth, natural disaster)

Question 43

What is a DDoS?

Answer 43

The denial of service from a variety of places (ex: army of botnets)

Question 44

What is DDoS amplification?

Answer 44

Small attacks that turn into big attacks through another device or service. Usually based on old protocols that have no verification functionality.

Question 45

Example of a DDoS amplification?

Answer 45

Multiple DNS entry records that are very long (request -> long response)

Question 46

How does a DNS Amplification DDoS occur?

Answer 46

A Command & Control sends the command to the botnet
The botnet requests a Open DNS entry as being the targeted server
The large response is all sent to the target that can’t handle it

Question 47

What is a MITM attack?

Answer 47

Someone between point A and B looking at everything that passes by without being noticed

Question 48

Example of MITM attack

Answer 48

ARP Poisoning

Question 49

How does ARP poisoning work?

Answer 49

The MITM pretends to be another host by sending ARP responses that change the ARP cache in a device, making it look like another.

Question 50

What is buffer overflow?

Answer 50

Occurs when information spills out of the original space meant to take

Question 51

How can you prevent buffer overflow?

Answer 51

Perform a balance check

Question 52

What is data injection?

Answer 52

Adding your own information into a data stream (ex: HTML, SQL, XML, LDAP, etc.)

Question 53

How to avoid data injection?

Answer 53

Data validation

Better programming

Question 54

What is Cross site scipting? (XSS)

Answer 54

Cross site security flaw, where browser tabs were able to access another tab’s information.

Question 55

Example of XSS

Answer 55

Script embedded in URL to execute in a browser tab.

Question 56

What is Cross site request forgery? (XSRF, CSRF)

Answer 56

Takes advantage of the trust between web app and user.

The bad guy creates a forged request of a bank site to a bank site visitor that clicks and executes the request.

Question 57

What is privilege escalation?

Answer 57

When someone gains a higher level access than the access granted to you.

Question 58

What is a DNS poisoning?

Answer 58

Modify the DNS Server to modify the destination IP address when looked up.

Question 59

How does DNS Spoofing happen?

Answer 59

Bad guy gains control over the DNS server and changes the IP address of the corresponding URL.

Question 60

What is domain hijacking?

Answer 60

To gain access to the domain registration and change the primary DNS Server to a specific DNS Server under control.

Question 61

What are zero day attacks?

Answer 61

Exploit of a new vulnerability that it has not been patched yet

Question 62

What is a replay attack?

Answer 62

Send a network information that makes the hacker look like the actual end user.

Question 63

How pass the hash work?

Answer 63

A user sends a legitimate authentication request to the server
A copy is sent to the hacker’s workstation
The hacker uses the information that legitimate message as if he is the legitimate user

Question 64

How to avoid pass the hash?

Answer 64

Salted hash (different every time)
Fully encrypted communication

Question 65

What is URL hijacking?

Answer 65

To take legitimate traffic to a URL and redirect it to somewhere else

Question 66

What are some types of URL hijacking?

Answer 66

Typosquatting (miss spelling)
Brandjacking (register the brand name)
Clickjacking (to click something that is invisible)
Cookies to hijack session (information stored on the browser)

Question 67

What is driver manipulation?

Answer 67

To take advantage of the trust that can exist between hardwre and OS.

Question 68

What is malware refactoring?

Answer 68

To change the appearance and software each time it is downloaded to try to avoid antiviruses and signature based protection

Question 69

What is spoofing?

Answer 69

One device that pretends to be someone/something it isn’t.

Question 70

Some examples of spoofing

Answer 70

DNS Spoofing
E-mail address spoofing
Caller ID spoofing
MITM attacks
MAC Spoofing
IP address spoofing

Question 71

What is a wireless replay attack?

Answer 71

Similar to wired replay attack, but much easier to capture the data.

Question 72

Why is WEP (Wired Equivalent Privacy) encryption not used any more?

Answer 72

Because it had cryptographic security flaws, suck as ARP request replay attack to gain access to WEP key.

Question 73

What are rogue access points?

Answer 73

To plug-in another Access Point onto the network

Question 74

What are evil twins?

Answer 74

Configure a new AP to have the same SSID, security settings and password.

Question 75

Wha is wireless jamming?

Answer 75

To jam the wireless communication and decrease its signal intentional, or not intentionally.

Question 76

What is a WPS (Wi-Fi Protected Setup) Attack?

Answer 76

Attack that takes advantage of its design, that validates its 8 digit pin by the first 4 digits then by its 3 digits = 10,000 + 1,000 possibilities, making brute force attacks to gain access to passwords much more viable

Question 77

What is bluejacking?

Answer 77

To send an unsolicited message to a mobile device. It can be used with an address book object to send a message.

Question 78

What is bluesarfing?

Answer 78

To access the data on the mobile device through bluetooth, where if you knew the file name, you could download it without authentication.

Question 79

What is RFID (Radio frequency identification)?

Answer 79

Access badges, inventory tracking, pet identification, any tracking that is generally is powerd externally through radio frequency.

Question 80

What is a RFID attack?

Answer 80

To capture the data being communicated, spoof the reader, deny its service, or decrypt its communication.

Question 81

What is NFC (near field communication)?

Answer 81

Two-way wireless communication based on RFID. It uses an access token usually built-in to a device.

Question 82

What are NFC/RFID security cocerns?

Answer 82

Traffic that goes through wireless network
Frequency jamming
Relay or MITM attack
Loss of RFC device control

Question 83

What are wireless disassociatoin attack?

Answer 83

To surf along the internet and suddenly losing it continuously.

Question 84

How does a wireless disassociation attack occur?

Answer 84

Through 802.11 management frames that happen behind the scenes. It is used to configure, find APs, associate and disassociate with APs.

The original wireless standards did not consider security flaws and the requests were sent in the clear.

So disassociation frames can be sent continuously if a few information are known, such as the MAC adddress of the AP and the the target.

Question 85

What is Known Plaintext Attack (KPA)?

Answer 85

Where you have a part of the original text and work on it to decipher the rest

Question 86

What is a hash?

Answer 86

A one way function that has the same length as output

Question 87

What is a rainbow table?

Answer 87

Pre-built set of hashes that contain a large amount of already calculated hashes

Question 88

What is a salted hash?

Answer 88

Additional random value added to the original hash, making it different every time

Question 89

What is a dictionary attack?

Answer 89

Uses common words grouped as dictionaries and tries these combinations

Question 90

What is a brute force attack?

Answer 90

To keep trying the login process multiple times

Question 91

What is a brute force the hash attack?

Answer 91

Must have a list of users and hashes and try to brute force the hashed password offline.

Question 92

What are threat actors?

Answer 92

Entity responsible for an event that has impact on safety of another entity.

Question 93

What is a scipt kiddie?

Answer 93

Someone that uses pre coded script, not necessarily knowing what it does.

Question 94

What is a hacktivist?

Answer 94

A hacker that has a goal, or a mission and can use sophisticated attacks.

Question 95

What is a penetration test?

Answer 95

To simulate an attack through exploit potential vulnerabilities.

Question 96

What are the general steps of pen test?

Answer 96

Passive reconnaissance (social media, news, forums)
Active reconnaissance (ping scan, port scan, DNS query, service scan)
Exploit vulnerability

Question 97

What is the difference between black, white and grey box?

Answer 97

The amount of known information.

Question 98

What is a vulnerability scanning?

Answer 98

A usually minimally invasive scanning, such as port scanning, system identifying used to gather much information as possible.

Question 99

What is a race condition?

Answer 99

A common case in money transfer, where two people try to transfer an X$ amount at the same time, and before one of them is processed, the other one is executed, possibly resulting in more money being made out of nowhere.

Question 100

What is an end-of-life vulnerability?

Answer 100

When no more support is given by the vendor.

Question 101

What is are embedded system vulnerabilities?

Answer 101

Vulnerability on embedded systems, usually not upgraded and self contained, not having many updates frequently.