Threats, Attacks, And Vulnerabilities Flashcards
1
Q
Malware Components
A
Propagation
Delivery Method
Payload
2
Q
Malware Propagation Methods
A
Viruses
Worms
Trojan Horses and Remote Access Trojan (RAT)
Polymorphic Malware
3
Q
Types of Malware Payload
A
Adware
Spyware
Ransomware
Botnet
4
Q
Malware Delivery Methods
A
Backdoor
Logic Bomb
Root kits
5
Q
Adware Results
A
Redirect search queries
Display pop-up ads
Replace legitimate adds
6
Q
Spyware Results
A
Log keystrokes
Monitor activity
Search for sensitive data
7
Q
Ransomware Results
A
Encrypt data and sell encryption key
8
Q
Logic Bomb Triggers
A
Date/Time reached
File contents
API call results
9
Q
Root Kit Payloads
A
Backdoors Botnet agents Adware Spyware Anti-theft mechanisms (positive)
10
Q
Types of Root Kits
A
User mode: normal privilege, easy to write, and hard to detect
Kernel mode: full system privilege, hard to write, and easy to detect
11
Q
Define a Armored Virus
A
Virus written to prevent reverse engineering via obfuscation, blocking system debuggers, and preventing sandboxing
12
Q
Define Zero Day Vulnerabilities
A
Unknown vulnerabilities to the vendor/creator
13
Q
Ethical Disclosure Process
A
Notify vendors
Provide vendor with reasonable amount of time to patch
Disclose vulnerability to the public
14
Q
Types of Threat Agents
A
Script Kiddies Hacktivist Organized Crime Corporate Espionage Nation States Insiders
15
Q
Define DoS and DDos
A
Denial of Service and Distributed Denial of Service
16
Q
Define DDoS Amplification Factor
A
Number of replies divided by the number of request (#reply/#request)
17
Q
Eavesdropping Methods
A
Network Device Tap DNS Poisoning ARP Poisoning Replay Attack MITM
18
Q
Define XMAS Tree Packet
A
All packet header flags are 1
Used crash system and/or determine OS
19
Q
Define DNS Poisoning
A
Redirect user to alternate DNS server for untrusted IP address resolution
20
Q
Define ARP Poisoning
A
Redirect network traffic from legitimate IP address to attacker’s spoofed MAC address, Local Networks only
21
Q
Define Typosquating
A
Redirect URL based on misspelling, goes by several other names
22
Q
Define Domain Hijacking
A
Stealing a legitimate domain name, reroute to fake or alternate website
23
Q
Criteria for an Effective Hash
A
Any change in input creates completely different output One way (not reversible) Collision resistant (no two inputs create same output)
24
Q
One Attack All Hashing Algorithms Are Subject To
A
Collisions
26
Types of Password Attacks
Brute force
Dictionary
Hybrid
Rainbow table
27
Password Frequency Analysis Techniques
Patterns (i.e. common letters)
| Diagraphs
28
Types of Knowledge Based Attacks
Known Plain Text
Chosen Plain Text
Known Cipher Text
29
Define a Downgrade Attack
Force encryption to use smaller key space and/or less secure protocols
30
Define Watering Hole Attacks
Exploit commonly visited websites to deliver malware
31
Define 802.11
IEEE standard for WiFi
32
Wireless Encryption Options
WEP
WPA
WPA2
33
WEP Encryption
RC4
34
WPA Encrytpion
TKIP
35
WPA2 Encryption
AES
36
Define Rogue Access Point
Unauthorized access points
37
Define an Evil Twin
Malicious network using same SSID as a legitimate network in the vicinity
38
Define Disassociation Attacks
Attacker spoofs network de-authentication message forcing reconnect to false network
39
Define Bluejacking
Spam via Bluetooth
40
Define Bluesnarfing
Forced pairing via Bluetooth
41
Define SQL Injection Attacks
Unexpected query data input into data-base driven web.
42
Define XSS
Cross Site Scripting is when attackers embed script into a web page.
43
Define XSRF (also called CSRF or “Sea Surf”)
Execute malicious scripts across multiple tabs/sites without user’s knowledge utilizing authentication cookies
44
Define Clickjacking
Hidden elements redirect users clicks for alternative purposes
45
Define Cursor Jacking
Attacker hides or relocates user’s cursor
46
Define Directory Traversal Attack
Execute directory traversal commands for unauthorized access to alternate file directories
47
Define Buffer Overflow Attack
User input exceeds space in application for stored variable
48
Buffer Overflow Attack Results
DoS
Data Loss
Privilege Escalation
50
Define Session Hijacking
Stolen or guessable hashed authentication cookies used to authenticate attacker
51
Define Refactoring
Repurposing source code embedded with malicious scripts
52
Define Shimming
A legitimate driver “wrapped” in malware
53
Driver Manipulation Protection Method(s)
Code Signing: hashing of digital signatures, certificates
54
Social Engineering Persuasion Methods
```
Authority
Intimidation
Consensus
Scarcity
Urgency
Familiarity/Liking
```
55
Types of Impersonation Attacks
```
Phishing
Spear Phishing
Whaling
Pharming
Vishing
Smishing
Spim
Spoofing
```
56
Define Phishing
Generic email scams
57
Define Spear Phishing
Targeted phishing attempts
58
Define Whaling
Targeted phishing attacks on senior executives
59
Define Pharming
Phishing via fake websites
60
Define Vishing
Phishing via Voice over IP or Phone
61
Define Smishing
Phishing via SMS text
62
Define Spim
Instant message spam
63
Types of Physical Social Engineering
Shoulder Surfing
Dumpster Diving
Tailgating/Piggybacking
64
Vulnerability Assessment Modes
Active (Intrusive)
| Passive (Non-intrusive)
65
Define a Honeypot
Attractive decoy machine for intelligence gathering on attackers
66
Define a Honeynet
Attractive decoy network for intelligence gathering on attackers
67
Purpose of Protocol Analyzers
Peek into network traffic, sniff packets
68
Types of Scanners
Port Scanners
Vulnerability Scanners
Application Scanners
69
Define Threat
External force
Man-made or natural
Uncontrollable
70
Define Vulnerability
Security weakness
| Semi-Controllable
71
Define Risk
Known threat plus a vulnerability
72
Risk Factors
Impact
| Probability
73
Threat Assessment Surveys
Baseline Report
Attack Surface Review
Code Review
Architecture Review
74
Define White Box Testing
Test with full knowledge of network, application, or system.
Active and authenticated testing.
75
Types of Penetration Testing
White Box
Black Box
Gray Box
76
Define Black Box Testing
Test without prior knowledge of network, application, or system
77
Define Gray Boxing
Test with limited knowledge of network, application, or system
78
Define Pivoting
Attacker gaining a foothold before switching target
79
Define False Positive
Alert generated for non-issue
80
Define False Negative
Issue fails to generate an alert
81
Vendor Vulnerabilities
End-of-life
End-of-sale
End-of-support
82
Memory Vulnerabilities
Memory leak
| Null Pointer/Dereferencing
83
Define Memory Leak
Application fails to return unused memory
84
Define Null Pointer/Dereferencing
Empty memory pointer
| May provide attacker with debugging info or other vulnerabilities
85
Define Race Condition
Security controls dependent on user or computer action receive missed or unexpected input.
86
Initialization Vector Roles
Build Decryption Tables
| Compute RC4 key stream
87
Define System Sprawl
Uncontrolled/undocumented growth of a network or system
88
Vendor Diversity Issues
Lack of Innovation
| Technical Inefficiencies
89
Prevention Objective of Fuzz Testing
Crashes
Memory leaks
Failed validation
90
Contrast Structured vs. Unstructured Attacks
Structure attacks are intentional and specific in target.
| Unstructured attacks are generic and broad in target scope.
91
Vulnerability Scanner Scanning Methods
Dictionary scanning
| Database scanning
92
Race Condition Results
Privilege Escalation
DoS
Null Pointer Error
93
Define a Crib
Plain text in a knowledge based attack
94
Define Banner Grabbing
Act of getting software banner information (name and version) to reveal insecure or vulnerable system information
95
Primary Threat Assessment Concerns
Technical Resources
| Funds
96
Define IPC
Instructions Per Cycle
97
IP Spoofing Protection Methods
Encryption
Packet filtering
Key-based authentication
98
Purpose of an Anti-Malware Live Boot CD
Bypasses infected OS to clean device of malware
99
Passive Reconnaissance Methods
Impersonation
| Packet sniffing
100
RTOS Vulnerabilities
IPC attacks
| Priority Inversion
101
WEP Weaknesses
24 bit IV
Encryption algorithm
Key management
102
Define a Retro Virus
Destroys virus countermeasures by altering anti-virus definitions and key files
103
Define Smurf Attack
Spoof source address in ICMP packets and sends packets to amplification network
104
Define a Fraggle Attack
Spoof source address using UDP directed to port 7 (echo) and port 19 (CharGen - Character Generation)
105
Define a Salami Attack
Small amounts of data, information, or valuables leaked over a period of time
106
Define a Null Scan
Turns off all flags in a TCP headers
107
Define a Teardrop Attack
Attacker sends fragmented UDP packets with overlapping offsets, when system re-builds the packets, an invalid UDP packet is created causing the system to crash or reboot
108
Define NACK
Negative Acknowledgment; denies client access to LAN/WAN resources
109
Define ping of death
ICMP packet over 65,536 bytes
110
Define a Banana Attack
Uses a router to change the destination address of a frame
111
Define a Land Attack
SYN packet has exact same address for sender and receiver which is the address of the server
112
Define Spark Jamming
Rapid blasts of high-intensity, short-duration RF burst
113
Define Random Pulse Jamming
Random radio signal pulses of varying amplitude and frequency
114
Define Random Noise Jamming
Produce RF signals using random amplitude and frequencies
115
Define an Analytic Attack
Mathematical attack targeting the complexity of a cryptosystem's algorithm
116
Define a Side-Channel Attack
Attack based on information gained from the physical implementation of a cryptosystem such as length of time required for encryption/decryption
117
MAC Flooding Results
Switch will act like a hub
118
Explain a TCP SYN Scan
Port scan which does not complete the three-way TCP handshake but rather listens for SYN/ACK packets (port is listening) or RST/ACK packets (port is not listening)
119
Double vs Single Blind Test
Double Blind Test: Administrator does not know a pen test is being conducted and hacker conducts black box testing
Single Blind Test: Administrator knows pen test is being conducted or hacker conducts a white box test
120
Goal of MAC Spoofing
Bypass 802.1x port-based security
