Threats, Attacks, And Vulnerabilities Flashcards

1
Q

Malware Components

A

Propagation
Delivery Method
Payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Malware Propagation Methods

A

Viruses
Worms
Trojan Horses and Remote Access Trojan (RAT)
Polymorphic Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Types of Malware Payload

A

Adware
Spyware
Ransomware
Botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Malware Delivery Methods

A

Backdoor
Logic Bomb
Root kits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Adware Results

A

Redirect search queries
Display pop-up ads
Replace legitimate adds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Spyware Results

A

Log keystrokes
Monitor activity
Search for sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Ransomware Results

A

Encrypt data and sell encryption key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Logic Bomb Triggers

A

Date/Time reached
File contents
API call results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Root Kit Payloads

A
Backdoors
Botnet agents
Adware
Spyware
Anti-theft mechanisms (positive)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Types of Root Kits

A

User mode: normal privilege, easy to write, and hard to detect
Kernel mode: full system privilege, hard to write, and easy to detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define a Armored Virus

A

Virus written to prevent reverse engineering via obfuscation, blocking system debuggers, and preventing sandboxing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define Zero Day Vulnerabilities

A

Unknown vulnerabilities to the vendor/creator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Ethical Disclosure Process

A

Notify vendors
Provide vendor with reasonable amount of time to patch
Disclose vulnerability to the public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Types of Threat Agents

A
Script Kiddies
Hacktivist
Organized Crime
Corporate Espionage
Nation States
Insiders
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define DoS and DDos

A

Denial of Service and Distributed Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define DDoS Amplification Factor

A

Number of replies divided by the number of request (#reply/#request)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Eavesdropping Methods

A
Network Device Tap
DNS Poisoning
ARP Poisoning
Replay Attack
MITM
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Define XMAS Tree Packet

A

All packet header flags are 1

Used crash system and/or determine OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Define DNS Poisoning

A

Redirect user to alternate DNS server for untrusted IP address resolution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Define ARP Poisoning

A

Redirect network traffic from legitimate IP address to attacker’s spoofed MAC address, Local Networks only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Define Typosquating

A

Redirect URL based on misspelling, goes by several other names

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Define Domain Hijacking

A

Stealing a legitimate domain name, reroute to fake or alternate website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Criteria for an Effective Hash

A
Any change in input creates completely different output
One way (not reversible)
Collision resistant (no two inputs create same output)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

One Attack All Hashing Algorithms Are Subject To

A

Collisions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Types of Password Attacks
Brute force Dictionary Hybrid Rainbow table
27
Password Frequency Analysis Techniques
Patterns (i.e. common letters) | Diagraphs
28
Types of Knowledge Based Attacks
Known Plain Text Chosen Plain Text Known Cipher Text
29
Define a Downgrade Attack
Force encryption to use smaller key space and/or less secure protocols
30
Define Watering Hole Attacks
Exploit commonly visited websites to deliver malware
31
Define 802.11
IEEE standard for WiFi
32
Wireless Encryption Options
WEP WPA WPA2
33
WEP Encryption
RC4
34
WPA Encrytpion
TKIP
35
WPA2 Encryption
AES
36
Define Rogue Access Point
Unauthorized access points
37
Define an Evil Twin
Malicious network using same SSID as a legitimate network in the vicinity
38
Define Disassociation Attacks
Attacker spoofs network de-authentication message forcing reconnect to false network
39
Define Bluejacking
Spam via Bluetooth
40
Define Bluesnarfing
Forced pairing via Bluetooth
41
Define SQL Injection Attacks
Unexpected query data input into data-base driven web.
42
Define XSS
Cross Site Scripting is when attackers embed script into a web page.
43
Define XSRF (also called CSRF or “Sea Surf”)
Execute malicious scripts across multiple tabs/sites without user’s knowledge utilizing authentication cookies
44
Define Clickjacking
Hidden elements redirect users clicks for alternative purposes
45
Define Cursor Jacking
Attacker hides or relocates user’s cursor
46
Define Directory Traversal Attack
Execute directory traversal commands for unauthorized access to alternate file directories
47
Define Buffer Overflow Attack
User input exceeds space in application for stored variable
48
Buffer Overflow Attack Results
DoS Data Loss Privilege Escalation
50
Define Session Hijacking
Stolen or guessable hashed authentication cookies used to authenticate attacker
51
Define Refactoring
Repurposing source code embedded with malicious scripts
52
Define Shimming
A legitimate driver “wrapped” in malware
53
Driver Manipulation Protection Method(s)
Code Signing: hashing of digital signatures, certificates
54
Social Engineering Persuasion Methods
``` Authority Intimidation Consensus Scarcity Urgency Familiarity/Liking ```
55
Types of Impersonation Attacks
``` Phishing Spear Phishing Whaling Pharming Vishing Smishing Spim Spoofing ```
56
Define Phishing
Generic email scams
57
Define Spear Phishing
Targeted phishing attempts
58
Define Whaling
Targeted phishing attacks on senior executives
59
Define Pharming
Phishing via fake websites
60
Define Vishing
Phishing via Voice over IP or Phone
61
Define Smishing
Phishing via SMS text
62
Define Spim
Instant message spam
63
Types of Physical Social Engineering
Shoulder Surfing Dumpster Diving Tailgating/Piggybacking
64
Vulnerability Assessment Modes
Active (Intrusive) | Passive (Non-intrusive)
65
Define a Honeypot
Attractive decoy machine for intelligence gathering on attackers
66
Define a Honeynet
Attractive decoy network for intelligence gathering on attackers
67
Purpose of Protocol Analyzers
Peek into network traffic, sniff packets
68
Types of Scanners
Port Scanners Vulnerability Scanners Application Scanners
69
Define Threat
External force Man-made or natural Uncontrollable
70
Define Vulnerability
Security weakness | Semi-Controllable
71
Define Risk
Known threat plus a vulnerability
72
Risk Factors
Impact | Probability
73
Threat Assessment Surveys
Baseline Report Attack Surface Review Code Review Architecture Review
74
Define White Box Testing
Test with full knowledge of network, application, or system. Active and authenticated testing.
75
Types of Penetration Testing
White Box Black Box Gray Box
76
Define Black Box Testing
Test without prior knowledge of network, application, or system
77
Define Gray Boxing
Test with limited knowledge of network, application, or system
78
Define Pivoting
Attacker gaining a foothold before switching target
79
Define False Positive
Alert generated for non-issue
80
Define False Negative
Issue fails to generate an alert
81
Vendor Vulnerabilities
End-of-life End-of-sale End-of-support
82
Memory Vulnerabilities
Memory leak | Null Pointer/Dereferencing
83
Define Memory Leak
Application fails to return unused memory
84
Define Null Pointer/Dereferencing
Empty memory pointer | May provide attacker with debugging info or other vulnerabilities
85
Define Race Condition
Security controls dependent on user or computer action receive missed or unexpected input.
86
Initialization Vector Roles
Build Decryption Tables | Compute RC4 key stream
87
Define System Sprawl
Uncontrolled/undocumented growth of a network or system
88
Vendor Diversity Issues
Lack of Innovation | Technical Inefficiencies
89
Prevention Objective of Fuzz Testing
Crashes Memory leaks Failed validation
90
Contrast Structured vs. Unstructured Attacks
Structure attacks are intentional and specific in target. | Unstructured attacks are generic and broad in target scope.
91
Vulnerability Scanner Scanning Methods
Dictionary scanning | Database scanning
92
Race Condition Results
Privilege Escalation DoS Null Pointer Error
93
Define a Crib
Plain text in a knowledge based attack
94
Define Banner Grabbing
Act of getting software banner information (name and version) to reveal insecure or vulnerable system information
95
Primary Threat Assessment Concerns
Technical Resources | Funds
96
Define IPC
Instructions Per Cycle
97
IP Spoofing Protection Methods
Encryption Packet filtering Key-based authentication
98
Purpose of an Anti-Malware Live Boot CD
Bypasses infected OS to clean device of malware
99
Passive Reconnaissance Methods
Impersonation | Packet sniffing
100
RTOS Vulnerabilities
IPC attacks | Priority Inversion
101
WEP Weaknesses
24 bit IV Encryption algorithm Key management
102
Define a Retro Virus
Destroys virus countermeasures by altering anti-virus definitions and key files
103
Define Smurf Attack
Spoof source address in ICMP packets and sends packets to amplification network
104
Define a Fraggle Attack
Spoof source address using UDP directed to port 7 (echo) and port 19 (CharGen - Character Generation)
105
Define a Salami Attack
Small amounts of data, information, or valuables leaked over a period of time
106
Define a Null Scan
Turns off all flags in a TCP headers
107
Define a Teardrop Attack
Attacker sends fragmented UDP packets with overlapping offsets, when system re-builds the packets, an invalid UDP packet is created causing the system to crash or reboot
108
Define NACK
Negative Acknowledgment; denies client access to LAN/WAN resources
109
Define ping of death
ICMP packet over 65,536 bytes
110
Define a Banana Attack
Uses a router to change the destination address of a frame
111
Define a Land Attack
SYN packet has exact same address for sender and receiver which is the address of the server
112
Define Spark Jamming
Rapid blasts of high-intensity, short-duration RF burst
113
Define Random Pulse Jamming
Random radio signal pulses of varying amplitude and frequency
114
Define Random Noise Jamming
Produce RF signals using random amplitude and frequencies
115
Define an Analytic Attack
Mathematical attack targeting the complexity of a cryptosystem's algorithm
116
Define a Side-Channel Attack
Attack based on information gained from the physical implementation of a cryptosystem such as length of time required for encryption/decryption
117
MAC Flooding Results
Switch will act like a hub
118
Explain a TCP SYN Scan
Port scan which does not complete the three-way TCP handshake but rather listens for SYN/ACK packets (port is listening) or RST/ACK packets (port is not listening)
119
Double vs Single Blind Test
Double Blind Test: Administrator does not know a pen test is being conducted and hacker conducts black box testing Single Blind Test: Administrator knows pen test is being conducted or hacker conducts a white box test
120
Goal of MAC Spoofing
Bypass 802.1x port-based security