Threats, Attacks, And Vulnerabilities Flashcards
Malware Components
Propagation
Delivery Method
Payload
Malware Propagation Methods
Viruses
Worms
Trojan Horses and Remote Access Trojan (RAT)
Polymorphic Malware
Types of Malware Payload
Adware
Spyware
Ransomware
Botnet
Malware Delivery Methods
Backdoor
Logic Bomb
Root kits
Adware Results
Redirect search queries
Display pop-up ads
Replace legitimate adds
Spyware Results
Log keystrokes
Monitor activity
Search for sensitive data
Ransomware Results
Encrypt data and sell encryption key
Logic Bomb Triggers
Date/Time reached
File contents
API call results
Root Kit Payloads
Backdoors Botnet agents Adware Spyware Anti-theft mechanisms (positive)
Types of Root Kits
User mode: normal privilege, easy to write, and hard to detect
Kernel mode: full system privilege, hard to write, and easy to detect
Define a Armored Virus
Virus written to prevent reverse engineering via obfuscation, blocking system debuggers, and preventing sandboxing
Define Zero Day Vulnerabilities
Unknown vulnerabilities to the vendor/creator
Ethical Disclosure Process
Notify vendors
Provide vendor with reasonable amount of time to patch
Disclose vulnerability to the public
Types of Threat Agents
Script Kiddies Hacktivist Organized Crime Corporate Espionage Nation States Insiders
Define DoS and DDos
Denial of Service and Distributed Denial of Service
Define DDoS Amplification Factor
Number of replies divided by the number of request (#reply/#request)
Eavesdropping Methods
Network Device Tap DNS Poisoning ARP Poisoning Replay Attack MITM
Define XMAS Tree Packet
All packet header flags are 1
Used crash system and/or determine OS
Define DNS Poisoning
Redirect user to alternate DNS server for untrusted IP address resolution
Define ARP Poisoning
Redirect network traffic from legitimate IP address to attacker’s spoofed MAC address, Local Networks only
Define Typosquating
Redirect URL based on misspelling, goes by several other names
Define Domain Hijacking
Stealing a legitimate domain name, reroute to fake or alternate website
Criteria for an Effective Hash
Any change in input creates completely different output One way (not reversible) Collision resistant (no two inputs create same output)
One Attack All Hashing Algorithms Are Subject To
Collisions