Threats, Attacks, And Vulnerabilities Flashcards
Malware Components
Propagation
Delivery Method
Payload
Malware Propagation Methods
Viruses
Worms
Trojan Horses and Remote Access Trojan (RAT)
Polymorphic Malware
Types of Malware Payload
Adware
Spyware
Ransomware
Botnet
Malware Delivery Methods
Backdoor
Logic Bomb
Root kits
Adware Results
Redirect search queries
Display pop-up ads
Replace legitimate adds
Spyware Results
Log keystrokes
Monitor activity
Search for sensitive data
Ransomware Results
Encrypt data and sell encryption key
Logic Bomb Triggers
Date/Time reached
File contents
API call results
Root Kit Payloads
Backdoors Botnet agents Adware Spyware Anti-theft mechanisms (positive)
Types of Root Kits
User mode: normal privilege, easy to write, and hard to detect
Kernel mode: full system privilege, hard to write, and easy to detect
Define a Armored Virus
Virus written to prevent reverse engineering via obfuscation, blocking system debuggers, and preventing sandboxing
Define Zero Day Vulnerabilities
Unknown vulnerabilities to the vendor/creator
Ethical Disclosure Process
Notify vendors
Provide vendor with reasonable amount of time to patch
Disclose vulnerability to the public
Types of Threat Agents
Script Kiddies Hacktivist Organized Crime Corporate Espionage Nation States Insiders
Define DoS and DDos
Denial of Service and Distributed Denial of Service
Define DDoS Amplification Factor
Number of replies divided by the number of request (#reply/#request)
Eavesdropping Methods
Network Device Tap DNS Poisoning ARP Poisoning Replay Attack MITM
Define XMAS Tree Packet
All packet header flags are 1
Used crash system and/or determine OS
Define DNS Poisoning
Redirect user to alternate DNS server for untrusted IP address resolution
Define ARP Poisoning
Redirect network traffic from legitimate IP address to attacker’s spoofed MAC address, Local Networks only
Define Typosquating
Redirect URL based on misspelling, goes by several other names
Define Domain Hijacking
Stealing a legitimate domain name, reroute to fake or alternate website
Criteria for an Effective Hash
Any change in input creates completely different output One way (not reversible) Collision resistant (no two inputs create same output)
One Attack All Hashing Algorithms Are Subject To
Collisions
Types of Password Attacks
Brute force
Dictionary
Hybrid
Rainbow table
Password Frequency Analysis Techniques
Patterns (i.e. common letters)
Diagraphs
Types of Knowledge Based Attacks
Known Plain Text
Chosen Plain Text
Known Cipher Text
Define a Downgrade Attack
Force encryption to use smaller key space and/or less secure protocols
Define Watering Hole Attacks
Exploit commonly visited websites to deliver malware
Define 802.11
IEEE standard for WiFi
Wireless Encryption Options
WEP
WPA
WPA2
WEP Encryption
RC4
WPA Encrytpion
TKIP
WPA2 Encryption
AES
Define Rogue Access Point
Unauthorized access points
Define an Evil Twin
Malicious network using same SSID as a legitimate network in the vicinity
Define Disassociation Attacks
Attacker spoofs network de-authentication message forcing reconnect to false network
Define Bluejacking
Spam via Bluetooth
Define Bluesnarfing
Forced pairing via Bluetooth
Define SQL Injection Attacks
Unexpected query data input into data-base driven web.
Define XSS
Cross Site Scripting is when attackers embed script into a web page.
Define XSRF (also called CSRF or “Sea Surf”)
Execute malicious scripts across multiple tabs/sites without user’s knowledge utilizing authentication cookies
Define Clickjacking
Hidden elements redirect users clicks for alternative purposes
Define Cursor Jacking
Attacker hides or relocates user’s cursor
Define Directory Traversal Attack
Execute directory traversal commands for unauthorized access to alternate file directories
Define Buffer Overflow Attack
User input exceeds space in application for stored variable
Buffer Overflow Attack Results
DoS
Data Loss
Privilege Escalation
Define Session Hijacking
Stolen or guessable hashed authentication cookies used to authenticate attacker
Define Refactoring
Repurposing source code embedded with malicious scripts
Define Shimming
A legitimate driver “wrapped” in malware
Driver Manipulation Protection Method(s)
Code Signing: hashing of digital signatures, certificates
Social Engineering Persuasion Methods
Authority Intimidation Consensus Scarcity Urgency Familiarity/Liking
Types of Impersonation Attacks
Phishing Spear Phishing Whaling Pharming Vishing Smishing Spim Spoofing
Define Phishing
Generic email scams
Define Spear Phishing
Targeted phishing attempts
Define Whaling
Targeted phishing attacks on senior executives
Define Pharming
Phishing via fake websites
Define Vishing
Phishing via Voice over IP or Phone
Define Smishing
Phishing via SMS text
Define Spim
Instant message spam
Types of Physical Social Engineering
Shoulder Surfing
Dumpster Diving
Tailgating/Piggybacking
Vulnerability Assessment Modes
Active (Intrusive)
Passive (Non-intrusive)
Define a Honeypot
Attractive decoy machine for intelligence gathering on attackers
Define a Honeynet
Attractive decoy network for intelligence gathering on attackers
Purpose of Protocol Analyzers
Peek into network traffic, sniff packets
Types of Scanners
Port Scanners
Vulnerability Scanners
Application Scanners
Define Threat
External force
Man-made or natural
Uncontrollable
Define Vulnerability
Security weakness
Semi-Controllable
Define Risk
Known threat plus a vulnerability
Risk Factors
Impact
Probability
Threat Assessment Surveys
Baseline Report
Attack Surface Review
Code Review
Architecture Review
Define White Box Testing
Test with full knowledge of network, application, or system.
Active and authenticated testing.
Types of Penetration Testing
White Box
Black Box
Gray Box
Define Black Box Testing
Test without prior knowledge of network, application, or system
Define Gray Boxing
Test with limited knowledge of network, application, or system
Define Pivoting
Attacker gaining a foothold before switching target
Define False Positive
Alert generated for non-issue
Define False Negative
Issue fails to generate an alert
Vendor Vulnerabilities
End-of-life
End-of-sale
End-of-support
Memory Vulnerabilities
Memory leak
Null Pointer/Dereferencing
Define Memory Leak
Application fails to return unused memory
Define Null Pointer/Dereferencing
Empty memory pointer
May provide attacker with debugging info or other vulnerabilities
Define Race Condition
Security controls dependent on user or computer action receive missed or unexpected input.
Initialization Vector Roles
Build Decryption Tables
Compute RC4 key stream
Define System Sprawl
Uncontrolled/undocumented growth of a network or system
Vendor Diversity Issues
Lack of Innovation
Technical Inefficiencies
Prevention Objective of Fuzz Testing
Crashes
Memory leaks
Failed validation
Contrast Structured vs. Unstructured Attacks
Structure attacks are intentional and specific in target.
Unstructured attacks are generic and broad in target scope.
Vulnerability Scanner Scanning Methods
Dictionary scanning
Database scanning
Race Condition Results
Privilege Escalation
DoS
Null Pointer Error
Define a Crib
Plain text in a knowledge based attack
Define Banner Grabbing
Act of getting software banner information (name and version) to reveal insecure or vulnerable system information
Primary Threat Assessment Concerns
Technical Resources
Funds
Define IPC
Instructions Per Cycle
IP Spoofing Protection Methods
Encryption
Packet filtering
Key-based authentication
Purpose of an Anti-Malware Live Boot CD
Bypasses infected OS to clean device of malware
Passive Reconnaissance Methods
Impersonation
Packet sniffing
RTOS Vulnerabilities
IPC attacks
Priority Inversion
WEP Weaknesses
24 bit IV
Encryption algorithm
Key management
Define a Retro Virus
Destroys virus countermeasures by altering anti-virus definitions and key files
Define Smurf Attack
Spoof source address in ICMP packets and sends packets to amplification network
Define a Fraggle Attack
Spoof source address using UDP directed to port 7 (echo) and port 19 (CharGen - Character Generation)
Define a Salami Attack
Small amounts of data, information, or valuables leaked over a period of time
Define a Null Scan
Turns off all flags in a TCP headers
Define a Teardrop Attack
Attacker sends fragmented UDP packets with overlapping offsets, when system re-builds the packets, an invalid UDP packet is created causing the system to crash or reboot
Define NACK
Negative Acknowledgment; denies client access to LAN/WAN resources
Define ping of death
ICMP packet over 65,536 bytes
Define a Banana Attack
Uses a router to change the destination address of a frame
Define a Land Attack
SYN packet has exact same address for sender and receiver which is the address of the server
Define Spark Jamming
Rapid blasts of high-intensity, short-duration RF burst
Define Random Pulse Jamming
Random radio signal pulses of varying amplitude and frequency
Define Random Noise Jamming
Produce RF signals using random amplitude and frequencies
Define an Analytic Attack
Mathematical attack targeting the complexity of a cryptosystem’s algorithm
Define a Side-Channel Attack
Attack based on information gained from the physical implementation of a cryptosystem such as length of time required for encryption/decryption
MAC Flooding Results
Switch will act like a hub
Explain a TCP SYN Scan
Port scan which does not complete the three-way TCP handshake but rather listens for SYN/ACK packets (port is listening) or RST/ACK packets (port is not listening)
Double vs Single Blind Test
Double Blind Test: Administrator does not know a pen test is being conducted and hacker conducts black box testing
Single Blind Test: Administrator knows pen test is being conducted or hacker conducts a white box test
Goal of MAC Spoofing
Bypass 802.1x port-based security
