Threats, Vulnerabilities & Attacks Flashcards
ARP spoofing
A hacker sends fake ARP packets that link an attacker’s MAC address with an IP of a computer already on the LAN.
Common source of MitM attacks
brute force attack
A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.
fraggle attack
A DoS attack where the attacker sends spoofed UDP traffic to a router’s broadcast address intending for a large amount of UDP traffic to be returned to the target computer
wireless disassociation attack
Attack where an attacker spoofs the MAC address of a wireless access point to force a target device to try and re associate with the WAP.
replay attack
- Attacker replays data that was already part of an earlier communication session.
- Third party captures data from a session between 2 parties with the intent of using it to impersonate one of the parties.
- Attackers typically modifies the data before replaying it
- Timestamps or sequence numbers thwart replay attacks
web application attack
An application attack that focuses on those applications that run in web browsers
Trojan horse
A type of malware that hides itself on an infected system and can cause damage to a system or give an attacker a platform for monitoring and/or controlling a system
IM
Instant Messaging
A type of communication service which involves a private dialogue between two persons via instant text-based messages over the Internet
armored virus
A virus that can conceal its location or otherwise render itself harder to detect by anti-malware programs.
session hijacking
A type of hijacking attack where the attacker exploits a legitimate computer session to obtain unauthorized access to an organization’s network or services
evil twin
A wireless access point that deceives users into believing that it is a legitimate network access point
pass the hash attack
A network-based attack where the attacker steals hashed user credentials and uses them as is to try to authenticate to the same network the hashed credentials originated on
attack surface
The portion of a system or application that is exposed and available to attackers.
rootkit
Type of malware that has system-level access to a computer
Often able to hide themselves from users and AV software
amplification attack
A network-based attack where the attacker dramatically increases the bandwidth sent to a victim.
Used during a DDoS attack by implementing an amplification factor.
NTFS
New Technology File System
A proprietary journaling file system developed by Microsoft. Windows operating systems use NTFS for storing organizing and finding files on a hard disk efficiently.
DDoS
Distributed Denial of Service
A network-based attack where an attacker hijacks or manipulates multiple computers (through the use of zombies or drones) on disparate networks.
IV
Initialization Vector; A technique used in cryptography to generate random numbers to be used along with a secret key to provide data encryption.
SQL
Structured Query Language
A programming and query language common to many large scale database systems.
race condition
A software vulnerability that can occur when the outcome from execution processes is directly dependent on the order and timing of certain events and those events fail to execute in the order and timing intended by the developer
side-channel attack
An attack in which an attacker gleans information from the physical implementation of a cryptographic technique and uses that information to analyze and potentially break the implementation
zero day vulnerability
A software vulnerability that a malicious user is able to exploit before the vulnerability is publicly known or known to the developers and before those developers have a chance to issue a fix
adaptive chosen ciphertext attack
A cryptographic attack where the attacker repeatedly encrypts a selected cipher text message and tries to find the matching plain text.
Each subsequent attack is based on the results of the previous attack.
PTZ
Pan-Tilt-Zoom
A type of internet camera where the user can control the movement and position of the lens from a remote location using controls on an Internet browser or software application. Panning refers to horizontal movement of the lens where tilting describes vertical movement.
IDF
Intermediate Distribution Frame
- A distribution frame in a central office or customer premises which cross connects the user cable media to individual user line circuits.
- May serve as a distribution point for multipair cables from the main distribution frame (MDF) or combined distribution frame (CDF) to individual cables connected to equipment in areas remote from these frames.
chosen ciphertext attack
A cryptographic attack where the attacker analyzes a selected cipher text message and tries to find the matching plain text.
dictionary attack
A type of password attack that compares encrypted passwords against a predetermined list of possible password values
IR
Infrared Radiation
Electromagnetic radiation (EMR) with wavelengths longer than those of visible light and is therefore invisible to the human eye.
POTS
Plain Old Telephone Service
A voice-grade telephone service employing analog signal transmission over copper loops.
It was the standard service offered until 1988 when it was replaced by ISDN (Integrated Services Digital Network).
social engineering
Any activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines
NFC
Near Field Communications
A mobile device communication standard that operates at very short range often through physical contact
RFID
Radio Frequency Identifier
- Technology that uses electromagnetic fields to automatically identify and track tags or chips
- These are attached to objects and store information about those objects
GPU
Graphics Processing Unit
A specialized processor originally designed to accelerate graphics rendering.
GPUs can process many pieces of data simultaneously, making them useful for machine learning, video editing, and gaming applications.
OS
Operating System
System software that manages computer hardware and software resources and provides common services for computer programs.
malicious actor
Sn entity that is partially or wholly responsible for an incident that affects or has the potential to affect an organization’s security
XSS
Cross-Site Scripting
A web application attack where the attacker takes advantage of scripting and input validation vulnerabilities in an interactive website to attack legitimate users.
DNS hijacking
A hijacking attack where an attacker sets up a rogue DNS server This rogue DNS server responds to legitimate requests with IP addresses for malicious or non-existent websites
clickjacking
A type of hijacking attack that forces a user to unintentionally click a link that is embedded in or hidden by other web page elements
black hat
A hacker who exposes vulnerabilities without organizational consent for financial gain or for some malicious purpose.
threat actor
An entity that is partially or wholly responsible for an incident that affects or has the potential to affec organization’s security
shoulder surfing
A human-based attack where the goal is to look over the shoulder of an individual as he or she enters password information or a PIN
IP address spoofing
An attack in which an attacker sends IP packets from a false (or spoofed) source address to communicate with targets
IEEE
Institute of Electrical and Electronic Engineers
A professional association of electrical and electronics engineers that develops industry standards for a variety of technologies.
DEP
Data Execution Prevention
A security feature that prevents code from executing in memory regions marked as nonexecutable.
It helps prevent damage from malware.
MFD
Multi-Function Device
An office machine which incorporates the functionality of multiple devices in one so as to have a smaller footprint.
logging
The act of recording data about activity on a computer
backdoor attack
Attack where hackers install malware to bypass normal network security requirements
Attack is designed to be subtle, and can be hidden within another type of software like a file converter, software update, or suggested download.
Once installed, it’s common for backdoor attackers to remain undetected for as long as possible to spread throughout the network. Once detected, it can be hard to know if you truly have patched all of the areas a backdoor may have reached.
SDK
Software Development Kit
Collection of software development tools in one installable package
hardware attack
An attack that targets a computer’s physical components and peripherals including its hard disk motherboard keyboard network cabling or smart card reader and is designed to destroy hardware or acquire sensitive information stored on the hardware
driver manipulation
A software attack where the attacker rewrites or replaces the legitimate device driver or application programming interface (API) to enable malicious activity to be performed
passive reconnaissance
The process of collecting information about an intended target of a malicious hack without the target knowing what is occurring. This can include:
- physical observation of an enterprise’s building
- sorting through discarded computer equipment in an attempt to find equipment that contains data
- dumpster diving for discarded paper with usernames and passwords
- eavesdropping on employee conversations
- researching the target through common Internet tools such as Whois
- impersonating an employee in an attempt to collect information
- packet sniffing
Compare with active reconaissance.
spyware
Surreptitiously installed malware that is intended to track and report the usage of a target system or collect other data the attacker wishes to obtain
smishing
A human-based attack where the attacker extracts personal information by using SMS text messages
wardriving
- Act of searching for Wi-Fi networks, usually from a moving vehicle, using a laptop or smartphone
- Software for wardriving is freely available on the internet
- Warbiking, warcycling, warwalking and similar use the same approach but with other modes of transportation
watering hole attack
Attack in which an attacker targets a specific group discovers which websites that group frequents then injects those sites with malware so that visitors to the sites will become infected
hacker
Someone who excels at programming or managing and configucing computer systems or has the skills to gain access to computer systems through unauthorized or unapproved means
SEH
Structured Exception Handler
- Extension built into code to handle any kind of errors that come up during the course of running the program
- SEHs are part of a chain of error handling in a program
- If exception gets through the chain without being handled, program typically crashes
- SEH exploit overwrites the SEH and causes a buffer overflow
USB
Universal Serial Bus
Industry standard that establishes specifications for cables and connectors and protocols for connection, communication and power supply (interfacing) between computers, peripherals and other computers.
backdoor
Type of malware that negates or bypasses normal authentication procedures to access a system.
Can grant remote access to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware.
APT
Advanced Persistent Threat
A stealthly threat actor that gains unauthorized access to a computer network and remains undetected for an extended period of time.
Typically uses multiple attack vectors.
man-in-the-middle attack
A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently
buffer overflow attack
Attack that exploits fixed data buffer sizes in a target piece of software by sending data that is too large for the buffer.
online brute force attack
A Cryptographic attack where the attacker tries to enter a succession of passwords using the same interface as the target user application
MOTD
Message of the Day
A file on Unix-like systems that contains a message of the day used to send a common message to all users in a more efficient manner than sending them all an email message.
script kiddie
An inexperienced hacker with limited technical knowledge who relies on automated tools to hack
CSRF
Cross Site Request Forgery
A web application attack that takes advantage of the trust established between an authorized user of a website and the website itself.
AKA XSRF.
OSINT
Open Source Intelligence
A methodology for collecting analyzing and making decisions about data from public sources such as media, public records, social media, industry publications.
Threat actors often use OSINT to find a way in the door.
reconnaissance
A penetration testing technique where the tester tries to gather as much information as possible about the target(s)
SSD
Solid State Drive
DHE
Data-Handling Electronics
Data Handling refers to the process of gathering, recording and presenting information in a way that is helpful to others - for instance, in graphs or charts.
UTP
Unshielded Twisted Pair
A type of nework cable unshielded from electromagnetic interference.
privilege escalation
The practice of exploiting flaws in an operating system or other application to gain a greater level of access than was intended for the user or application
hijacking
A group of network-based attacks where an attacker gains control of the communication between two systems often masquerading as one of the entities
attacker
A term for users who gain unauthorized access or cause damage to computers and networks for malicious purposes.
OVAL
Open Vulnerability Assessment Language
International information security community standard that:
- Promotes open and publicly available security content
- Standardizes the transfer of this information across the entire spectrum of security tools and services
cracker
A user who breaks encryption codes defeats software copy protections or specializes in breaking into systems
PBX
Private Branch Exchange
A telephone exchange or switching system that serves a private organization
Permits sharing of central office trunks between internally installed telephones
Provides intercommunication between internal telephones within the organization without the use of external lines.
eavesdropping attack
Eavesdropping, also known as a network eavesdropping attack, sniffing attack, or snooping attack, is a method that retrieves user information through the internet.
Targets electronic devices like computers and smartphones.
Typically occurs when using unsecured networks, such as public wifi connections or shared electronic devices.
Methods:
- Keystroke logging
- MitM attacks
- Network sniffers
insider
Present and past employees contractors partners and any entity that has access to proprietary confidential information and whose actions result in compromised security
DNS poisoning
A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker’s choosing
spear phishing
An email-based or web-based form of phishing that targets a specific individual or organization
SQL injection
An attack that injects a database query into the input data directed at a server by accessing the client side of the application
DLL injection
An attack where malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries (DLL) that are loaded at runtime.
hacktivist
A hacker who gains unauthorized access to and causes disruption in a computer system in an attempt to achieve political or social change
attack
Any technique used to exploit a vulnerability in an application or physical computer system without the authorization to do so.
keylogger
A hardware device or software application that recognizes and records every keystroke made by a user
STP
Shielded Twisted Pair
A type of nework cable shielded from electromagnetic interference.
source code
Collection of code, with or without comments, written using a programming language
Access to source code enables a someone to change how a piece of software functions
ASLR
Address Space Layout Randomization
A memory-protection process for operating systems that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.
warchalking
Attacker uses symbols to mark up a sidewalk or wall to indicate the presence and status of a nearby wireless network
LDAP injection attack
An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input
adaptive chosen plaintext attack
A cryptographic attack where the attacker repeatedly encrypts a selected plain text message and analyzes the resulting cipher-text to crack the cipher.
Each subsequent attack is based on the results of the previous attack.
software attack
Any attack that targets software resources including operating systems applications services protocols and files
ransomware
Software that enables an attacker to take control of a user’s system or data and to demand payment for return of that control
zombie
A computer that has been infected with malware and is being used by an attacker to mount an attack.
Also called a bot
spoofing
A network-based attack where the goal is to pretend to be someone else for the purpose of identity concealment
downgrade attack
A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages
memory leak
A software vulnerability that can occur when software does not release allocated memory when it is done using it potentially leading to system instability
ARP poisoning
After a successful ARP spoofing, the hacker changes the target’s ARP table, so it contains falsified MAC entries, spreading the contagion.
P2P
Peer to Peer
A distributed application architecture that partitions tasks or workloads between peers.
Peers are equally privileged equipotent participants in the application.
Vulnerable to drive-by software downloads and identity theft.
EMP
Electromagnetic Pulse
A short burst of electrical interference caused by an abrupt and rapid acceleration of charged particles which can short-circuit and damage electronic components.
MAC address spoofing
An attack in which an attacker falsifies the factory-assigned MAC address of a device’s network interface card (NIC)
Attacker takes advantage of flawed h/w drivers or configuration changes to make the MAC address for a router or laptop match one already verified on a network
Related: MAC flooding attacke
MTU
Maximum Transmission Unit
Largest packet or frame size that can be sent in a packet- or frame-based network such as the internet.
The internet’s transmission control protocol (TCP) uses the MTU to determine the maximum size of each packet in any transmission.
known plaintext attack
Attack where the attacker has access to plaintext and the corresponding cipher-text and tries to derive the correlation between them
rainbow table attack
A type of password attack where an attacker uses a set of related plaintext passwords and their hashes to crack passwords
chosen plaintext attack
A cryptographic attack where the attacker encrypts a selected plain text message and analyzes the resulting cipher text to crack the cipher.
DNS spoofing
A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker’s choosing
SPIM
Spam over Internet Messaging
May be more harmful that email Spam:
- User is more likely to click on the link because it is real-time
- Bypasses the enterprise AV and firewalls
banner grabbing
The act of collecting information about network hosts by examining text-based welcome screens or MOTDs that are displayed by some hosts.
dumpster diving
A human-based attack where the goal is to reclaim important information by inspecting the contents of trash containers\
sniffing attack
A network attack that uses a protocol analyzer to gain access to private communications on the network wire or across a wireless network
rogue access point
An unauthorized wireless access point on a corporate or private network that allows unauthorized individuals to connect to the network
jailbreaking
The process of removing software restrictions on an iOS device allowing the user to run apps not downloaded from the official App Store
malware
Malicious code such as viruses Trojans or worms which is designed to gain unauthorized access to make unauthorized use of or damage computer systems and networks
USB OTG
USB On-The-Go
A cable used to connect mobile devices to other devices in a master/slave role.
It is one of many methods that can be used to connect a mobile device to external media.
crypto-malware
A form of ransomware that uses encryption to render the victim’s data inaccessible
EMI
Electromagnetic Interference
A disruption of electrical current that occurs when a magnetic field around one electrical circuit interferes with the signal being carried on an adjacent circuit.
cookie manipulation
An application attack where an attacker injects a meta tag in an HTTP header making it possible to modify a cookie stored in a browser
malicious code
Undesired or unauthorized software that is placed into a target system to disrupt operations or to redirect system resources for the attacker’s benefit
bluesnarfing
Unauthorized access to, or theft of information from a bluetooth device.
Can access info like email, contact lists, calendars, and text messages
Attackers use tools like:
- hcitool
- obexftp
cryptographic attack
A software attack that exploits weaknesses in cryptographic system elements such as code ciphers protocols and key management systems
XSRF (CSRF)
Cross-Site Request Forgery
A web application attack that takes advantage of the trust established between an authorized user of a website and the website itself.
ANT
Proprietary open access multicast wireless sensor network technology similar to Bluetooth but consumes less energy
Developed by ANT Wireless a division of Garmin
Primarily used in sports and fitness sensors
pharming
An attack in which a request for a website typically an e-commerce site is redirected to a similar-looking but fake website
RAT
Remote Access Trojan
Specialized Trojan horse that specifically aims to provide an attacker with unauthorized remote access to or control of a target computer
man-in-the-browser attack
A type of network-based attack that combines a man-in-the-middle attack with the use of a Trojan horse to intercept and modify web transactions in real time
RTBH
Remotely Triggered Black Hole
- Filtering technique that provides the ability to drop undesirable traffic before it enters a protected network
- Helps combat DDoS attacks
POODLE
Padding Oracle on Downgrade Legacy Encryption
- A man-in-the-middle exploit which takes advantage of Internet and security software clients’ fallback to SSL 3.0.
- Another variant exploits cipher block chaining (CBC) encryption in TLS.
takeover attack
A type of software attack where an attacker gains access to a remote host and takes control of the system
domain hijacking
A type of hijacking attack where the attack.er steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking
MDF
Main Distribution Frame
A signal distribution frame or cable rack used in telephony to interconnect and manage telecommunication wiring between itself and any number of intermediate distribution frames and cabling from the telephony network it supports.
typosquatting
An attack in which an attacker registers a domain name with a common misspelling of an existing domain so that a user who misspells a URL they enter into a browser is taken to the attacker’s website
MBR
Master Boot Record
Information in the first sector of any hard disk or diskette that identifies how and where an operating system is located so that it can be booted (loaded) into the computer’s main storage or RAM.
port scanning attack
A network-based attack where an attacker scans computers and other devices to see which ports are listening in an attempt to find a way to gain unauthorized access
virus
A self-replicating piece of malicious code that spreads from computer to computer by attaching itself to different files
polymorphic malware
Malicious code that is designed to avoid detection by altering its decryption module each time it infects a new file
DoS
Denial of Service; A network-based attack where the attacker disables systems that provide network services by consuming a network link’s available bandwidth consuming a single system’s available resources or exploiting programming flaws in an application or operating system
data exfiltration
The process by which an attacker takes data that is stored inside of a private network and moves it to an external network
hybrid password attack
An attack that uses multiple attack methods including dictionary rainbow table and brute force attacks when trying to crack a password
adware
Software that automatically displays or downloads advertisements when it is used.
offline brute force attack
A cryptographic attack where the attacker steals the password and then tries to decode it by systematically guessing possible keystroke combinations that match the encrypted password
logic bomb
A piece of code that sits dormant on a target computer until it is triggered by the occurrence of specific conditions such as a specific date and time
URL hijacking
An attack in which an attacker registers a domain name with a common misspelling of an existing domain so that a user who misspells a URL they enter into a browser is taken to the attacker’s website
vishing
A human-based attack where the attacker extracts information while speaking over the phone or leveraging IP based voice messaging services (VoIP).
threat
Any event or action that could potentially cause damage to an asset
brandjacking
An activity whereby someone acquires or assumes the online identity of another entity for to acquire their brand equity.
Often targets politicians, celebrities or businesses
rogue system
An unknown or unrecognized device that is connected to a network often with malicious intent
ciphertext-only attack
A cryptographic attack where the attacker has access to the cipher text and tries to use frequency analysis or other methods to break the cipher
XML
Extensible Markup Language
A widely adopted markup language used in many documents websites and web applications
bluejacking
Practice of sending unsolicited messages to nearby bluetooth devices.
Messages are typically text but can also be images or sounds.
hoax
An email-based IM-based or web-based attack that is intended to trick the user into performing unnecessary or undesired actions such as deleting important system files in an attempt to remove a virus or sending money or important information via email or online forms
DLL
Dynamic Link Library
Microsoft’s implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems.
The files are executable like an .exe file.
tailgating
A human-based attack where an attacker enters a secure area by following a legitimate employee without the employee’s knowledge or permission
worm
A self-replicating piece of malicious code that travels through a network
Does not need user interaction to execute
Vector
The method that malware uses to propagate itself or infect a computer.
botnet
A group of infected computers that act as software robots and function together in a network, usually the internet, for malicious purposes.
active reconnaissance
Hacking or pentesting method used to collect information about a computer system or network
Uses tools such as network and vulnerability scanners to gather information
Engages targets and is almost always illegal
birthday attack
A birthday attack is a type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory.
Attacker is able to create the same hash as a user’s actual password (e.g., hash collision)
Defense: increase number of bits used in hash
jamming
In wireless networking the phenomenon by which radio waves from other devices interfere with the 802.11 wireless signals used by computing devices and other network devices
client-side attack
Occurs when a user downloads malicious content
XML injection
Attack that injects corrupted XML query data so that an attacker can gain access to the XML data structure and input malicious code or read private data
network tap
A security control on network devices that creates a copy of network traffic to forward to a sensor or monitor like an IDS
phishing
A type of email-based social engineering attack in which the attacker sends email from a supposedly reputable source such as a bank to tty to elicit private information from the victim
OTA
Over the Air
Refers to various methods of distributing new software configuration settings and even updating encryption keys to devices like mobile phones set-top boxes electric cars or secure voice communication equipment.
pivoting
A penetration testing technique where the tester compromises one central host (the pivot) that allows the tester to access other hosts that would otherwise be inaccessible
password attack
Any attack where the attacker tries to gain unauthorized access to and use of passwords
whaling
A form of spear phishing that targets particularly wealthy individuals or organizations
NIST
National Institute of Standards & Technology
NIST is part of the U.S. Department of Commerce
NIST includes the Information Technology Laboratory (ITL) that publishes monthly bulletins focusing on ITL’s research and collaborative activities in cybersecurity.
piggy backing
A human-based attack where an attacker enters a secure area by following a legitimate employee with the employee’s knowledge or permission
frequency analysis
A cryptographic analysis technique where an attacker identifies repeated letters or groups of letters and compares them to how often they occur in plain-text in an attempt to fully or partially reveal the plain-text message
