To Learn Flashcards
Regex
\b
Metacharacter matches at the beginning or end of a word
\bLO - matches LO at the beginning of a word
LO\b - matches LO at the end of a word
Regex
( )
Defines and captures groups of characters.
^(IMG\d+.png)$
Regex
[ ]
Matches a single instance of the specific characters.
[abc]
[A-F]
[0-5]
Regex
?
Adds optionality to a character. It does not have to be present to match.
ab?c will match with abc or ac
Regex
.
Escaped the period character to match the period.
The period charcter without the backslash is a wildcard for any character.
Tombstone
The original file is quarantined and replaced with one describing the policy violation and how the user can release it again
DLP Remediation Actions
Alert only
Block
Quarantine
Tombstone
Heuristic Analysis
A method that uses feature comparisons and likenesses rather than specific signature matching to identify whether the target of observation is malicious.
Behavioral Analysis
A heuristic model of “typical” behavior is created. An alert is created for any behavior that is outside of the baseline.
Anomaly Analysis
A network monitoring system that uses a baseline of acceptable outcomes or event patterns to identify events that fall outside the acceptable range.
Trend Analysis
The proess of detecting patterns within a dataset over time, and using those patterns to make predictions about future events or better understand past events
Data acquisition
The process of obtaining a forensically clean copy of data from a device held as evidence
Order of data acquisition
- CPU registers and cache memory
- Contents of system memory (RAM)
- Data on persistent mass storage devices
- Remote logging and monitoring data
- Physical configuration and network topology
- Archival media
Password spraying
A brute force attack in which multiple user accounts are tested with a dictionary of common passwords
Credential stuffing
A brute force attack in which stolen user account names and passwords are tested against multiple websites
Brute force attack
A hacking method that uses trial and error to crack passwords, login credentials, and encryption keys
Hybrid attack
A type of attack where the perpetrator blends two or more kinds of tools to carry out the assault
Rainbow attack
An attack that attempts to crack hashed passwords by comparing them against precomuted hashed plaintexts
Dictionary attack
An attack that uses a dictionary file of possible passwords to crack accounts
Risk prioritization
- Risk mitigation
- Risk avoidance
- Risk transference
- Risk acceptance
Risk mitigation
The process of reducing exposure to, or the effects of, risk factors
Risk avoidance
The practice of ceasing activity that presents risk
Risk transference
The response of moving or sharing the responsibilit of risk to another entity (e.g., a vendor)
Risk acceptance
The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring is needed
Incident Response life cycle
- Preparation
- Detection and Analysis
- Containment
- Eradication and Recovery
- Post-incident Activity
Preparation
Incident Response Lifecycle
Preparing the network and machines to be resistant to attack
* Hardening systems
* Writing policies and procedures
* Setting up cponfidential lines of communication
* Creating response resources and procedures
Detection and Analyis
Incident Response Lifecycle
Determine whether an incident has taken place andassessing how severe it might be (triage)
Also includes notifying stakeholders of the incident
Containment
Incident Response Lifecycle
Limit the scope and magnitude of the incident.
Secure data while limiting the immediate impat on customers and business partners.
Eradication and Recovery
Incident Response Lifecycle
Remove the cause of the incident and bring the system back to a secure state
Post-incident activity
Incident Response Lifecycle
Analyze the incident and responses to identify whether procedures or systems could be improved
AKA lessons learned
TPM
Trusted Platform Module
A specification for hardware-based storage of digital certificates, cryptographic keys, hashed passwords, and other user and platform ientification information.
Implemented as part of the chipset or a function of the CPU
Hard coded with a unique, unchangeable asymmetric private key called the enforsement key.
HSM
An appliance for generating and storing cryptographic keys. This sort of solution may be less susceptible to tampering and insider threats than software-based storage
eFUSE
An Intel-designed mechanism to allow a software instruction to blow a transistor in the hardware chip.
Prevents firmware downgrades
SED
Self-encrypting drive
Attack surface
All the points at which an adversary could interact with the system and potentially compromise it
Attack vector
A specific means of exploiting some point on the attack surface
Threat modeling
The process of identifying and assessing the possible threat actors and attack vectors that pose a risk to the security of an app, network, or other system
Adversarial capabilities
A formal classification of the resources and expertise available to a threat actor
Fuzzing
A technique designed to test software for bugs and vulnerabilities. It involved
