Flashcards in Book - 1 Deck (141)
Viruses are programs that are designed to spread from one system to another through self-replication and to perform any of a wide range of malicious activities.
Crypto-malware is any form of malware that uses cryptography as a weapon or a defense.
Ransomware is a form of malware that aims to take over a computer system in order to block its use while demanding payment.
Worms are designed to exploit a single flaw in a system (operating system, protocol, service, or application) and then use that flaw to replicate themselves to other systems with the same flaw.
Understand Trojan horses.
A Trojan horse is a form of malicious software that is disguised as something useful or legitimate.
A rootkit is a type of malicious code that fools the OS into thinking that active processes and files don’t exist. Rootkits render a compromised system completely untrustworthy.
A keylogger is a form of malware that records the keystrokes typed into a system’s keyboard.
Understand spyware and adware.
Spyware gathers information about users and may employ that information to customize advertisements or steal identities. Adware gathers information about users and uses it to direct advertisements to the user. Both spyware and adware are usually unwanted software that gathers information without authorization.
A botnet is a network of robots or malicious software agents controlled by a hacker in order to launch massive attacks against targets.
Understand a RAT.
A remote-access Trojan (RAT) is a form of malicious code that grants an attacker some level of remote-control access to a compromised system.
Understand logic bombs.
A logic bomb is a form of malicious code that remains dormant until a triggering event occurs. The triggering event can be a specific time and date, the launching of a specific program, or the accessing of a specific URL.
Understand backdoor attacks.
There are two types of backdoor attacks: a developer-installed access method that bypasses any and all security restrictions, or a hacker-installed remote-access client.
Understand malicious code countermeasures.
The best countermeasure to viruses and other malicious code is an antivirus scanner that is updated regularly and that monitors all local storage devices, memory, and communication pathways for malicious activity. Other countermeasures include avoiding downloading software from the Internet, not opening email attachments, and avoiding the use of removable media from other environments.
Understand social engineering.
Social engineering is a form of attack that exploits human nature and human behavior. Social engineering attacks take two primary forms: convincing someone to perform an unauthorized operation or convincing them to reveal confidential information.
Phishing is the process of attempting to obtain sensitive information such as usernames, passwords, credit card details, or other personally identifiable information (PII) by masquerading as a trustworthy entity (a bank, a service provider, or a merchant, for example) in electronic communication (usually email).
Understand spear phishing.
Spear phishing is a more targeted form of phishing where the message is crafted and directed specifically to an individual or group of individuals. The hope of the attack is that someone who already has an online/digital relationship with an organization is more likely to fall for the false communication.
Whaling is a form of phishing that targets specific high-value individuals.
Vishing is phishing done over VoIP services.
Understand tailgating and piggybacking.
Tailgating occurs when an unauthorized entity gains access to a facility under the authorization of a valid worker but without their knowledge. Piggybacking occurs when an unauthorized entity gains access to a facility under the authorization of a valid worker but with their knowledge and consent.
Impersonation is the act of taking on the identity of someone else. The purpose of impersonation is to trick someone into believing you’re the claimed identity so you can use the power or authority of that identity. Impersonation is also known as masquerading or spoofing.
Understand dumpster diving.
Dumpster diving is the act of digging through trash in order to obtain information about a target organization or individual. It can provide an attacker with information that could make social engineering attacks easier or more effective.
Understand shoulder surfing.
Shoulder surfing occurs when someone is able to watch your keyboard or view your display. This may allow them to learn your password or see information that is confidential, private, or simply not for their eyes.
A hoax is a form of social engineering designed to convince targets to perform an action that will cause problems or reduce their IT security. A hoax is often an email that proclaims some imminent threat is spreading across the Internet and that you must perform certain tasks in order to protect yourself.
Understand watering hole attacks.
A watering hole attack is a form of targeted attack against a region, a group, or an organization. It’s waged by poisoning a commonly accessed resource.
Understand principles of social engineering.
Many techniques are involved in social engineering attacks. These often involve one or more common principles such as authority, intimidation, consensus/social proof, scarcity, familiarity/liking, trust, and urgency.
Understand arbitrary code execution.
Arbitrary code execution is the ability to run any software on a target system.
Denial of service (DoS) is a form of attack that has the primary goal of preventing the victimized system from performing legitimate activity or responding to legitimate traffic. One form exploits a weakness, an error, or a standard feature of software to cause a system to hang, freeze, consume all system resources, and so on. The end result is that the victimized computer is unable to process any legitimate tasks. Another form floods the victim’s communication pipeline with garbage network traffic. The end result is that the victimized computer is unable to send or receive legitimate network communications.
Understand a Smurf attack.
This form of DRDoS uses ICMP echo reply packets (ping packets).
Added: Usually initiated through a botnet which sends pings from a forged source address (the victim's address) to a third party. The third party sends echo replies, overwhelming the victim.
Understand Xmas attacks.
The Xmas attack is actually an Xmas scan. It’s a form of port scanning that can be performed by a wide number of common port scanners, including Nmap, Xprobe, and hping2. The Xmas scan sends a TCP packet to a target port with the flags URG, PSH, and FIN all turned on.