CEH/PEN - Quizlet Flashcards
Attack: Attack that extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one
Union SQL injection
A technique were an attacker sends FIN/ACK probes to receive a RST packet and would indicate that the port is closed.
TCP Maimon Scan
Types of Vulnerability Assessments: Assesses the network from a hacker’s perspective to discover exploits and vulnerabilities
External Assessment
Cyber Kill Chain: After reconnaissance, the hacker will use information gathered to find/create malware to use against target network
Weaponization
Docker Architecture
- Enables users to interact with Docker
- Can reside on the same host as the daemon or connect to a daemon on a remote host.
Docker Client
An information security standard used to handle credit cards from major card brands.
Payment Card Industry Data Security Standard (PCI DSS)
Google Dork operator: Locates webpages that contain certain characters or strings insider their text
intext
A speech privacy attack that exploits speech reverberations from a smartphone’s inbuilt loudspeaker
Spearphone Attack
Cyber Kill Chain: Hacker takes advantage of vulnerabilities to further infiltrate a target network
Exploitation
Attack: Technique where the attacker compromises the DNS servers so that traffic is directed to a malicious site
Pharming
Attack: Key reinstallation attack. This attack exploits a vulnerability in WPA2 for the purpose of stealing data
KRACK
Encryption algorithm, characterized by a 128-bit block size, and its key size can be up to 256 bits.
IDEA
-This occurs when an attacker is unable to use the same channel to launch the attack and gather results
- database server can send data to an attacker and give them the ability to make DNS and HTTP requests
Out-of-Band SQLi
Types of Vulnerability Assessments: Focuses on testing databases for presence of data exposure or injection type vulnerabilities
Database Assessment
An encryption software that uses both symmetric-key cryptograph and asymmetric-key cryptography for improved speed and secure key exchange.
GPG (GnuPGP)
Nmap scan that performs a TCP SYN ping scan
-PS
An automated tool used to gather a list of words from the a target website to further perform a brute-force attack.
CeWL (custom word list generator)
File that is rich target to discover the structure of a website during web-server footprinting
Robots.txt
- A technique used to evade an IDS system.
- encoding packets with Unicode characters
Obfuscating
Types of Vulnerability Assessments: Determines possible network security attacks that may occur on the organization’s system
Network-Based Assessment
Technique that enhances the security of keys used for encryption and authentication
Key stretching
Attack on the a DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope
DHCP starvation
Tool that allows you to scan your network for known device types that could be used as unwilling participants in a distributed denial-of-service attack
IoT Seeker
Attack: DDoS attack . Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.
Slowloris Attack
Container Technology Architecture: Testing and Accreditation Systems
Tier 2
Tool used to protect against security incidents such as cyber espionage, zero-day attacks, and malware
Flowmon
Attack: a rogue Wi-Fi access point (AP) that masquerades as a legitimate one, enabling an attacker to gain access to sensitive information without the end user’s knowledge
Evil-Twin Attack
Firewall evasion scanning technique that makes use of a zombie system that has low network activity
idle scanning
Attack: In attack in which an entire website and its content is copied on a local drive to view the complete profile of the site’s directory structure, file structure, external links, images, and web pages
Website Mirroring
A mechanism for distributed coordination of a worm
Permutation Scanning Technique
Files on a web server that can be misconfigured and provide useful information for a hacker
httpd.conf
Tool that allows an attacker to obtain the passwords from a Wi-Fi network
Dragonblood
Attack in which DNS queries are incorrectly resolved in order to unexpectedly redirect users to malicious sites.
DNS Hijacking(aka DNS redirection)
Cyber attack in which an authorized user gains access to a legitimate connection of another client in the network
TCP/IP Hijacking
Cyber Kill Chain: After hackers have taken over a target network, they execute malware to interrupt services, steal data, etc.
Actions and Objectives
7 steps of the Cyber Kill Chain
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command and Control
- Actions and Objectives
Types of Vulnerability Assessments: Scans the internal infrastructure to discover exploits and vulnerabilities
Internal Assessment
Container Technology Architecture
- Orchestrators
- Allows developers to deploy multiple containers for implementations within applications
- Automates the processes of running instances, provisioning hosts, and linking containers
Tier 4
Container Technology Architecture: Tier 1
Developer Machines
Attack: Like normal SQL injection; uses a series of true/false questions against the database and determines answers based on the applications response.
Blind SQL Injection
File that determines the basic configuration in an Android application
AndriodManifest.xml
Google Dork operator: Searches for a specific term in the URL
inurl
Google Dork operator: Returns results whose URL contains all the specified characters
allinurl
Google Dork operator: Searches for a exact anchor in text used on any links
inanchor
Google Dork operator: Shows all sites that contains either or both specified words in the query
|
Uses 192 and 256-bit keys for encryption purposes. Weak to brute force attacks.
Advanced Encryption Standard (AES)
Attack: When an attacker, hacker, or unauthorized user spoof the root bridge in the topology
STP Attack
Docker Architecture: Services that provide locations from where you can store and download images.
Docker Registries
Attack: Attack in which a hacker can steal information from a wireless device through Bluetooth.
Bluesnarfing