Cybersecurity - Offensive Security Flashcards
(16 cards)
Offensive Security
Offensive security means attacking systems to find vulnerabilities before hackers do. So the workers or employess are trying to βattackβ their own to find vulnberbalties. It includes ethical hacking, penetration testing, and bug hunting.
π Example: A security team tries to hack their own companyβs website to check for weak spots.
Cyber Kill Chain
A model that describes the steps of a cyberattack from reconnaissance to stealing data. It has seven stages:
1οΈβ£ Reconnaissance β Collecting information about the target.
2οΈβ£ Weaponization β Creating a hacking tool (e.g., malware).
3οΈβ£ Delivery β Sending the tool to the target (e.g., phishing email).
4οΈβ£ Exploitation β Running the attack on the system.
5οΈβ£ Installation β Making the malware persistent.
6οΈβ£ Command & Control β Taking control of the system.
7οΈβ£ Actions on Objective β Stealing, modifying, or damaging data.
π Example: A hacker sends a phishing email that installs malware on a companyβs computer.
APT
Advanced Persistent Threat
An APT is a secret, long-term cyber attack where hackers break into a system, stay hidden, and steal important data. These attacks are usually done by governments or big hacker groups to spy or cause harm. π
π Example: APT29 (Cozy Bear), a Russian-backed group, is suspected of hacking the US government.
Threat Analysis Frameworks
These frameworks help analyze cyber threats and plan defenses. The most common ones are:
MITRE ATT&CK β A database of known hacking techniques.
STRIDE β A model for categorizing cyber threats.
π Example: A security team uses MITRE ATT&CK to check how hackers might attack their network.
CVE
Common Vulnerabilities and Exposures
A public database of known cybersecurity weaknesses. Each vulnerability gets a unique CVE ID (e.g., CVE-2023-12345).
π Example: A security researcher finds a new Windows bug and reports it as CVE-2024-56789.
So bassicly a list of common cybersecurity weaknesses, that are named with a unique name. And it reports it
CVSS
Common Vulnerability Scoring System
A rating system (0-10) that shows how dangerous a vulnerability is:
0.0-3.9 β Low risk
4.0-6.9 β Medium risk
7.0-8.9 β High risk
9.0-10.0 β Critical risk
π Example: A banking app bug rated 9.5 (critical) must be fixed immediately.
Vulnerability Scanners
These tools scan networks and websites for security weaknesses.
π Example:
Nmap β Scans for open ports on a system.
Nessus β Scans for known vulnerabilities in software.
Metasploit
Metasploit is a hacking tool used for testing security by finding and exploiting system weaknesses.
What It Does:
β
Helps ethical hackers test for vulnerabilities.
β
Can launch real cyber attacks (for testing).
β
Used for penetration testing & cybersecurity training.
Example:
π A company uses Metasploit to test its network and fix weak spots before hackers attack.
β Think of Metasploit like a security scannerβit helps find and fix problems before real hackers do! π
Types of Delivery (Attack Methods)
Hackers use different ways to deliver malware or gain access to a system. Here are the main attack methods:
1οΈβ£ Phishing π© β Fake emails trick users into clicking bad links or giving passwords.
2οΈβ£ Malicious Attachments π β Infected files (PDFs, Word docs) that install malware.
3οΈβ£ Drive-By Downloads π β Malware downloads automatically when visiting a hacked website.
4οΈβ£ USB Drop Attack πΎ β A hacker leaves an infected USB for someone to plug in.
5οΈβ£ Exploiting Weak Software π β Hackers use security holes in outdated programs.
6οΈβ£ Social Engineering π β Tricking people into revealing passwords or sensitive info.
7οΈβ£ Malvertising π₯οΈ β Fake ads on websites that spread malware.
β Hackers use these methods to deliver malware, so staying alert and using security tools helps prevent attacks! π
Bug Bounty Programs
A Bug Bounty Program is when companies pay ethical hackers to find and report security flaws in their systems before real hackers do.
How It Works:
β
Hackers search for bugs in websites, apps, or software.
β
If they find a bug, they report it to the company.
β
The company rewards them with money or recognition.
Example:
π Google and Facebook pay hackers thousands of dollars for finding security flaws in their systems.
β Bug bounties help companies stay safe by fixing weaknesses before attackers can exploit them! π
Responsible Disclosure
Responsible Disclosure is when a hacker finds a security flaw and privately reports it to the company instead of sharing it publicly.
How It Works:
β
Hacker finds a bug in a system.
β
Reports it to the company (instead of leaking it online).
β
The company fixes the problem before hackers can exploit it.
Example:
π A hacker finds a vulnerability in a bankβs website and reports it instead of using it for harm.
β Responsible Disclosure helps keep systems safe by fixing security flaws before bad actors can use them! π
Zero-Day Vulnerabilities
A Zero-Day Vulnerability is a security flaw that hackers find before the company knows about it. Since thereβs no fix available, itβs very dangerous.
How It Works:
β
A hacker discovers a new security flaw in software or hardware.
β
The company has βzero daysβ to fix it before it can be exploited.
β
Hackers can use it for attacks (until a patch is made).
Example:
π A hacker finds a weakness in Windows that lets them take control of computers before Microsoft knows about it.
β Zero-Day Vulnerabilities are dangerous because no one is prepared for themβcompanies must fix them fast!
Zero-Day Brokers
These are black-market dealers who buy and sell zero-day vulnerabilities.
π Example: A broker sells a new Windows exploit to a hacking group for cyberespionage.
Penetration Testing (Pentesting)
Simulating real cyberattacks to find and fix vulnerabilities before real hackers do.
π Example: A pentester tests a bankβs security by attempting to hack into its system.
Ethical Hacking vs. Black Hat Hacking
Ethical hacking β Legal, with permission.
Black hat hacking β Illegal, criminal activity.
π Example: Ethical hackers work for companies; black hat hackers steal money.
Physical vs. Remote Exploitation
Physical exploitation β The hacker needs direct access to the device.
Remote exploitation β The hacker attacks over the internet.
π Example: A hacker installs malware on a USB stick (physical) vs. sends a phishing email (remote).
