Misc Flashcards
(13 cards)
Footprinting
Footprinting includes going through the target organization’s official websites and social media, performing dumpster diving, searching sources for employees’ names, email addresses, and IDs, going through a tour of the organization, and other kinds of onsite observation.
Watering Hole
A watering hole attack is when an attacker targets a website that’s commonly visited by a specific group (like employees of a certain company or industry), infects it with malware, and waits for the victims to come to them.
Plaintext (or cleartext)
an unencrypted message
Ciphertext
an encrypted message
Algorithm
the process used to encrypt and decrypt a message.
Cryptanalysis
the art of cracking cryptographic systems
Encryption keys
Encryption keys are used to encrypt and decrypt data.
Symmetric encryption uses the same key to encrypt and decrypt data.
Asymmetric encryption uses one key to encrypt the data and a different key to decrypt the data. These keys are known as a public key and private key.
Hashing
Hashing is the process of converting one value into another using a mathematical algorithm like MD5 or SHA.
Hashing is used on data that does not need to be decrypted, such as passwords.
When a piece of data is run through a hashing algorithm, it always generates the same hash. If even one letter in a file has been altered, the resulting hash would be different. Because of this, hashing can be used to verify that data has not been altered during transmission.
A hash cannot be decrypted.
Salt
Salt, or salting the hash, means that a random number of characters are added to the password before the hash is created.
Digital signatures
By combining a user’s private encryption key and a hash of the data, a user can create a digital signature. A digital signature verifies that the data is legitimate and provides non-repudiation. This means that the sender cannot deny having sent the file.
Elliptic Curve Cryptography (ECC)
Elliptic Curve Cryptography is one of the newer methods being implemented. ECC can generate smaller keys that are more secure than most other methods. Many websites today use ECC to secure connections and data transmissions.
Perfect Forward Secrecy
This cryptography method is used quite often in messaging apps. Instead of the same key being used for an entire conversation or session on a website, each transmission is encrypted with a different unique key.
Steganography
Steganography is the technique of hiding or concealing a file, message, image, or video within another file, message, image, or video. Special programs are often used to hide messages in media files. If a hacker intercepts the message, all they see is the media. They don’t know that there is a hidden message.
