Study Flashcards
(289 cards)
1
Q
Authentication Factors
A
Something you know, have or are
2
Q
Authentication Attributes
A
Less certain factors like IP or location
3
Q
/etc/passwd
A
Contains user info + hashed passwords
4
Q
/etc/shadow
A
Contains encrypted passwords + security info
5
Q
%SystemRoot%System32\config\SAM
A
Where Windows stores passwords
6
Q
TAP Active
A
Network management, boosts signal strength + makes data better to send to a monitoring tool
7
Q
TAP Passive
A
Copies network traffic
8
Q
SPAN (Mirror)
A
Copies traffic from a bunch of ports and mirrors to one port
9
Q
swapfile
A
When RAM is full data goes here
10
Q
cdmlet
A
PowerShell command to control 1+ computers at once
11
Q
Recovery Point Objective (RPO)
A
How much data a company can lose in a disaster event
12
Q
RAM
A
Short term memory, data that is being actively used or processed
13
Q
Cache Memory (CPU Memory)
A
Part of RAM, temporarily stores most frequently used instructions to make CPU process it faster
14
Q
Hard Disk Drive (HDD)
A
Old school data storage
15
Q
Solid State Drive (SDD)
A
Like HDD but newer and better
16
Q
Controller Cache
A
Temporary storage area that saves frequently accessed data to speed
17
Q
Dump Files
A
Captures what happens when program/system crashes
18
Q
Self Encrypting Drive (SED)
A
Built in protection, very secure, good for performance but expensive
19
Q
Full Disk Encryption (FDE)
A
Can be applied to any drive, cheaper but takes time to encrypt/decrypt everythang
20
Q
Honeypot
A
Single system/resource
21
Q
Honeynet
A
Bunch of connected honeypots
22
Q
Honeyfile
A
1 decoy
23
Q
DNS Security Extensions (DNSSEC)
A
Combats DNS poisoning, uses cryptographic signatures to ensure websites are legit
24
Q
DNSSEC Stages
A
- Signing the Data (making public/private keys)
- Key Distribution
- Signing Resource Records (Signing it)
- Authentication
- Chain of Trust (confirmation)
25
IEEE802.1X
Network security, controls which devices are let in. Checks via device, switch and authentication server
26
Security Enhanced Android (SEAndroid)
Security enhancements, assigns labels to everything, like what entity can do
27
Memory Leak
Program/app not releasing temp memory when it's done
28
Exception Handling
Code tries to do something it can't/bugs out it doesn't shut down
29
Clickjacking
Malicious website overlays/disguises their content over a legit one
30
UEM (Unified Endpoint Management)
Controls multiple types of devices despite different OS'. Can do actions, change policies and update software
31
XSS (Cross Site Scripting)
Attacker injects malicious script into legit website
32
PAP (Password Authentication Protocol)
Old way of transmitting credentials, plaintext so unsecure unless using secure tunnel like IPSec. Basic username/password login
33
IPSec (Internet Protocol Security)
Encrypts data sent over network, provides integrity and authentication. Verifies identity of users involved
34
AH (Authentication Header)
Used in IPSec and encrypts the whole packet. Privudes authentication/integrity and protects against replay attacks
35
ESP (Encapsulated Security Payload)
Part of IPSec, encrypts the actual data payload
36
L2TP (Layer 2 Tunneling Protocol)
Creates tunnel between 2 endpoints. Creates VPN when used with IPSec
37
C2 Server (Command & Control Server)
Commands bots + botnets. Malware connects endpoints to C2.
38
Hash Collision
2 different data inputs return the same hash
39
DLL (Dynamic Link Library)
Precompiled functions from different apps to save resources
40
DLL Injection
Insert code into running process. Can mask malware with legit code
41
LDAP
Manages + accesses directory info over a network. Commonly used for user authentication and authorisation
42
Directory Traversal Attack
Attack uses ../ to break free from directory and access forbidden ones
43
Race Condition
Several processes trying to access the same resources at the same time = freak out, processes wont work properly and mistakes will be made
44
Improper Input Validation
Data input isn't checked so users can insert malicious stuff
45
Network Replay Attack
Attacker resends user data to access users stuff. Attacker snooped on user comms and took info, then resends that info so it gets sent to them = access to user/network stuff
46
Session ID
Website assigns users loging a session ID so they don't have to keep logging in
47
SSRF (Server Side Request Forgery)
Take control of a server and uses it as a proxy for naughty activities
48
On Path Attack
Man in the middle
49
Shimming
Adding extra code (a shim) to smooth over compatibility issues, doesn't affect core code
50
Refactoring
Changing essential code, malware refactors so it doesn't match attack signature
51
Sideloading
Downloading app from non official app store
52
Prepending
Adding extra characters (01,02,03) for filing and security (random hashes/characters)
53
Fuzz Testing
Throwing random inputs to software to test it
54
Pass the Hash
Attacker logs in with just the hash not plaintext
55
Bluejacking
Spam via bluetooth
56
Bluesnarfing
Unauthorised access to a device via bluetooth
57
Wireless Dissociation Attack
Kicking user off WiFi
58
2V (Initialisation Vector)
Like a salt, adds random data to result in diff ciphertexts for same data
59
ARP Poisoning
Associate my MAC address with default gateway IP so network traffic gets sent to me
60
DNS Poisoning
DNS translates URL to IP to take you where wanna go. This attack changes IP to take you somewhere else
61
Pharming
DNS poisoning falls under pharming, can also send you to identical looking website
62
OT (Operational Technology)
Physical tech like machines or power plants
63
Federation
Use one company's credentials for multiple logins, like Google
64
SAML
Document that contains AAA about the user, used for SSO
65
OAuth (OpenAuthorisation)
Used in SSO/federation, lets apps access some user data without their credentials
66
Proxy/Proxy Server
Sits between users devices and external networks. It mediates comms, performs security, privacy, content filtering, and network performance optimisation. Forwards user requests
67
Jump Server
Sits at edge of network and decides which external users are allowed access to internal servers. Users connect to jump server first
68
ATT&CK (Attacks, Tatics, Techniques & Common Knowledge)
Part of Mitre, framework basically logs all known ATT for education and security purposes
69
SDK (Software Development Kit)
Set of tools, libraries, documentation devs use to built stuff. Means devs can focus on working not on low level implementation stuff
70
DOM (Document Object Model)
Interface for web documents. Translates docs (like HTML/XML) into a tree like structure with nodes. Makes it easier to change stuff in the doc
71
VBA (Visual Basic)
Macro programming language, file extension is .vba or .bas
72
RAD (Rapid Application Development)
Methodology for writing software faster
73
Powershell
Command line and scripting language for Windows, file extension is .ps1
74
Unix
OS with great command line interface. File extension .sh
75
CVE
Directory of known exploits
76
NVD (National Vuln Data)
Made by NIST, even better American CVE
77
AIS (Automated Indicator Sharing)
USAs real time sharing of threat indicators
78
STIX
Standardised language for sharing threat info/indicators
79
TAXII
How people share infosec info like IoC and TTPs
80
S/MIME
Email encryption, uses public key cryptography, relies on PKI, and allows use of digital signatures
81
SOAR (Security Orchestration, Automation + Response)
Integrates diff tools, focuses on automated incident response, better for large orgs
82
DEP (Data Execution Prevention)
Prevents code from being executed in memory that should only contain data, reduces exploits
83
DHE (Diffie Helman Ephemeral/Exchange)
Asymmetric encryption where each key is newly generated for each session. Means past sessions can't be comprimomised with current keys and vice versa
Often used in TLS
84
Nmap TCP/SYN Scan -sS
Stealthy way of checking for open ports on nmap
85
Nmap -O
Show open ports and OS but not the version
86
tcpdump
Capture and analyse network traffic
87
nslookup
Lookup domain and IPs via querying DNS
88
traceroute (tracert)
Find network topology. Traces route packets take from source to destination + records time it takes.
tracert - Windows
traceroute - Linux/Mac
89
ip/ifconfig
Network interface info
ipconfig - Windows, gives IP, subnet mask, default gateway and DNS server
ifconfig - Linux, gives IP, subnet mask, broadcast address
90
netstat
Shows network statistics, and traffic between local device and other devices on the network
Shows open ports, routing tables and network connections, etc
91
rootkit
Virus that can change files and admin rights to gain privileges
92
Fault Tolerance
Ensuring a system can survive failure, through things like redundancy and load balancing
93
Elasticity
System adaptability
94
Configuration Validation
Verifying config settings and ensuring they're right
95
Recovery Point Objective (RPO)
The amount of data loss an org/system can sustain
96
Work Recovery Time (WRT)
How long after disaster recovery until reg work activities can resume
97
Recovery Time Objective (RTO)
Max amount of time disaster recovery can take
98
RADIUS
AAA solution, scalable, works with network devices like switches and routers.
Only encrypts passwords. Centralised, open source. Works for stuff like WiFi and VPNs
99
TACACS+
AAA solution, same as RADIUS but is a Cisco proprietary control. Works primarily with Cisco devices but encrypts entire packet. More granular
100
Kerberos
AAA solution, the default Windows solution. Network authent, used for SSO and mutual authen between client/server - prevents onpath/replay attacks. Cryptographic ticketing system. Not every device compat with Kerberos
AS gives user a TGT
User gives TGT to TGS
User also gets ST from TGS to acces specific stuff like email
User sends ST to SS which decrypts it TGS
101
EAP
Butter that smooths over the AAA solutions/diff authentication solutions and allows them to work together
102
EAP-TLS
Uses digital certs for mutual authentication - most secure EAP
103
EAP-PEAP
Uses TLS to produce encapsulate EAP messages in a secure tunnel
104
EAP-FAST
Sets up secure tunnel with PAC (Protected Access Credential) which securely transport credentials
105
Privilege Attribute Certificate (PAC)
Part of Kerberos, contains authorisation info about the user
106
EAP-TTLS
Like PEAP (secure tunnel) but uses a server side certificate, has mutual authentication between client and server
107
Cryptographic primitive
A hash or a/symmetric encryption
108
Cryptographic system
Bunch of primitives like a cipher suite
109
SCADA
Manages industrial processes, monitors/controls/optimises processes/infra in real time. Does everything from remote control/security/alarms
110
Piggybacking
Like tailgating but tricking someone to let you in
111
Pivoting
Using a compromised account/system to gain access to other accounts/systems. Lateral movement
112
EDR (Endpoint Detection + Response)
Detects/responds to advanced threats at endpoint level, does everything Bitdefender can basically
113
EDR Traditional vs NG EDR
NG has AI, ML, user analytics, proactive threat hunting, good with cloud + helps protect diverse environments. Trad is none of that and is reactive
114
RAID Level 0, 1, 5
0 is no redundancy but high performance (striping without parity), 1 is duplicating all data to another drive (mirroring), 5 is spreading data across a bunch of drives and having one drive that holds the full data (striping with parity)
115
Signature Based Detection
Assign signatures to malware/malicious processes/attacks, etc Needs frequent updating to keep up with new attacks. Used by AV
116
Sectoral/Directional Antennas
Sectoral for P2M and Directional for P2P
117
Business Process Analysis (BPA)
Analyse stuff to understand how business process works.
1. Process inputs/outputs
2. Roles/responsibilities
3. Process flow/sequence
4. KPIs
5. Dependencies/interactions (want low dependencies)
118
Load Balancer Layer 4 (Transport Layer)
Uses TCP and UDP, doesn't inspect data transmissions, distributes info based on header info like IPs/ports - used for streaming services too
119
Load Balancer Layer 7 (Application Layer)
HTML based, routes info based on URLs, cookies, etc as well as on data transmission content. It can test applications states
120
Digital Certificates
Cryptographic document that binds the identity of an entity to a public key. Has public/private key pairs.
Only valid for x amount of time
Adheres to X.509 standard
121
Digital Certificate Frequent Uses
Code signing certs for software validity
Email security (using key pairs for encryption)
In TLS/SSL protocols for security
122
X.509
Standard that defines the format of public key certificates
123
Certificate Authorities (CA)
Assigns the certificates, entire PKI system is based on trust of the CA.
Root CA - top of hierarchy, assigns intermediary CAs
Intermediary CAs - assign certificates to entities
If intermediary CA gets compromsied the root CA is still secure which is vital, limits the impact of compromise
124
PKI (Public Key Infrastructure)
The framework that runs digital certificates
125
RA (Registration Authority)
Investigates/verifies the identities of the entities applying for certificates
126
CRL (Certificate Revocation List)
Lists that CAs update to tell entities when their certificates are expiring
127
Interconnection Security Agreement (ISA)
When orgs need to work together or share data the ISA sets the ground rules of what is/n't allowed
128
Software Defined Networking (SDN)
Separates control plane from data plane in network devices. Makes network structure more flexible and efficient
129
Control, Data and Management Planes
Control plane is the instructions on what to do (what to prioritise, secure or switch)
Data plane is the action of doing it
Management - monitors traffic and network status
130
Order of Volatility
System memory cache, data on mass storage devices, remote monitoring data, archival media
131
arp command
Helps detect spoofing attacks
132
Service Oriented Architecture (SOA)
Prioritises services which are chunks of code that function independently and can be put in other apps or used for different stuff
133
Microservices
Uses API to break app into 'microservices' for flexibility and scalability. Can change code in each microservice rather than whole app
134
VM Sprawl + Countermeasures
Uncontrolled growth of VMs in a virtual enivronment. Usage audits + asset documentation
135
VM Escape + Countermeasures
Malware running on guest OS escapes to another OS or to the host. Sandboxing + patch management
136
CHAP
Standard login but sends password as a hash
137
SLE (Single Loss Expectancy)
Loss expected from one event
138
ALE (Annualised Loss Expectancy) + ALEm
Loss over a year, ALEm is with Mitigation so loss expectancy over a year with mitigation startegies included
SLExARO=ALE
139
EF (Exposure Factor)
(Value of Loss/Asset Value) x100
140
ARO (Annual Rate of Occurrence)
How many times a year will this happen
141
ROSI (Return On Security Investment)
How much is saved
((ALE - ALEm) - Cost of Solution) / Cost of Solution
142
Cyber Kill Chain Phases (Lockheed Martin)
1. Reconnaissance
2. Weaponisation
3. Exploitation
4. Delivery
5. Installation
6 Command and Control (C2)
7. Actions on Objectives
143
Hypervisor/VMM (Virtual Machine Monitor)
What VMs run on, like VirtualBox
144
Stream Ciphers
Often used in symmetric encryption. Encrypt one bite at a time, are fast. Often include IV (like a salt) to the encryption
145
Block Cipher
Often used in symmetric encryption. Encrypts whole blocks at a time, not bite by bite.
146
Blockchain
Digital, decentralised ledger. Saved in 'blocks' and usually hashed. Used for crypto payments, online voting, etc
147
Hybrid Cloud
Combines two or more cloud types, like public, private or community
148
Fog Computing
Bridge between IoT (edge) devices and the cloud. Data can quickly be moved to cloud but not stored in there
149
Edge Computing
IoT devices, they need only themseleves to do their tasks, don't need to contact the cloud/internet. Like LED light
150
Containerisation
Instead of using VMs to run each app, you contain each app in a 'container' (sandbox) and run them. More streamlined than virtualisation
151
VPC (Virtual Private Cloud)
Secure sections in a public cloud that holds specific resources
152
Transit Gateway
Directs users to correct VPC
153
Normalisation
Removing duplicates of info in a database
154
SQL Injection Countermeasures
Input validation and stored procedures (only xyz SQL commands accepted)
155
Code Bloat
Source code being unnecessarily big and complicated
156
TOTP
Time based one time password
157
HOTP
HMAC Based One Time Password, generated with a secret key
158
Multipath I/O
Technique that provides multiple paths between host and storage device. Mitigates single point of failure + enhances availability
159
NIC (Network Interface Card) Teaming
Combining multiple NICs for performance, load balancing and redundancy
160
UPS (Uniterruptable Power Supply)
Good for short term emergency power
161
PDU (Power Distribution Unit)
Distributes power to multiple devices
162
SAN (Storage Area Network)
Connects storage devices to servers at high speeds. Centralise storage management in a data center
163
NAS (Network Attached Storage)
Storage device/server in a network that provides file storage to other devices. Shares and manages files
164
Incremental Backup
Captures data that has changed since the last backup. Typically multiple incremental backups have the full data needed, it's faster and uses less storage
165
Differential Backup
Captures all data since the last FULL backup. Takes longer + more storage space but easier to restore
166
Non-Persistence
When changes made to system are temp so they go away once there's a reboot
167
RTOS (Real Time Operating System)
OS where tasks are completed in specific time frames, have to be predictable. Used in medical devices, brakes, missiles, etc
168
HSM (Hardware Security Module)
Secure hardware device that creates, manages and protects encryption keys. Can work with many devices
169
Zigbee
Allows IoT devices to talk to each other
170
Screened Subnet
DMZ, zone were servers/services are isolated usually between internet and internal systems
171
ECC (Eliptic Curve Cryptography)
Asymmetric encryption method, suits things with low processing power like mobiles
172
Session Key
Symmetric + used in only one session, used for session IDs
173
Block Cipher ECB
Weak and shouldn't be used, replicates encrypted blocks
174
Block Cipher GCM
Secure encryption, provides CIA - often used with TLS
175
Block Cipher CFB
Turns block cipher into stream cipher
176
Null Pointer Dereference
Attacker gets app memory directed to null (no memory) causing it to crash and DoS
177
SSH
Network protocol for secure data transfer, remote login, command execution, etc
178
SRTP + RTP (Secure/Real-time Transport Protocol)
Protocol for trasmitting video and audio over internet. SRTP is the secure version
179
FTP/FTPS (File Transfer Protocol Secure)
Protocol to exchange files over network/internet. FTPS uses SSL/TLS
180
SNMP (Simple Network Management Protocol)
Protocol for managing/monitoring devices in a network. SNMPv3 is most secure, v1/v2 sent data unencrypted
181
UEFI
Better replacement of BIOS. Better GUI and secure boot
182
Trusted Platform Module (TPM)
New hardware section in computer that securely stores cryptographic keys and securing the platform, ensuring secure boot. Only one device
183
Hardware Security Model (HSM)
Like TPM but only for cryptographic keys
184
Tokenisation
Replacing security info with unique token like credit card number becomes Token123
185
Resource Exhaustion
DoS attack involves taking up a lot of resources like memory so nothing works
186
Network Access Control (NAC)
Says what is allowed on the network, prevents rogue access points
187
HaaS (Hardware as a Service)
Provider gives you physical things like servers
188
SaaS (Software as a Service)
A software service like outlook or gmail
189
PaaS (Platform as a Service)
Platform for buuilding your own apps, gives you dev blocks, like a login page block, etc. Speeds up dev greatly - dont have to code every little thing
190
XaaS (Anything as a Service)
Anythign that can be delivered over Internet/Network as a service
191
Latency
Time between x being requested and x actually happening
192
Virtualisation
Running multiple OS' on same device, using VMs basically
193
UC Server (Unified Communications)
Brings together different comm tools into a unified platform
194
Transparent Proxy
User doesn't know that there's a proxy, everything is done automatically
195
Nontransparent Proxy
User has to configure settings and work with the proxy. Usually used by users who want to anonymity or content filtering
196
NAT (Network Address Translation)
Translates a bunch of private IP addresses into one public IP when going on the Internet. Conserves public IPs and helps security
197
WPA3 (WiFi Protected Access 3)
Wifi and wireless network security enhancer. Gradual update from WPA2
198
SAE (Simultaneous Authentication of Equals)
Key exchange protocol used in WPA3
199
PSK (Pre Shared Key)
Key exchange security mechanism in WPA and WPA2
200
WPS (WiFi Protected Setup)
Simple way of connecting devices to wifi like with a pin. Insecure, shouldn't be used, susceptible to brute forcing
201
WEP (Wired Equivalent Privacy)
Old version of WPA with tonnes of vulnerabilities, no longer used
202
OTA (Over the Air)
Wireless delivery of software updates to mobile or IoT devices
203
RCS (Rich Communication Service)
Better version of SMS, adds media, read receipts, etc
204
CASB (Cloud Access Security Broker)
Intermediary between users and CSPs, monitors user activity and has security features like encrypting data, only authorised access, lists applications in use
Does not provide security for data on laptops/mobiles but all data transfer are encrypted
205
206
OpenID
Like OAuth but provides authentication, often used for SSO
207
NTP (Network Time Protocol)
Synchronises time across all devices/networks
208
NTPSec
Secure version of NTP
209
SAN Certificate (Subject Alternative Name)
Certificate covers many domains, subdomains or hosts
210
Wildcard Certificate
Certificate that covers different subdomains
211
Key Escrow
Trusted third party that stores cryptographic key backups
212
Recovery Agent
Retrieves keys from key escrow
213
Certificate Chaining
Verifying authenticity of new certificates by checking up the chain to the root CA
214
netcat
Windows/Linus command can be used for anything from banner grabbing, port scanning, file transfer and proxying
215
Routing Table
Data table stored in a router with info on network destinations
216
NXLog
Log management tool that centralises logs, collects, processes and forwards log data.
217
NetFlow
Cisco network protocol that collects IP traffic info and monitors network traffic flow
218
IPFIX
Standard for exporting traffic flow info from network devices, used for monitoring, anal and security. Contains info like src/dest IP addresses, protocols, ports and timestamps
219
Syslog
Standard protocol for collecting and transmitting log messages in a network
220
Syslog-ng
Open source syslog with better features like centralisation, message filtering, routine and processing
221
rsyslog
Syslog for LinuxUnix with better features like filtering, input sources and output targets
222
ISO 27001
Standard that gives guidelines to orgs on how to establish and maintain an ISMS to protect information assets
223
ISO 27002
Supports 27001, gives guidelines on implementing infosec controls
224
ISO 27701
Expands on 27001 to include privacy management, PIMS
225
ISO 27702
Complements 27701, gives additional guidelines
226
ISO 31000
Guidelines on risk management
227
Partially Known Environment
Only know some stuff about the environment
228
Partitioning Data
Splitting data up into smaller chunks based on xyz
229
Kernel
Bridge between hardware and software and manages system resources
230
ROM (Read Only Memory)
Non volatile memory and stores data even without power
231
Process Table
OS stores this info which is every process running on the device
232
MFD (Multi Function Device)
Like a printer, fax, scanner, etc all in one
233
SoC (System On a Chip)
All components for a computer on one chip, like memory, CPU, etc
234
MTTF (Mean Time To Failure)
Average time x thing can operate before a failure
235
Watering Hole Attack
Attacker knows victim visits x site so they compromise the site to get to victim, also in real life scenarious like knows x person is going to a conference
236
EAP-MSCHAP
Weak, often unused.
237
head/tail commands
First/last 10 lines of file
238
curl command
Retrives a webpage and displays as HTML in command line
239
grep command
Search for text/x thing in files
240
OpenSSL
Cryptography library that supports SSL/TLS encryption on web servers
241
Scanless
Port scan using a proxy - not traced to you
242
WAF (Web Application Firewall)
Intermediary firewall between web servers and incoming traffic. Mitigates SQL injection, XXS and CSRF
243
CRSF (Cross Site Request Forgery)
Like malicious clickbait on website. Tricks user on legit site
244
SSID (Service Set Identitifier)
WiFi name
245
DNS Sinkhole
Route malicious DNS requests to a bum (sinkhole) server so it can't cause damage, or devives trying to connect to C2 servers
246
Measured Boot
Records the integrity of each component of boot process, creates a log of it
247
Trusted Boot
Like measured but each component in boot process is signed with trusted key - prevents malware being executed
248
Secure Boot
Enforces use of signed + authenticated bootloaders/OS components. Prevents unsigned/tampered code beign executed
249
VDI (Virtual Desktop Infrastructure)
Virtual desktop (VM) that can be accessed on thin clients, mobiles, etc
250
NGFW (Next Gen FireWall)
Traditional firewall functions with application control, intrusion prevention, advanced threat protection, user identity and SSL/TLS inspection
251
LDAPS (LDAP over SSL)
Secure comms protocol that adds encryption to LDAP data exchanged between client/server
252
PCI DSS
Standard for credit card security
253
CSA CCM
Documents for implementing/managing cloud security controls. CSA is the nonprofit
254
Polymorphic Virus
Virus changes itself each time it's downloaded. Has to be installed by user
255
IMAP (Internet Message Access Protocol)
Email protocol for accessing and managing emails on a server like Outlook
256
PFS (Perfect Forward Secrecy)
Generating unique session key for each session. Past session keys can't be used for future sessions and vice versa
257
Data Owner
Senior person who decides who has access, usage policies, etc
258
Data Processor
Follows instructions of data owner and processes on their behalf. Responsible for security measures during processing
259
Data Steward
Individual/team responsible for day to day management/quality of data
260
Data Protection Officer (DPO)
Mediator between org, data subjects and authorities. Monitors data protection, ensures org follows rules
261
Elasticity
If system/infrastructure, esp in cloud computing, can scale up or down with demand
262
Least Privilege
Bare minimum access/permissions needed to complete job
263
FTK Imager (Forensic Toolkit)
Create forensic image of hard drive or USB
264
Autopsy
Open source tool for analysing/investigating forensic evidence in user friendly way
265
NIST RMF (Risk Management Framework)
Structure for managing cyber security risk in federal systems
266
Resource Exhaustion
Lack of space in critical resources like CPU, network bandwidth or memory
267
HIPS (Host Based Intrusion Prevention System)
IPS on a host, examines stuff like file modifications and network connections
268
PGP (Pretty Good Privacy)
Widely used encryption program for data comms, usually email. Uses symmetric and asymmetric
269
WAP (Wireless Access Point)
Lets wifi enabled wireless devices like phones connect to wired network via radio signals
270
Out of Band Key Exchange
Swapping encryption keys off network, like over the phone for security
271
VPN Concentrator
VPN that handles a bunch of connections
272
Stored Procedures
Precompiled/stored SQL queries/statements saved on database for later use
273
FAR/FRR (False Acceptance/Rejection Rate)
How many false acceptances/rejections biometric reader makes
274
Data Masking
Scrambling or replacing identifiable data with pseudononymous data for anonymity
275
OCSP/OCSP Stapling
Protocol that allows web server to check when certificates expires/gets revoked. Stapling is when OCSP responds and 'staples' response to the certificate
276
Static/Dynamic Code Analyser
Static checks it without executing it, dynamic executes to find out
277
Certificate Pinning
Pins SSL/TLS certificate/public key to a domain. Prevents MITM
278
Buffer Overflow
Program writes more data than it was allowed to hold, causes crashes
279
Integer Overflow
Number goes over alloted amount and causes issues like crashes
280
MAC Cloning
Attacker copies MAC address of authorised device for impersonation, MITM or evasion
281
Heuristics
AV studies how programs normally acts and flag it when they don't act right
282
Anomaly Based Detection
Anything deviates from baseline is flagged
283
Behaviour Based Detection
Understands entity behaviour over time and flags when deviates from behaviour
284
netview
Windows command to view every available resource on LAN like computers, servers and shared folders
285
memdump
Dumping memory (RAM) into file
286
chmod
Linux command for changing permissions of files and directories
287
dd
Linux command for copying data from one locations to another and disk imaging
288
Split Knowledge
Splits knowledge between 2+ people so no one knows everything
289
Split Tunnel VPN
Some info through VPN like files some not like printer sent
