Threats, Attacks and Vulnerabilities Flashcards
(101 cards)
1
Q
What is Malware
A
Malicious software that can cause harm to the user.
2
Q
What are some example of malware?
A
Keystroke malware Botnet Adware Viruses and worms Crypto malware
3
Q
How to get malware
A
Vulnerability exploitation
Installation
4
Q
What does the virus need in order to reproduce itself?
A
Execute a program
5
Q
How does the anti-virus protect against viruses?
A
Through virus signatures discovered every week
6
Q
What are some virus kinds?
A
Program virus (part of a program)
Boot sector virus
Script virus
Macro virus
7
Q
What is a worm?
A
Virus that can move itself through the network very quickly
8
Q
How can you mitigate worms?
A
NGFW
IDS/IPS
9
Q
What was the wannacry worm?
A
It infected a computer and encrypted its files
It looks for other systems in the network that has the same vulnerabilities
Once it finds it, it installs itself and runs on the vulnerable computer
It installs a backdoor from where wannacry is downloaded
10
Q
What is ransomware?
A
Cryptograph the computer and ask for money in exchange of the decryption
11
Q
How to avoid a ransomware attack?
A
Have a backup
Keep OS up to date
Keep applications up to date
Keep anti-virus up to date
12
Q
What are Trojans or Remote Access Trojans (RATs)?
A
It is a software that pretends to be something else
13
Q
What is a backdoor?
A
A way to go back into the system without going through the visible frontdoor
14
Q
How to avoid Trojans?
A
Don’t run unknown software
Update anti-virus and anti-malware
Always have backup
15
Q
What is a rootkit?
A
A software generally invisible to the software in the kernel, which makes it hard to remove
16
Q
What is a keylogger?
A
A software that saves the keystrokes and send it to a pre-defined location.
17
Q
What is an adware?
A
Software that pops-up advertisement that can hinder the performance
18
Q
What is a spyware?
A
It watches for what is done in the computer
19
Q
What is a botnet?
A
A special kind of malware that turns the computer into bots that waits for a command, usually comes from trojan horse or software installation
20
Q
What is a logic bomb?
A
A specific kind of malware that waits for an event to happen. Usually difficult to identify and recover from it.
21
Q
What is phishing?
A
A mixture of social engineering and spoofing that tries to deceive the user and make him click or send login information.
22
Q
How to avoid phishing?
A
Check the URL, spelling, fonts, graphics
23
Q
What is Vishing?
A
Voice phishing
24
Q
What is spear phishin?
A
Customized phishing to focus on a specific target with a sense of real content
25
What is whaling?
Spear phishing a high stake target
26
What is Tailgating?
To use someone else to gain access to a building (ex: dress like the people and blend in)
27
How to prevent tailgating?
Make visitors visible and identifiable
One scan, one person at a time
Train organization to ask who they are?
28
What is impersonation?
To pretend to be someone you aren't
| Can come after a throughout study from the organization
29
How to prevent impersonation attacks?
Never volunteer information
Don't disclosure personal details
Verify before revealing info
30
What is dumpster diving?
To go into the dumpster and searching for confidential information
31
What is important to dumpster diving?
The timing
32
Is it legal to dumpster dive?
In most of USA, yes. But it is recommended to verify.
33
How to protect the rubbish?
Secure the garbage
Shred your documents
Look at the trash and do a training based on it
34
What is shoulder surfing?
To look at someone else's screen
35
How to prevent shoulder surfing?
Control your input
Privacy filter
Keep monitor out of sight
Be Careful of who is behind you
36
What are hoaxes?
Threats that don't really exist (ex: hoax about a virus)
37
What is a watering hole attack?
Instead of attacking the machine itself, it attacks where people access (ex: industry related sites, local coffee shop) and infects who connect to them.
38
How to avoid watering hole attack?
Layered defense
Firewall
IPS
Anti-virus and Anti-malware installed
39
Social engineering principles
```
In person or online
Authority
Intimidation
Social proof
Scarcity and urgency
Familiarity and trust
```
40
What is a Denial of Service (DOS)?
To make a service unavailable for any objective
41
How to avoid DoS?
Patch every system and have it updated
42
Are DoS always intentional?
No, it can be unintentional (ex: Network loop, bandwidth, natural disaster)
43
What is a DDoS?
The denial of service from a variety of places (ex: army of botnets)
44
What is DDoS amplification?
Small attacks that turn into big attacks through another device or service. Usually based on old protocols that have no verification functionality.
45
Example of a DDoS amplification?
Multiple DNS entry records that are very long (request -> long response)
46
How does a DNS Amplification DDoS occur?
A Command & Control sends the command to the botnet
The botnet requests a Open DNS entry as being the targeted server
The large response is all sent to the target that can't handle it
47
What is a MITM attack?
Someone between point A and B looking at everything that passes by without being noticed
48
Example of MITM attack
ARP Poisoning
49
How does ARP poisoning work?
The MITM pretends to be another host by sending ARP responses that change the ARP cache in a device, making it look like another.
50
What is buffer overflow?
Occurs when information spills out of the original space meant to take
51
How can you prevent buffer overflow?
Perform a balance check
52
What is data injection?
Adding your own information into a data stream (ex: HTML, SQL, XML, LDAP, etc.)
53
How to avoid data injection?
Data validation
| Better programming
54
What is Cross site scipting? (XSS)
Cross site security flaw, where browser tabs were able to access another tab's information.
55
Example of XSS
Script embedded in URL to execute in a browser tab.
56
What is Cross site request forgery? (XSRF, CSRF)
Takes advantage of the trust between web app and user.
| The bad guy creates a forged request of a bank site to a bank site visitor that clicks and executes the request.
57
What is privilege escalation?
When someone gains a higher level access than the access granted to you.
58
What is a DNS poisoning?
Modify the DNS Server to modify the destination IP address when looked up.
59
How does DNS Spoofing happen?
Bad guy gains control over the DNS server and changes the IP address of the corresponding URL.
60
What is domain hijacking?
To gain access to the domain registration and change the primary DNS Server to a specific DNS Server under control.
61
What are zero day attacks?
Exploit of a new vulnerability that it has not been patched yet
62
What is a replay attack?
Send a network information that makes the hacker look like the actual end user.
63
How pass the hash work?
A user sends a legitimate authentication request to the server
A copy is sent to the hacker's workstation
The hacker uses the information that legitimate message as if he is the legitimate user
64
How to avoid pass the hash?
```
Salted hash (different every time)
Fully encrypted communication
```
65
What is URL hijacking?
To take legitimate traffic to a URL and redirect it to somewhere else
66
What are some types of URL hijacking?
Typosquatting (miss spelling)
Brandjacking (register the brand name)
Clickjacking (to click something that is invisible)
Cookies to hijack session (information stored on the browser)
67
What is driver manipulation?
To take advantage of the trust that can exist between hardwre and OS.
68
What is malware refactoring?
To change the appearance and software each time it is downloaded to try to avoid antiviruses and signature based protection
69
What is spoofing?
One device that pretends to be someone/something it isn't.
70
Some examples of spoofing
```
DNS Spoofing
E-mail address spoofing
Caller ID spoofing
MITM attacks
MAC Spoofing
IP address spoofing
```
71
What is a wireless replay attack?
Similar to wired replay attack, but much easier to capture the data.
72
Why is WEP (Wired Equivalent Privacy) encryption not used any more?
Because it had cryptographic security flaws, suck as ARP request replay attack to gain access to WEP key.
73
What are rogue access points?
To plug-in another Access Point onto the network
74
What are evil twins?
Configure a new AP to have the same SSID, security settings and password.
75
Wha is wireless jamming?
To jam the wireless communication and decrease its signal intentional, or not intentionally.
76
What is a WPS (Wi-Fi Protected Setup) Attack?
Attack that takes advantage of its design, that validates its 8 digit pin by the first 4 digits then by its 3 digits = 10,000 + 1,000 possibilities, making brute force attacks to gain access to passwords much more viable
77
What is bluejacking?
To send an unsolicited message to a mobile device. It can be used with an address book object to send a message.
78
What is bluesarfing?
To access the data on the mobile device through bluetooth, where if you knew the file name, you could download it without authentication.
79
What is RFID (Radio frequency identification)?
Access badges, inventory tracking, pet identification, any tracking that is generally is powerd externally through radio frequency.
80
What is a RFID attack?
To capture the data being communicated, spoof the reader, deny its service, or decrypt its communication.
81
What is NFC (near field communication)?
Two-way wireless communication based on RFID. It uses an access token usually built-in to a device.
82
What are NFC/RFID security cocerns?
Traffic that goes through wireless network
Frequency jamming
Relay or MITM attack
Loss of RFC device control
83
What are wireless disassociatoin attack?
To surf along the internet and suddenly losing it continuously.
84
How does a wireless disassociation attack occur?
Through 802.11 management frames that happen behind the scenes. It is used to configure, find APs, associate and disassociate with APs.
The original wireless standards did not consider security flaws and the requests were sent in the clear.
So disassociation frames can be sent continuously if a few information are known, such as the MAC adddress of the AP and the the target.
85
What is Known Plaintext Attack (KPA)?
Where you have a part of the original text and work on it to decipher the rest
86
What is a hash?
A one way function that has the same length as output
87
What is a rainbow table?
Pre-built set of hashes that contain a large amount of already calculated hashes
88
What is a salted hash?
Additional random value added to the original hash, making it different every time
89
What is a dictionary attack?
Uses common words grouped as dictionaries and tries these combinations
90
What is a brute force attack?
To keep trying the login process multiple times
91
What is a brute force the hash attack?
Must have a list of users and hashes and try to brute force the hashed password offline.
92
What are threat actors?
Entity responsible for an event that has impact on safety of another entity.
93
What is a scipt kiddie?
Someone that uses pre coded script, not necessarily knowing what it does.
94
What is a hacktivist?
A hacker that has a goal, or a mission and can use sophisticated attacks.
95
What is a penetration test?
To simulate an attack through exploit potential vulnerabilities.
96
What are the general steps of pen test?
```
Passive reconnaissance (social media, news, forums)
Active reconnaissance (ping scan, port scan, DNS query, service scan)
Exploit vulnerability
```
97
What is the difference between black, white and grey box?
The amount of known information.
98
What is a vulnerability scanning?
A usually minimally invasive scanning, such as port scanning, system identifying used to gather much information as possible.
99
What is a race condition?
A common case in money transfer, where two people try to transfer an X$ amount at the same time, and before one of them is processed, the other one is executed, possibly resulting in more money being made out of nowhere.
100
What is an end-of-life vulnerability?
When no more support is given by the vendor.
101
What is are embedded system vulnerabilities?
Vulnerability on embedded systems, usually not upgraded and self contained, not having many updates frequently.
