Intro to Cybersecurity - Chapters 2 & 3 (Cisco Networking Academy)
SEO Poisoning
A malicious user could use SEO to make a malicious website appear higher in search results. The main goal is to increase traffic to malicious sites that may host malware or perform social engineering. Attackers take advantage of popular search terms.
MitM
Allows the attacker to take control over a device without the user's knowledge. The attacker can then intercept and capture user information before relaying it to its intended destination.
Network sniffing
By listening and capturing packets sent on the network, an attacker may be able to discover the password if the password is being sent unencrypted.
Encryption
Converting information into a form where an unauthorized part can't read it
Scareware
Designed to persuade the user to take an action based on fear. It forges pop-up windows that resemble operating system dialogue windows.
Types of biometric scans
Fingerprint, palm print, facial recognition, and voice recognition
Search Engine Optimization (SEO)
Improves a website's ranking by a search engine
Buffers
Memory areas allocated to an application
Buffer overflow
Occurs when data is written beyond the limits of a buffer. By changing data beyond the boundaries of a buffer, the application accesses memory allocated to other processes. This can lead to a system crash, data compromise, or provide escalation of privileges.
OAuth 2.0
Open Standard protocol that allows an end user's credentials to access third party applications without exposing the user's password. OAuth acts as the middle man to device whether to allow end users access to third party applications.
DDoS attacks
Originates from multiple, coordinated sources
2 types of DoS attacks
Overwhelming Quantity of Traffic and Maliciously Formatted Packets
Types of social engineering
Pretexting, tailgating, and something for something (quid pro quo).
DoS attacks
Results in an interruption of network service to users, device, or application
Methods of password cracking
Social engineering, brute force attacks, and networking sniffing
MitMo
Takes over mobile devices. The device can be instructed to exfiltrate user-sensitive information and send it to attackers.
Non-validated input
The data coming into a program could have malicious content.
Blended Attack
They use multiple technologies to compromise a target. This way, attackers have malware that's a hybrid of worms, trojan horses, spyware, keyloggers, spam, and phishing schemes.
Maliciously Formatted Packets
When a maliciously formatted packet is sent to host or application and the receiver is unable to handle it.
Overwhelming Quantity of Traffic
When a network, host, or application, is sent an enormous quantity of data at a rate which it can't handle, causing a slowdown in transmission or response, or a crash of a device or service.
Pretexting
When an attacker calls an individual and lies in an attempt to gain access to privileged data.
Tailgating
When an attacker quickly follows an authorized person into a secure location.
Something for Something (Quid pro quo)
When an attacker requests personal information from a party in exchange for something.
Race conditions
When the output of an event depends on ordered or timed outputs. They become a vulnerability when the required, ordered, or timed event doesn't occur in the correct order or proper timing.
