Module 1: Fundamentals
What is a White Hat
(Pen Testers) individuals who use their hacking skills for defensive purposes
What is Defense-in-Depth
A security strategy in which security professionals use several protection layers through an Information System
What is Incident Handling and response?
A set of procedures, actions, and measures taken against an unexpected event occurence
What is the Sarbanes Oxley Act?
Aims to protect the public and investors by increasing the accuracy and reliability of corporate disclosures
What does AI and ML stand for?
Artificial Intelligence Machine Learning
What is a Distribution Attack
Attackers tamper with hardware or software prior to installation EX: BACKDOOR
What is the Gaining Access phase?
Attackers use vulnerabilities identified during the recon and scanning phases to gain access to the target system and network.
Key Elements of Information Security
CIA
What is the CIA of IS?
Confidentiality Integrity Availability
What is the Command and Control step in CKC
Create a command and control channel to communicate and pass data back and forth
What is the Weaponization step in CKC
Create a deliverable malicious payload using an exploit and a backdoor
What does CTI stand for
Cyber Threat Intelligence
What does DPA Stand for?
Data Protection Act
What does DiD stand for?
Defense-in-Depth
What is Risk?
Degree of uncertainty or expectation of potential damage that an adverse event may cause to a system or resources
What does DMCA Stand for?
Digital Millennium Copyright Act
Examples of Active Attacks
DoS/DDoS Firewall/IDS Attack XSS/SQL Inject MitM Attack Spoofing
what is the exploitation step in CKC
Exploit a vulnerability by executing code on the victim's system
What does FISMA Stand for?
Federal Information Security Management Act
Examples of Passive attacks
Footprinting Sniffing/Eavesdropping Network Traffic Analysis Decryption of traffic
What is the Reconnaissance step in CKC
Gater data on the target to probe for weak points
What does GDPR stand for?
General Data Protection Regulation
What does HIPAA stand for
Health Insurance Portability and Accountability Act
What is the Risk Management Phases
Identification Assessment Treatment Tracking Review
What is the purpose of the Cyber Kill Chain
Identifies the steps the adversaries take in order to accomplish their goals.
What are the steps to Threat Modeling
Identify Objectives Application Overview Decompose the Application Identify Threats Identify Vulnerabilities
What does IH&R stand for?
Incident Handling and Response
What is IoC
Indicator of Compromise
What is a Suicide Hacker
Individuals who aim to bring down critical infrastructure for a "cause" and are not worried about the punishment
What is a Hacktivist
Individuals who break into a government or corporate computer systems a san act of protest
What is a Black Hat
Individuals who use their extraordinary computing skills for illegal or malicious purposes
What is a Gray Hat
Individuals who work both offensively and defensively at various times
What is a Cyber Terrorist
Individuals with a wide range of skills, motivated by religious or political beliefs, to create fear of large-scale disruption of computer networks.
What is the Installation step in CKC
Install malware on the target system
What is a passive attack?
Intercepting and Monitoring network traffic and data flow on the target network. DOES NOT TAMPER WITH DATA
What is Active Reconnaissance
Involves direct interactions with the target system by using tools to detect open ports, hosts, router locations, network mapping, etc.
What is Passive Reconnaissance
No interaction with the target directly. Attacker relies on publicly available information, news releases, or other no-contact methods
What are the two types of Reconnaissance
Passive and Active
What does PCI DSS stand for
Payment Card Industry Data Security Standard
What is the Actions on Objectives step in CKC
Perform actions to achieve intended objectives/goals
What is an Insider Attack
Performed by trusted persons who have physical access to critical assets of the target
Technical Threat Intelligence
Provides information about resources an attacker uses to perform an attack
What is Operational Threat Intelligence
Provides information about specific threats against the organization
What is Tactical Threat Intelligence
Provides information related to the TTPs used by threat actors to perform attacks
What is the Cyber Kill Chain Methodology Acronym
RWDEIC&CA Real Wombats Don't Ever Install Command&Controll Apps
What are the steps in the Cyber Kill Chain
Reconnaissance Weaponization Delivery Exploitation Installation Command and Controll Actions on Objectives
What are the Hacking Phases
Reconnaissance Scanning Gaining Access Maintaining Access Clearing Tracks
What is ISO/IEC 27001?
Requirements for managing and continually improving an information security management system within the context of an organization
What does SOX stand for?
Sarbanes-Oxley Act
What is the Delivery step in CKC
Send weaponized bundle to the victim using email, usb, etc
Example of Close-In Attacks
Social Engineering Dumpster diving Shoulder Surfing Eavesdropping
What are the two types of ML?
Supervised Learning Unsupervised Learning
What is TTP
Tactics, Techniques, and Procedures
What is an Active Attack
Tamper with the data in transit or disrupt communication or services between the systems to bypass or break into secured systems.
What is the Maintaining Access Phase?
The Attacker tries to retain his or her ownership of the system
What is Cyber Threat Intelligence?
The Process of recognicaing or discovering any "unknown threats" that an organization may face so that it may be avoided
What is the Clearing Tracks Phase?
The activities carried out by an attacker to hide malicious acts to avoid legal trouble.
What is the Scanning phase
The phase immediately preceding the attack. The Attacker uses the details gathered during reconnaissance to scan the network for specific information
What is a threat?
The possibility of a malicious attempt to damage or disrupt a computer network or system.
What is a Script Kiddie
Unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers.
What is a State-Sponsored Hackers
individuals employed by the government to penetrate, gain topsecret info from and damage the info systems of other governments
What does TTP refer to?
patterns of activities and methods associated with specific threat actors or groups of threat actors
What is a Close-In Attack
perfomed when the attacker is in close PHYSICAL proximity with the target system or network
What is Threat Modeling?
risk assessment approach for analyzing the security of an application by capturing, organizing, and analyzing all the info that affects it
What is Incident Management
set of defined proceses to restore the system to normal service operations as soon as possible, and prevent recurrence of the incident