Security+ Cert Exam Objectives SYO-601

Hybrid warfare

- Combining conventional warfare with cyberwarfare

Reconnaissance

- Information gathering about a target network

Password Attack

Any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately.

Rogue access point

Any unauthorized WAP for a network. Not always malicious.

Disassociation

Attack where a wireless connection is disrupted by having the user dicsonnect.

Jamming

Attack where a wireless connection is disrupted through RF interference

Bluesnarfing

Attack where data is accessed without the user's knowledge on their Bluetooth-enabled device.

Universal resource locator (URL) hijacking

Attack where either the attacker makes a site with a domain name similar enough to a legitimate domain for the sake of redirecting people to their site instead (used for phishing, redirecting traffic, or just infecting people with malware) or sells this misspelt domain to trick the actual domain owner.

Domain hijacking

Attack where the attacker is able to take control of someone else's domain through the domain registration.

Pass the hash

Attack where the hash and login info is captured during an authentication request by an attacker and sent in lieu of client to generate their own authentication request.

Secure sockets layer (SSL) stripping

Attack where the security protocol of a connection is downgraded making it no longer secure, e.g. making an https into an http connection. Default port is 443

Driver manipulation

Attack where the trust a computer has for drivers (devices like peripherals or specific internal hardware like speakers) and uses that to get around typical security protections.

Principles:

Authority: an attacker may try to appear to have a certain level authority. Intimidation: may try to make the victim think that something terrible is going to happen if they don't comply with the attacker's wishes. Consensus: An attacker may try to sway the mind of a victim using names they are familiar with, saying that such ones provided them information (they are fishing for) in the past and you should be able to do the same. Scarcity: An attacker may try to set a time limit on a victim so that they can comply with their wishes by a certain deadline. Familiarity: they make you familiar with them on the phone and make you want to do things for them. Trust: The attacker in this case can claim to be a friend or close associate of someone you may know very well and that's trusted. Urgency: When attackers want you to act and not think, they want you to do what they want as quickly as possible so that there's no time to spot all the red flags.

Domain reputation

The reputation of a domain, used by browsers to determine how safe/unsafe a domain is. With a bad reputation traffic for the domain will dramatically decrease.

Spyware

Type of malware that infects your PC or mobile device and gathers information about you, including the sites you visit, the things you download, your usernames and passwords, payment information, and the emails you send and receive.

Vishing

Using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward

Smishing

When someone tries to trick you into giving them your private information via a text or SMS message.

Shoulder Surfing

When someone watches over your shoulder to nab valuable information as you key it into an electronic device.

MAC Cloning

Where an attacker will change the MAC address to their device so that it has a MAC address that is within the table so that their device will take all the traffic from switch instead of the legitimate device.

Improper input handling

Where in error handling the programmer either gives too much or too little information as to what caused the error when the program runs into one. Too much is bad because it lets a user know more about how an application is programmed than they are supposed to and too little means there's no way to know what caused that error and how to fix it.

Malware

a program or file designed to be disruptive, invasive and harmful to your computer.

Rainbow Tables

an attack on a password that uses a large pregenerated data set of hashes from nearly every possible password

brute force password attack (offline and online)

an attempt to guess a password by attempting every possible combination of characters and numbers in it

Pharming

cyberattack intended to redirect a website's traffic to another, fake site.

Dumpster Diving

exploration of a system's trash bin for the purpose of finding details in order for a hacker to have a successful online assault.

Phishing

fraudulent attempt to obtain sensitive information or data, by disguising oneself as a trustworthy entity in an electronic communication.

Identity Fraud

identity fraud is the use of stolen information such as making fake ID's and fake bank accounts

Spam

irrelevant or unsolicited messages sent to a large number of Internet users, for illegitimate advertising, and other activities such as phishing, and spreading malware

potentially unwanted program (PUP)

program that installs itself on a computer, typically without the user's informed consent

Backdoor

refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high level user access (aka root access) on a computer system, network, or software application.

Watering hole attack

security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user's computer and gain access to the network at the target's place of employment.

Bots

self-propagating malware that infects its host and connects back to a central server(s).

Rootkit

software program, typically malicious, that provides privileged, root-level (i.e., administrative) access to a computer while concealing its presence on that machine

Keyloggers

software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you don't know that your actions are being monitored.

Spear Phishing

the act of sending emails to specific and well-researched targets while pretending to be a trusted sender

Pretexting

the practice of presenting oneself as someone else in order to obtain private information.

Credential Harvesting

the use of MITM attacks, DNS poisoning, phishing, etc. to amass large numbers of credentials (username / password combinations) for reuse.

Typo squatting

type of cybersquatting used by imposters that involve registering domains with intentionally misspelled names of popular web addresses to install malware on the user's system

Remote Access Trojan

type of malware that allows covert surveillance, a backdoor for administrative control and unfettered and unauthorized remote access to a victim's machine.

Impersonation

typically involves an email that seems to come from a trusted source.

Invoice Scams

using fraudulent invoices to steal from a company

Cryptographic attacks

1. Birthday: An attacker will create many plaintexts to try and find common hashes in order to figure out the hash algorithm. 2. Collision: When 2 different inputs of hashes have the same output. 3. Downgrade: When a worse encryption is used instead of the most secure one because the attacker forcefully downgraded it.

Request forgeries

1. Server-side: Attack where the web server of an application has request forgeries sent to it allowing the attacker to access data and resources from the application that even a legitimate user can't access. 2. Cross-site: Where a cross-site connection (e.g. a youtube video on a news website) is exploited to allow an attacker to access a website as a legitimate user. Abuses browser trust (w/o browser trust you would need to login to be able to share things from one site to another via the cross-site connection).

Adversarial artificial intelligence (AI)

1. Tainted training for machine learning (ML) 2. Security of machine learning algorithms

Race conditions(Time of check/time of use)

A race condition where the security changes during the object's access

Wireless Evil Twin

A rogue access point that is there to trick people into using it instead of the proper WAPs to steal data from them.

Near Field Communication (NFC)

A set of standards primarily for smartphones and smart cards that can be used to establish communication between devices in close proximity.

Radio frequency identifier (RFID)

A small device that is inserted into something for keeping track of its location. It's very common.

Dynamic link library

A windows library containing code and data, many applications can use this library.

Initialization Vector (IV)

Any string of bits that is used to make block cryptography more secure. If found it makes breaking the cryptography far easier.

FQDN (Fully Qualified Domain Name)

A host name plus domain name that uniquely identifies a computer or location on a network.

command and control

A computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network

logic bomb

A computer program or part of a program that lies dormant until it is triggered by a specific logical event.

MSSQL (Microsoft SQL Server)

A database software that uses SQL made by Microsoft for Microsoft systems. Registered on TCP ports 1433 and 1434.

WAP (Wireless Access Point)

A device that provides a connection between wireless devices and can connect to wired networks, essentially replaces ethernet cables for connected to a router. Not the same thing as a router.

Domain Name System (DNS)

A hierarchical system for naming resources on the Internet.

Malicious flash drive

Any type of Flash Drive that performs an unexpected and unwanted function. For example, downloading malware, takes control of the device by pretending to be a peripheral, etc.

Malicious universal serial bus (USB) cable

Any type of USB cable that performs an unexpected and unwanted function. For example, downloading malware onto the device, takes control of the device by pretending to be a peripheral, etc.

Cross-site scripting

Also known as an XSS attack. An attack where the website has poor input validation that allows an attacker to input scripts into a search bar (any place a website lets the user write)

Dictionary password attack

An attack method that takes all the words from a dictionary file and attempts to log on by entering each dictionary entry as a password.

Address resolution protocol (ARP) poisoning/spoofing

An attack that convinces the network that the attacker's MAC address is the one associated with an allowed address so that traffic is wrongly sent to the attacker's machine, happens during traffic transfer.

Buffer overflows

An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer

Media access control (MAC) flooding

An attack that sends numerous packets to a switch, each of which has a different source MAC address, in an attempt to use up the memory on the switch. If this is successful, the switch will change state to fail-open mode. Goal is to remove legitimate devices from ARP table.

Directory traversal

An attack that takes advantage of a vulnerability so that a user can move from the root directory to restricted directories

Replay attack (session replays)

An attack that takes the raw network data of a legitimate session a client has with the server and resends that data after the client has finished their session, allows the attacker to be able to access all the resources and data legitimate clients can access.

On-path attack(Man-in-the-middle)

An attack where a connection between two or more parties has an unknown participant who is able to capture all traffic between the parties. Attacker can do lots of very bad things with this.

Skimming

An attack where a device is added to a transaction device (atm, card reader, etc.) that will steal the card's info in order to clone it.

Supply-chain attacks

An attack where an organization is attacked through a third-party vendor who likely has worse security. Through the attack, the attacker can create counterfeit devices, exploit the vendor's vulnerability to infiltrate the target organization's network, or tamper with underlying infrastructure.

Card cloning

An attack where card (credit card, gift card, etc.) has a copy created by using a skimmer. Can only be used on magnetic stripe cards, not through a chip.

Privilege escalation

An attack where the attacker gains higher-level access to a system. Gives them more control and abilities over the target system.

Spraying password attack

An attack where the attacker will try to login into a system using common passwords, they will try a few times if it doesn't work they'll move onto another account. This allows there to be no alerts to the website or warnings for the proper users.

Application programming interface (API) attacks

An attack where the new avenues of communication offered by an API is taken advantage of for hostile use.

Influence campaigns

An attack which is meant to influence the populous on political and social issues. This is done by creating fake users, making up content, getting real users to amplify it until it gets picked up by mass media as if it's the truth.

Plaintext/unencrypted password attack

An attacks where the attacker knows the plaintext and the ciphertext and uses the two to deduct the cipher.

Injections

An injection is simply any attack where an attacker inserts their own code into an application/website/server to access things they aren't supposed to.

Memory leak

An undesirable state in which a program requests memory but never releases it, which can eventually prevent other programs from running.

DNS poisoning

Technique used by criminals to alter DNS records and drive users to fake sites, to committing phishing.

Structured query language (SQL)

The most common language for relational database management. SQL services use ports 118 and 156 by default.

MySQL

The most common version of SQL registered on port 3306.

Cloud-based vs. on-premises attacks

Cloud-based puts the burden on the vendor while on-premises attacks put the burden on the client.

Tailgating

Social engineering attempt by cyber threat actors in which they trick employees into helping them gain unauthorized access into the company premises.

Ransomware

Software that encrypts programs and data until a ransom is paid to remove it.

Fileless virus

Software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect and remove.

Bluejacking

Some users with Bluetooth-enabled mobiles use this technology to send anonymous text messages to strangers.

SPIM

Spam delivered through instant messaging (IM) instead of through e-mail messaging

Whaling

Spear phishing that focuses on one specific high level executive or influencer

Resource exhaustion

State that occurs when the device is out of memory or cpu cycles, and then shuts down. A specialized DoS attack.

Hoax

Cyber hoax scams are attacks that exploit unsuspecting users to provide valuable information, such as login credentials or money.

Lightweight directory access protocol (LDAP)

Directory management protocol. Originally made for and by telephone companies, but now is used by everyone. Default port is 389.

Shimming

Driver manipulation attack where the attacker takes advantage of backwards compatibility shims to get around security.

Refactoring

Driver manipulation attack with metamorphic malware that changes every time it is downloaded to get around anti-virus. The malware might only have extra NOP instructions, reorder functions, modify application flow, or change bits of the code all to make it different enough from a malware the anti-virus can already catch.

Worms

Independent computer programs that copy themselves from one computer to other computers over a network

Pointer/object dereference

Is used to access or manipulate data contained in memory location pointed to by a pointer. *(asterisk) is used with pointer variable when dereferencing the pointer variable, it refers to variable being pointed, so this is called dereferencing of pointers

Extensible markup language (XML)

Language for markup that uses tags to describe the structure and content of a document, not the format used.

Cryptomalware

Malware to remain in place for as long as possible, quietly mining in the background.

Integer overflow

Memory vulnerability where too large a number is put into a place that only takes smaller numbers, causes issues. The number will either end up invalid (negative where there needs to be a positive, vice versa) or it can reset.

Error handling

Part of programming where the programmer accounts for errors and sends information about the error to the user when the application encounters such an error.

Social Media Campaign

Planned, coordinated marketing efforts using one or more social media platforms.

Prepending

Prepend is a word that means to attach content as a prefix. For example, a prepend command could be used in a scripting language that a programmer would enter into a certain function or code module. It would add certain characters of text to the beginning of some variable or object.

Eliciting Information

Procedures or techniques involving interacting with and communicating with others that is designed to gather knowledge or inform