Security+
spear phishing
A phishing attack that targets only specific users or organizations
SOC 1
focuses on internal controls over financial reporting
Measured Boot
A UEFI feature that gathers secure metrics to validate the boot process in an attestation report.
Supply-chain attacks
A cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain.
trojan
A program disguised as a harmless application that actually produces harmful results.
Error-based SQL injection
Occurs when an invalid statement is submitted to cause the database to fail and output information
Blind SQL Injection
Occurs when the database is vulnerable but configured to suppress error messages. Statements are generated in effort to prompt a response.
PUP
Potentially Unwanted Program
Pharming
Reroutes requests for legitimate websites to false websites
Fileless virus
Software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect and remove.
SPIM
Spam over Instant Messaging
lateral movement
The process by which an attacker is able to move from one part of a computing environment to another.
Credential Harvesting
The process of gathering valid usernames, passwords, private emails, and email addresses through infrastructure breaches.
Whitebox testing
This form of testing is conducted with full knowledge of the information system, infrastructure component or application under test.
Graybox testing
This form of testing is conducted with limited or partial information on the information system, infrastructure component or application under test.
Tailgating
When an unauthorized individual enters a restricted-access building by following an authorized user.
ISO 27001
Which ISO framework provides requirements for an information security management system and focuses on managing information security within an organization?
GLBA (Gramm-Leach-Bliley Act)
Which of the following standard/law focuses on protecting the financial non-public information?
Baiting
Which social engineering attack uses CDs, DVDs, or USB drives?
Watering hole
Which type of attack does the attacker infect a website that is often visited by the target users?
Vishing
Which type of phishing is conducted over the Voice over IP (VoIP) lines where the attacker pretends to be a legitimate caller from a bank or a financial institution?
Spear phishing
Which type of phishing targets specific individuals and companies?
Advanced Persistent Threat (APT)
a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations such as governments
Phishing
a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent e-mail; the attacker creates a replica Website or Webpage that tricks the user into providing personal information
Prepending
an automated method to conduct the spear phishing attack
Pure insider
an employee with all the rights and access associated with being employed by the company
US Privacy Act of 1974
applicable to government agencies for the data they hold
Outsider Affiliate
are external entities, which are not employees or do not have a connection with an employee
SSAE SOC 2 Type I/II
assesses the system design/assesses the ongoing effectiveness of the security architecture over a period of 6-12 months
Whaling
attack that is meant to target high-profile candidates, such as the CEO or CIO in an organization, or maybe a well-known and established person, such as a film star.
Dynamic-link library (DLL) injection attack
attack that targets the external software component that is a repository of both code and data
Spamming
simultaneously sending the same unsolicited message to many people, often in an attempt to sell them something
Influence campaigns
social engineering attacks that attempt to guide, adjust, or change public opinion, often waged by nation-states against their real or perceived foreign enemies
CSRF (Cross Site Request Forgery)
vulnerability that can cause a web browser to automatically send an authenticated request to another page
CIS (Center for Internet Security)
A not-for-profit organization (founded partly by SANS). It publishes the well-known "Top 20 Critical Security Controls" (or system design recommendations).
Race Condition
A programming flaw that occurs when two sets of code attempt to access the same resource. The first one to access the resource wins, which can result in inconsistent results.
Birthday Attack
A type of password attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords, in order to take advantage of the probability of different password inputs producing the same encrypted output.
Five Types of Reconnaissance
Active; Passive; Pseudonymous; Internet; Anonymous
Watering Hole Attack
An attack method that infects web sites that a group is likely to trust and visit.
SSL Stripping
An attack that focuses on stripping the security from HTTPS-enabled websites.
Driver Manipulation
An attack that relies on compromising the kernel-mode device drivers that operate at a privileged or system level
Replay Attack
An attack where the data is captured and repeated. Attackers typically modify data before repeating it
Hacktivist
An attacker who launches attacks as part of an activist movement or to further a cause (e.g. Anonymous)
Collision Attack
An attempt to find two input strings of a hash function that produce the same hash result.
computer hoax
An e-mail message containing a false warning to the recipient of a malicious entity circulating through the Internet
C&C (command and control)
An infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets. Also known as C2.
Password spraying
Brute force attack in which multiple user accounts are tested with a dictionary of common passwords.
logic bomb
Computer code that lies dormant until it is triggered by a specific logical event.
Closed-Source Intelligence
Data that is derived from the provider's own research and analysis efforts, such as data from honeynets that they operate, plus information mined from its customers' systems, suitably anonymized
Shimming Attack
Develop and implement additional code in drivers to enable malicious activity
shoulder surfing
Gaining compromising information through observation (as in looking over someone's shoulder).
Root of Trust (RoT)
Hardware-based mechanisms that guarantee the integrity of the hardware prior to loading the operating system of a computer.
dumpster diving
Involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away
CCM (Cloud Control Matrix)
It contains 16 domains split across 133 control objectives; It is considered a de-facto standard for cloud security compliance; It focuses on various other security frameworks, such as ISO 27001, PCI-DSS, and NIST
Blackbox testing
This form of testing occurs when the tester has no knowledge of the target or its network structure.
Criminal syndicates
Threat actors who have moved from traditional criminal activities to more rewarding and less risky online attacks.
6NF - Sixth Normal Form
What is the highest level of normalization that you can achieve with a database?
Baiting
When a malicious individual leaves malware-infected removable media, such as a USB drive or optical disc, lying around in plain view.
vertical privilege escalation
attackers grant themselves a higher access level such as administrator, allowing the attacker to perform illegal actions such as running unauthorized code or deleting data
horizontal privilege escalation
attackers grant themselves the same access levels they already have but assume the identity of another user
reconnaissance
can be split into three parts: Footprinting; Scanning; Enumeration
HIDS (host intrusion detection system)
can only detect but not prevent any unauthorized access attempts to the system where it is installed; for example, it will log the number of unsuccessful login attempts of a user and raise an alert.
fixed function HRT
designed to perform a specific function, such as data encryption.
rules of engagement
document that details the: scope of the assessment; contact information; handling sensitive information during the test; steps to be followed before, during and after the test; specific compromise targets; duration of the test
Gramm-Leach-Billey Act (GLBA)
focuses on protecting financial non-public information.
HIPPA (Health Insurance Portability and Accountability Act)
focuses on protecting healthcare information
COPPA (Children's Online Privacy Protection Act)
focuses on protecting the personal information of children below the age of 12
ISO 31000
focuses on risk management. It provides various guidelines for managing risks within the organization.
ISO 27002
focuses on security techniques and codes of practice for information security controls
SOC 2
focuses on various controls, such as security, privacy, availability, and integrity. This report is available to regulators and those who sign the Non-Disclosure Agreement (NDA).
SOC 3
focuses on various controls, such as security, privacy, availability, and integrity. This report is available to the general public.
Vishing
form of phishing and is conducted over Voice over IP (VoIP) lines where the attacker pretends to be a legitimate caller from a bank or financial institution
Initiation; Execution; User action; completion
four stages of the phishing process
Session Replay Attack
in this attack, a malicious user gets hold of a valid session ID of an authorized user and reuses it to impersonate the authorized user to perform malicious activities.
salting
increases the length of the passwords by adding more bits to it, making it difficult to guess the real password
cross-site request forgery (XSRF)
is a form of replay attack which allows attackers to perform malicious activities on behalf of the victim.
Tokenization
is a method of replacing the actual string of data with unique identification symbols or numbers
HSM (Hardware Security Module)
is a security device that is used for safeguarding and managing digital keys, which are used for strong authentication.
SED (Self Encrypting Drive)
is a type of hard drive that can encrypt and decrypt the data on its own without user intervention
Smishing
is a type of vishing and is a social engineering attack that uses text messaging to obtain sensitive information such as account details
NGFW (Next Generation Firewall)
is an advanced version of a firewall that can perform the following functions: Firewall Anti-spam Content filtering DLP Malware scanner
ISO 27701
is an extension to 27001 and 27002. It provides various guidelines for privacy information management.
Software Assurance Maturity Model (SAMM)
is an open framework that can be tailored by an organization to manage software development and security risks
programmable HRT
is designed to perform complex tasks and functions. It is possible to upgrade a programmable root of trust.
Insider affiliate
is someone who can be a spouse, friend, or acquaintance of an employee
Insider associate
is someone who is not directly part of the organization, but he or she is a third-party vendor or a contractor
HIPS (Host Intrusion Prevention System)
is specific to the local system and is designed to prevent attacks at the host level
result delivery
is the final phase in OSINT in which information about the target is finalized
Data Normalization
is the process of reorganizing the data in the database to ensure that there is no duplicate or redundant data and that all the data is stored logically
SSRF (Server-Side Request Forgery)
manipulates the trusting relationship between web servers
Purple team
often combines the roles of red and blue teams; most often setup for cost optimization as the red and blue team setups could be time-consuming and costly
White team
oversees the testing activities and often creates cyberattack scenarios.
data harvesting
phase in OSINT where the threat actor collects information from identified sources
source identification
phase in OSINT where the threat actor identifies sources from which information can be gathered
data analysis
phase in OSINT where the threat actor performs data analysis of information that was processed in the previous phase
data processing
phase in OSINT where the threat actor processes and identifies information that can help in enumerating the target
FISMMA
provides the mandates to the federal agencies to protect data
ISO 27001
provides the requirements for an information security management system; is a more of a general regulatory framework that can help any organization of any size; It helps an organization to define an information security management system (ISMS)
Time Of Check/Time Of Use
race condition that can result in a NULL pointer/object dereference
Intentional; unintentional
two types of insider threats
