1.0 Threats, Attacks, Vulnerabilities
Passively Test Security Controls
Vulnerability scanning is by nature a ______ No disruption to the business Observes and reports on findings Does not take down systems, applications or services
Pointer Dereference
Vulnerability that can cause an application to throw an exception error, which typically results in the application crashing Can be leveraged for a DOS attack against the entire system Remote code execution C/C++, Assembly or any other language that uses pointers is potentially vulnerable to this type of attack
Initial Exploitation: Mapping of internet persence
Web apps or web services
Improper Error Handling
What does the application do when it encounters an error? Does it continue running, restart a process or module, or completely crash? If it crashes, does it give and attacker elevated privileges?
Default Configurations
__________ shouldn't be considered secure Change things like admin accounts, default passwords Harden systems wherever possible Establish baselines and periodically audit for compliance Establish a patching and lifecycle management cadence
Replay Attacks
A category of network attack in which an attacker detects a data transmission and fraudulently has it delayed or repeated. The delay or repeat of the data transmission is carried out by the sender or by the malicious entity, who intercepts the data and re-transmits it. In other words, an attack on the security protocol using replays of data transmission from a different sender into the intended into receiving system, thereby fooling the participants into believing they have successfully completed the data transmission. Help attackers to gain access to a network, gain information which would not have been easily accessible or complete a duplicate transaction.
SQL Injection
A computer attack in which malicious code is embedded in a poorly-designed application and then passed to the backend database. The malicious data then produces database query results or actions that should never have been executed.
ARP Poisoning
A form of attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer's ARP cache with a forged ARP request and reply packets. This modifies the layer -Ethernet MAC address into the hacker's known MAC address to monitor it. Because the ARP replies are forged, the target computer unintentionally sends the frames to the hacker's computer first instead of sending it to the original destination. As a result, both the user's data and privacy are compromised. An effective ARP poisoning attempt is undetectable to the user.
Domain Hijacking
A hacker is often seeking to use a domain for his or her own purposes. This includes elaborate phishing practices, where hacker will construct websites that trick users into thinking they are on the site of a trusted brand or other party. Hackers can then program these sites to collect data about visitors.
Watering Hole Attack
A malware attack in which the attacker observes the websites often visited by a victim or a particular group, and infects those sites with malware. Has the potential to infect the members of the targeted victim group. Although uncommon, a __________ attack does pose a significant threat to websites, as these attacks are difficult to diagnose.
DLL Injection
A process of inserting code into a running process Four basic steps: 1. Attach to the process 2. Allocate Memory within the process 3. Copy the DLL or the DLL Path into the processes memory and determine appropriate memory addresses 4. Instruct the process to Execute your DLL Can be created manually or pen testing tools like Metasploit can automate the process
Remote Access Trojan (RAT)
A program used by the intruders to take complete control of the victim's computer for the purpose of performing various malicious activities. Can exist well before detection and even remain after removal. They operate in a stealth mode and are usually rather small so as to avoid detection.
Impact Assessment
A risk management process used to identify, quantify and rank possible vulnerabilities to threats in a given system. The key component is the proper definition for impact loss rating and the system's vulnerability to that specific threat
Vulnerability Scanning
A security technique used to identify security weaknesses in a computer system Can be used by individuals or network administrators for security purposes, or it can be used by hackers attempting to gain unauthorized access to computer systems
Penetration Testing Process
Active Reconnaissance Passive Reconnaissance Initial Exploration Persistence Escalation of Privilege Black Box White Box Gray Box
Red Team
Aggressor Team Penetration testing team with limited access to target. May launch exploits with/without warning
Organized Crime Actor
An individual who commits cybercrimes, where he/she makes use of the computer either as a tool or as a target or as both. Attack other people's computers to perform malicious activities, such as spreading viruses, data theft, identity theft, etc. Use the computer to carry out "conventional crime", such as spam, fraud, illegal gambling, etc. Use the computer to save stolen or illegal data.
Initial Exploitation: Setting rules of engagement
Any systems that are off limits Hours of operation Points of contact Blind / Double-Blind
Nation State Actors
Any virtual conflict initiated as a politically motivated attack on an enemy's computer and information systems. Waged via the Internet, these attacks disable financial and organizational systems by stealing or altering classified data to undermine networks, websites and services.
Proxy Trojan
As a proxy server, this allows the attacker to hijack a victim's computer and conduct illegal activities from the victim's computer.
System Sprawl / Undocumented Assets
As an environment grows, new devices added to the network increase the attack surface Hosts Printers IOT devices Wireless routers/access points Mobile devices
XML Injection
Attack technique that manipulates the logic of an XML application or service Could be used to inject XML into a statement that alters a path to a file to disclose sensitive information
Downgrade Attack
Attack that forces a system to negotiate down to a lower-quality method of communication Allows an attacker to force a lower-grade, less secure method of communication Typically allowed to enable communication with legacy systems Often used with MiTM attacks
Resource Exhaustion
Attack whereby a malicious user executes code or processes on a machine over and over until all resources are exhausted Denial of Service (DoS) or Distributed Denial of Service (DDoS) are examples of this type of attack
Dissociation
Attacker can create a DoS scenario on a wireless network by sending a spoofed frame. Source MAC address is set to that of the Access Point (AP)
Credentialed vs. Non-Credentialed
Attackers try to gain privileged account access Gain administrator or root access Providing much more detail about the network and associated systems
Open Source Intelligence (OSINT)
Before carrying out an attack, a threat actor will typically gather intelligence about their target. Information that is readily available to the public and doesn't require any type of malicious activity to obtain. Maltego Metagoofil Shodan Google Hacking Database (GHDB)
Birthday Attack
Brute-force attack that works on the cryptographic phenomenon of hash collisions Given enough time, two independent sources could yield the same hash Rate of occurrence varies depending on hash algorithm
Cross Site Scripting (XSS) DOM Based
Can be non-persistent and be used to hijack sessions, etc.
Intrusive Testing
Can disrupt normal operations or have a greater impact of reducing system responsiveness
Misconfiguration / Weak Configuration
Can expose an organization to risk False sense of security Gaping holes in defenses Increase the attack surface Mitigated through vulnerability scanning and security audits Establish a security/configuration baseline for each system and periodically audit
Grey Box Testing
Combination of white and black box, in that tester is given partial information about the target
Integer Overflow
Condition occurs when the result of an arithmetic operation exceeds the maximum size of integer type used to store it When this occurs, the interpreted value appears to ""wrap around"" the max value and start at the min value Could allow transactions to be reversed
Penetration Testing
Conducted to complement background investigations and ensure social engineering and networking safety. Implemented by simulating malicious attacks from an organization's internal and external users. The entire system is then analyzed for potential vulnerabilities. A plan that communicates test objectives, timetables and resources is developed prior to actual __________.
Password Attacks
Cracking a user or password via system automated methods using common words, social engineering or brute-force
Blue Team
Defensive Team Access to all internal/external resources with goal being to defend against other team
Active Reconnaissance
Direct access to the target company Asking questions of employees, management, etc Entering the facilities and walking the site Seeing where you can go, what things you can access Active scanning/fingerprinting the network, hosts, etc
Mass Mailing Worms
Exploits email systems to propagate and infect other.
Network Service Worms
Exploits network vulnerability to propagate and infect other.
Tailgating
Following someone in to a building through a gated area or badged access area. People want to be helpful so they hold the door open for others who seem like they belong there.
Adware
Free computer software that contains commercial advertisements. Programs include games, desktop toolbars or utilities. Commonly is Web-based and collects Web browser data to target advertisements, especially pop-ups.
Pass the Hash
Harvesting a user's password hash to authenticate to a remote server or service.
Credentialed Access
Has easier access and less impact on tested systems as well as more accurate results
Architecture / Design Weaknesses
IT is under constant pressure to do more with less, provide new functionality, increase speed to market While at the same time reducing CAPEX and OPEX Business units often want things immediately and don't want to necessarily follow long, drawn-out processes Architecture and design can suffer, especially when security is not included in the very beginning of the process Security is often seen as a roadblock or ""gating factor"
(XSS) verses (XSRF) Distinction
In an ___ attack, the browser runs the malicious code because it was served from a site it trusts. In an ____ attack, the server performs an action because it was sent a request from a client it trusts.
Improper Input Handling
Input validation is required. Validate/sanitize what is entered at the client side and/or server before it's processed. Mitigate attacks such as Cross Site Scripting (XSS) SQL Injection Attacks
Persistence
Installing backdoors or methods to maintain access to a host or network
Support / Lifecycle Vulnerabilities
Maintaining systems past their useful life or maintaining multiple versions of hardware and software has numerous potential risks End-of-Life (EOL) Systems Embedded Systems Lack of Vendor Support As systems age, vendors change and custom systems lose support, potential vulnerabilities increase Patches Security Updates Maintenance / Feature updates
Viruses
Malicious software (malware) comprised of small pieces of code attached to legitimate programs. When that program runs, the __________ runs. Requires user interaction to run. Malicious programs that spread throughout computer files without user knowledge. Infections spread through email message attachments that activate when opened. The vicious cycle of a __________ perpetuates as infected emails are forwarded to multiple users. Also spread through shared media, such as Universal Serial Bus (USB) drives.
Improper Certificate and Key Management
Many companies are at risk due to poor certificate and key management practices Manual certificate/key management Lack of insight / reporting automation No centralized policies No method to replace compromised CA certificates
Competitors Actors
Motivated by financial gain Theft of IP or company secrets Sabotage
Identify Common Misconfigurations
Nessus, Metasploit and other similar programs can identify ___________ Review logs and perform audits of key assets Open ports Weak passwords Active default accounts and passwords Sensitive data leakage Audit against security baseline to identify unauthorized changes
False Positive
No system is perfect and can occasionally generate __________ Identify a vulnerability that doesn't actually exist Results must be verified and audited for completeness and accuracy
Initial Exploitation: Mapping the network layout
Number of internal and external devices Routers, switches, printers OS fingerprints Wireless networks Moblie devices
Privilege Escalation
Obtaining elevated privileges (Administrator or Root) on the target. Many vulnerabilities enable an attacker to gain system-level permissions.
Race Conditions
Occurs when a pair of routine programming calls in an application do not perform in the sequential manner that was intended Potential security vulnerability if the calls are not performed in the correct order Potential Vulnerabilities: Authentication: Trust may be assigned to an entity who is not who it claims to be Integrity: Data from an untrusted (and possibly malicious) source may be integrated Confidentiality: Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure
Identify Lack of Security Controls
Often times it's more than just the __________ is misconfigured or missing a patch The __________ itself might be missing Anti-virus programs Missing patches Review logs Interview personnel
Backdoor Trojan
Opens a back door for a user to access a victim's system at a later time
Vulnerability Scanning Process
Passively Testing Security Controls Identify Vulnerability Identify Lack of Security Controls Identify Common Misconfigurations Intrusive vs. Non-Intrusive Credentialed vs. Non-Credentialed False Positive
Escalation of Privilege
Primary goal when accessing a host Administrator or Root access to the host Enables installation of persistence mechanisms Scan for additional exploits, vulnerabilities and misconfigurations
Vulnerability
Refers to a flaw in a system that can leave it open to attack. Any type of weakness in a computer system itself, in a set of procedures, or in anything that leaves information security exposed to a threat
Non-Credentialed Access
Requires more resources as a system may try to brute-force access or try multiple things to gain access Attackers typically start out with ___________ access They normally don't know much about the networks they're attacking
Identify Vulnerability
Scanners will report on the various __________ found Missing patches Security misconfigurations Known exploits
Bluejacking
Sending of unauthorized messages or data to a victim's device via Bluetooth technology A hacking method that allows an individual to send anonymous messages to Bluetooth-enabled devices within a certain radius. First, the hacker scans his surroundings with a Bluetooth-enabled device, searching for other devices. The hacker then sends an unsolicited message to the detected devices.
Non-intrusive Testing
Simply identifies vulnerabilities and reports findings for later review and possible remediation
Impersonation
Sniffing the wired or wireless network, a replay attack captures packets and puts them back on the wire.
Business Process Compromise (BPC)
Targets the unique processes or the systems facilitating those processes to covertly manipulate them; typically for financial gain Once a foothold is gained within an enterprise, attackers move laterally and quietly study systems and processes over time Intimate knowledge of processes is developed to make detection difficult Can disrupt internal processes or a target's interaction with outside/ 3rd party systems
White Box Testing
Tester is given full disclosure about the target Network, hosts, source code, protocols, diagrams, etc
Black Box Testing
Tester is given little to no information about the target. More like real world, but more time consuming and more expensive
Indicators of Compromise (IOC)
The evidence that a cyber-attack has taken place. Give valuable information about what has happened but can also be used to prepare for the future and prevent against similar attacks. Antimalware software and similar security technologies use known __________, such as a virus signature, to proactively guard against evasive threats. Indicators of compromise can also be used in heuristic analysis.
Weak Cipher Suite and Implementation
The following encryption algorithms should not be used: RC4 Triple-DES 'NULL' Industry best practices is to not use Triple-DES and use AES-128 or AES-256 instead Advanced Ecryption Standard (AES)
Zero-Day Attacks
The term used to describe the threat of an unknown security vulnerability in a computer software or application for which either the patch has not been released or the application developers were unaware of or did not have sufficient time to address. Since the vulnerability is not known in advance, the exploits often occur without the knowledge of the users. A __________ flaw is considered as an important component when designing an application to be efficient and secure.
Infostealer
This Trojan attempts to steal information from the victim's computer.
Destructive Trojan
This destroys the victim's files.
Time of Check Time of Check to Time of Use (TOCTTOU)
Type of race condition Attacker is able to gain access prior to an authentication check Inserts code or alters authentication to disrupt normal authentication processes Administrator see the intrusion, reset passwords, etc., but the attacker may still have access Attacker could remain logged in with old credentials
Memory Leak
Typically an unintentional consumption of memory. The application fails to release the memory once it's no longer needed This consumption of resources can over time lead to a variety of issues: Degraded system performance Abnormal system behavior System crashes Denial of Service (DoS) Threat actors can use those vulnerabilities to try and crash a system to gain elevated privileges or take a system offline via a Denial of Service (DoS) attack
Ransomware
Typically installed in a system through a malicious email attachment, an infected software download and/or visiting a malicious website or link. When the system is infected with __________, it is locked down, the user's files are encrypted, or the user is restricted from accessing the computer's key features. The __________ will send pop-up windows asking the user to pay a specific ransom to reclaim or reactivate the computer. Some applications also impersonate or disguise themselves as police or a government agency, claiming that the user's system is locked down for security reasons, and that a fine or fee is required to reactivate it.
Untrained Users
Users must be trained and understand security implications Daily activities Application maintenance Proper configuration Social engineering Phishing/scams Document handling/disposal
Shared Accounts (Improperly Configured)
Users should not be able to share accounts / group accounts Reduces auditing/logging Very hard or impossible to tell what user(s) made a change, accessed or deleted a file, etc. Non-repudiation Being able identify and validate user activity
Jamming
A mobile communications device that transmits on the same frequency range as a cellphone to create strong cell tower interference and block cellphone signals and call transmission. Usually undetectable, and users may experience minimal effects such as poor signal reception. Devices may be used in any location but are typically deployed where cellphone use may be disruptive, such as in libraries and restaurants.
DNS Poisoning
A process by which DNS server records are illegitimately modified to replace a website address with a different address. Used by hackers and crackers to redirect visitors of a particular website to their defined/desired website.
Trojan
A seemingly benign program that when activated, causes harm to a computer system.
Distributed Denial of Service (DDoS)
A type of computer attack that uses a number of hosts to overwhelm a server, causing a website to experience a complete system crash. This type of attack is perpetrated by hackers to target large-scale, far-reaching and popular websites in an effort to disable them, either temporarily or permanently. This is often done by bombarding the targeted server with information requests, which disables the main system and prevents it from operating. This leaves the site's users unable to access the targeted website.
Clickjacking
A type of exploit online, where hackers hide malware or malicious code in a legitimate-looking control on a website. This involves the injection of Trojan horse code into the source code for the site. Allows hackers to trick users into doing things like changing a status on Facebook, or even sending money from their bank accounts.
Radio Frequency Identification (RFID)
An electronic tag that exchanges data with a _____ reader through radio waves. Most RFID tags are made up of at least two main parts. The first is an an antenna, which receives radio frequency (RF) waves. The second is an integrated circuit (IC), which is used for processing and storing data, as well as modulating and demodulating the radio waves received/sent by the antenna.
Rogue Access Points
Any wireless access point that has been installed on a network's wired infrastructure without the consent of the network's administrator or owner, thereby providing unauthorized wireless access to the network's wired infrastructure. Most of the time, ___________ are set up by employees who want wireless access when none is available.
Collision Attack
Attack that tries to find two hash inputs that have the same output Two separate inputs that produce the same output is referred to as a collision Could be used to bypass security and enable a malicious file to appear legitimate if the hash values are the same
Authority
Bad actor appears to know what they're talking about or has special knowledge of the company Position of authority (executive or upper management) Technical jargon Name dropping Knowledge of specific systems / applications
Steps of a Penetration Test
Establish Goal / Set Parameters Reconnaissance / Discovery Exploitation / Brute Force Take Control / Escalate Privilege Pivoting Data Collection / Reporting
Spyware
Infiltration software that secretly monitors unsuspecting users. It can enable a hacker to obtain sensitive information, such as passwords, from the user's computer. Exploits user and application vulnerabilities and is often attached to free online software downloads or to links that are clicked by users.
Session Hijacking
Occurs when a session token is sent to a client browser from the Web server following the successful authentication of a client logon. Attack works when it compromises the token by either confiscating or guessing what an authentic token session will be, thus acquiring unauthorized access to the Web server. This can result in session sniffing, man-in-the-middle or man-in-the-browser attacks, Trojans, or even implementation of malicious JavaScript codes.
Buffer Overflow
Occurs when more data are written to a buffer than it can hold. The excess data is written to the adjacent memory, overwriting the contents of that location and causing unpredictable results in a program. Happen when there is improper validation (no bounds prior to the data being written. It is considered a bug or weakness in the software
Worms
Self-replicating program that is usually self-contained and can execute and spread without user interaction. Locates a computer's vulnerability and spreads within its connected network like an infection, while continually seeking new vulnerabilities. Often originate from e-mail attachments that appear to be from trusted senders. Then spread to a user's contacts via his e-mail account and address book.
Cross Site Scripting (XSS) Persistent
Server based and can execute on a victim's PC by visiting an infected site
Initial Exploitation
Setting rules of engagement Defining physical security Mapping the network layout Mapping of internet presence
Near Field Communication (NFC)
Technology to allow communication between devices within close proximity to each other (usually 3-4") Builds upon RFID (one-way) whereas NFC is two-way communication Can be used by a malicious attacker to steal data from a nearby device 'Pay NFC
Passive Reconnaissance
Utilize publicly accessible methods to discover information about the target No direct contact with the target company Public records Google searches / GHDB Company website / Wayback machine
Shimming
__________ databases are part of Microsoft Window's Application Compatibility Infrastructure - Used to maintain compatibility with legacy applications - Can be used for malicious purposes by custom shim databases to install code, patches, etc.
Bluesnarfing
A device hack performed when a wireless, Bluetooth-enabled device is in discoverable mode. Allows hackers to remotely access Bluetooth device data, such as a user's calendar, contact list, emails and text messages. This attack is perpetrated without the victim's knowledge.
IV Attack
A random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or "number occuring once," as an encryption program uses it only once per session. Weaker encryption had short IVs that would repeat fairly quickly Attacker could flood the network, sniff the packets and see the IVs being sent As they eventually repeat, the attacker could derive the IV and then gain access WEP uses a 24-bit IV - Easily cracked - Since been deprecated
Backdoors
A technique in which a system security mechanism is bypassed undetectably to access a computer or its data. The method is sometimes written by the programmer who develops a program.
Cross Site Scripting (XSS) Non-Persistent
Specially crafted URLs sent in an email, instant message, blog posts, etc.
Script Kiddies Actor
A derogatory term used to refer to non-serious hackers who are believed to reject the ethical principals held by professional hackers, which include the pursuit of knowledge, respect for skills, and a motive of self education. Shortcut most hacking methods in order to quickly gain their hacking skills. They don't put much thought or time into gaining computer knowledge, but educate themselves in a fast manner in order to learn only the bare minimum. May use hacking programs written by other hackers because they often lack the skills to write their own.
Man-in-The-Middle
A form of eavesdropping where communication between two users is monitored and modified by an unauthorized party. Generally, the attacker actively eavesdrops by intercepting a public key message exchange and retransmits the message while replacing the requested key with his own. In the process, the two original parties appear to communicate normally. The message sender does not recognize that the receiver is an unknown attacker trying to access or modify the message before re-transmitting to the receiver. Thus, the attacker controls the entire communication.
Botnets and bots
A group of computers connected in a coordinated fashion for malicious purposes. Each computer in a ______ is called a _________. These __________ form a network of compromised computers, which is controlled by a third party and used to transmit malware or spam, or to launch attacks.
Insiders Actors
A malicious attack perpetrated on a network or computer system by a person with authorized system access. Those that perform attacks have a distinct advantage over external attackers because they have authorized system access and also may be familiar with network architecture and system policies/procedures. In addition, there may be less security against insider attacks because many organizations focus on protection from external attacks.
Logic Bomb
A malicious program timed to cause harm at a certain point in time, but is inactive up until that point. A set trigger, such as a preprogrammed date and time, activates it. Once activated, it implements a malicious code that causes harm to a computer. Its application programming points may also include other variables such that the bomb is launched after a specific number of database entries.
Typo Squatting / URL Hijacking
A questionable technique used by a cybersquatter to attract website traffic by redirecting common typos of popular search terms or major websites to their own sites. Aay try to sell products, install malware on a user's machine or even make an opposing political statement. The extreme version is similar to phishing, where an impostor website mimics a real site, thus providing the user with a false impression that he or she has accessed the correct web page.
Evil Twin
A rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider. Uses the same SSID as the legitimate AP. An eavesdropper or hacker fraudulently creates this rogue hotspot to collect the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a phishing technique.
Whaling Attack
A specific kind of malicious hacking within the more general category of phishing, which involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on collecting personal data about users. The targets are high-ranking bankers, executives or others in powerful positions or job titles.
Dictionary Attack
A technique or method used to breach the computer security of a password-protected machine or server. Attempts to defeat an authentication mechanism by systematically entering each word in a dictionary as a password or trying to determine the decryption key of an encrypted message or document. Often successful because many users and businesses use ordinary words as passwords. These ordinary words are easily found in a dictionary, such as an English dictionary.
Pivoting
A technique that allows lateral movement from a compromised host Foothold is gained on a target system Compromised target system is leveraged to compromise other, normally inaccessible systems Many tools (i.e. Metasploit) have built in utilities to automate much of the process
IP/MAC Spoofing
A technique that causes the redirection of network traffic to a hacker. Spoofing may denote sniffing out LAN addresses on both wired and wireless LAN networks. The concept behind this type of spoofing is to send bogus ARP communications to Ethernet LANs and the attack may modify traffic or block it altogether.
Keylogger
A technology that tracks and records consecutive key strokes on a keyboard. Because sensitive information such as usernames and passwords are often entered on a keyboard, it can be a very dangerous technology. Often part of malware, spyware or an external virus.
Brute Force Attack
A trial-and-error method used to obtain information such as a user password or personal identification number (PIN). Automated software is used to generate a large number of consecutive guesses as to the value of the desired data. May be used by criminals to crack encrypted data, or by security analysts to test an organization's network security.
Smurf Attack
A type of denial of service attack in which a system is flooded with spoofed ping messages. This creates high computer network traffic on the victim's network, which often renders it unresponsive. Takes certain well-known facts about Internet Protocol and Internet Control Message Protocol (ICMP) into account. ICMP is used by network administrators to exchange information about network state, and can also be used to ping other nodes to determine their operational status. The program sends a spoofed network packet that contains an ICMP ping. The resulting echo responses to the ping message are directed toward the victim's IP address. Large number of pings and the resulting echoes can make the network unusable for real traffic.
Rainbow Tables
A type of hacking wherein the perpetrator tries to use a __________ hash table to crack the passwords stored in a database system. A __________ is a hash function used in cryptography for storing important data such as passwords in a database. Sensitive data are hashed twice (or more times) with the same or with different keys in order to avoid ___________ attacks.
Cross Site Request Forgery (XSRF)
A type of website exploit carried out by issuing unauthorized commands from a trusted website user. Exploits a website's trust for a particular user's browser, as opposed to cross-site scripting, which exploits the user's trust for a website. This term is also known as session riding or a one-click attack. Referred to as one-click attack or session riding.
Spear Phishing Attack
A variation on phishing in which hackers send emails to groups of people with specific common characteristics or other identifiers. __________ emails appear to come from a trusted source but are designed to help hackers obtain trade secrets or other classified information.
Consensus / Social Proof
People are more likely to act when they believe they are in alignment with the larger group 'Mob Mentality" Bartender who seeds his tip jar Review on shopping sites ("4 1/2 Stars" on Amazon, etc)
Trust
People are more likely to act when they trust the person or situation Social engineers can use a variety of tactics to shortcut the path to trust Authority Familiarity/company specific jargon Name dropping Shoulder surfing / dumpster diving
Familiarity / Liking
People like using or buying things they are already familiar with and like Likely to converse with people they perceive to "be like them" Attacker will establish a common contact or friend Trust goes up when people think they're dealing with someone with mutual friends or contacts
WPS Attack
Prone to brute-force attacks, which can allow other devices to connect to a network. One attack may last up to four hours until the perpetrator figures out the correct PIN. This vulnerability can be countered by imposing restrictions or disabling the _____ feature after several incorrect attempts to input the PIN. However, in some devices, the _______ feature is not disabled if it is turned off.
Shoulder Surfing
Refers to the act of obtaining personal or private information through direct observation. Involves looking over a person's shoulder to gather pertinent information while the victim is oblivious. This is especially effective in crowded places where a person uses a computer, smartphone or ATM. If __________ occurs when there are very few people, the act becomes suspicious very quickly. Binoculars, video cameras and vision-enhancing devices also are used, depending on location and situation.
Dumpster Diving
Refers to using various methods to get information about a technology user. Involves searching through trash or garbage looking for something useful. This is often done to uncover useful information that may help an individual get access to a particular network. So, while the term can literally refer to looking through trash, it is used more often in the context of any method (especially physical methods) by which a hacker might look for information about a computer network.
LDAP Injection
Similar to SQL Injection attacks in that the query that is passed to the web server is modified to include malicious query statements or code.
Intimidation
Social engineer can use several techniques (i.e. authority, trust) to then impose their will on the target Threaten negative action Threaten to release sensitive information Can be combined with scarcity/urgency
Scarcity / Urgency
Social engineering tactics to elicit action by making the target think they have to act quickly to take advantage of a special deal, pricing, etc Victim feels they must act quickly or risk missing out Dwindling stock Time-based offer Issue(s) that need to be resolved quickly
Hoaxes
Social engineering technique using the phone and/or voicemail to trick the target into providing sensitive information Hacker acts like remote technician or employee Interested party seeking employment Anger customer filing complaint
Rootkits
Software used by a hacker to gain constant administrator-level access to a computer or network. Typically installed through a stolen password or by exploiting a system vulnerabilities without the victim's consent or knowledge.
Initial Exploitation: Defining physical security
Technical / administrative controls Monitoring / law enforcement
DNS Amplification Attack
Techniques that use specific kinds of DNS query protocols and available hardware setups to plague a system with unnecessary incoming queries. Earlier attacks sent individual requests to central network resources. Due to a lack of handshake authentication, these nodes would distribute requests to other network system devices. These kinds of attacks have largely been prevented through modern network administration.
Hacktivists Actor
The act of hacking a website or computer network in an effort to convey a social or political message. In contrast to a malicious hacker who hacks a computer with the intent to steal private information or cause other harm, they engage in similar forms of disruptive activities to highlight political or social causes. An Internet-enabled strategy to exercise civil disobedience. May include website defacement, denial-of-service attacks (DoS), redirects, website parodies, information theft, virtual sabotage and virtual sit-ins.
Phishing Attack
The fraudulent act of acquiring private and sensitive information, such as credit card numbers, personal identification and account usernames and passwords. Using a complex set of social engineering techniques and computer programming expertise, __________websites lure email recipients and Web users into believing that a spoofed website is legitimate and genuine. In actuality, the __________victim later discovers his personal identity and other vital information have been stolen and exposed.
Vishing Attack
The illegal access of data via voice over Internet Protocol (VoIP). IP telephony's version of phishing and uses voice messages to steal identities and financial resources. The term is a combination of "voice" and "phishing."
Social engineering
The non-technical cracking of information security (IS). It applies deception for the sole purpose of gathering information, fraud or system access. A number of tactics may be used, including: • Taking advantage of human kindness • Searching for sensitive data outside of a computer, like looking inside a dumpster • Obtaining computer passwords via covert methods Was initially associated with the social sciences. However, the way it is used also makes it relevant to computer professionals, as it is a significant threat to any system's security.
Cross Site Scripting (XSS)
The process of addition of malicious code to a genuine website to gather user's information with a malicious intent. Attacks are possible through security vulnerabilities found in Web applications and are commonly exploited by injecting a client-side script. Although JavaScript is usually employed, some attackers also use VBScript, ActiveX or Flash.
Refactoring
The process of altering an application's source code without changing its external behavior. The purpose of code __________ is to improve some of the nonfunctional properties of the code, such as readability, complexity, maintainability and extensibility. Can extend the life of source code, preventing it from becoming legacy code. The __________ process makes future enhancements to such code a more pleasant experience.
Downloader
This Trojan downloads malicious software and causes harm to the victim's computer system.
Data Sending Trojan
This gives the perpetrator sensitive information like passwords or other information programmed to be hijacked.