Comptia SY0-501 - 1.0 Threats, Attacks and Vulnerabilities
occurs when the output of two cryptographic operations produce the same result.
Collision
a mathematical and cryptographic term for a random number. to increase security by reducing predictability and repeatability.
Initialization Vector (IV)
is any exploitation that allows an attacker to submit code to a target system in order to modify its operations and/or poison and corrupt its data set.
Injection
One of the biggest risks at any organization is its own internal personnel. Hackers work hard to gain what insiders already have: physical presence within the facility or a working user account on the IT infrastructure.
Insiders
The intent or motivation of an attacker can be unique to the individual or overlap with your own. Some attackers are motivated by the obvious benefit of money and notoriety. Others attack from boredom or just to prove to themselves that they can
Intent/motivation (attributes of actors)
Threats can originate from inside your organization as well as outside. All too often, companies focus most of their analysis and security deployment efforts on external threats without providing sufficient attention to the threats originating from inside.
Internal/External Actors
can sometimes be seen as a derivative of the authority principle. Uses authority, confidence, or even the threat of harm to motivate someone to follow orders or instructions.
Intimidation
is the act of falsifying the IP-to-MAC address resolution system employed by TCP/IP.
Address Resolution Protocol (ARP) poisoning
Gathers information about users and uses it to direct advertisements to the user.
Adware
attack the amount of work or traffic generated by an attacker is multiplied in order to cause a significant volume of traffic to be delivered to the primary victim.
Amplification
is collecting information about a target through interactive means. By directly interacting with a target, a person can quickly collect accurate and detailed information, but at the expense of potentially being identified as an attacker rather than just an innocent, benign, random visitor.
Active Reconnaissance
is an effective technique because most people are likely to respond to authority with obedience. The trick is to convince the target that the attacker is someone with valid ______.
Authority
Software code that gives access to a program or a service that circumvents normal security protections.
Backdoor
involves sending messages to Bluetooth-capable devices without the permission of the owner/user. These messages often appear on a device's screen automatically.
Bluejacking
is the unauthorized access of data via a Bluetooth connection.
Bluesnarfing Attack
a network of robots or malicious software agents controlled by a hacker in order to launch massive attacks against targets.
Botnets
attack occurs when an attacker submits data to a process that is larger than the input variable is able to contain. Unless the program is properly coded to handle excess input, the extra data is dropped into the system's execution stack and may execute as a fully privileged operation.
Buffer Overflow
is a web page-based attack that causes a user's click to link someplace other than the user intended. This is often accomplished by using hidden or invisible layovers, frame sets, or image maps. When a user sees such an item or link, and then clicks their mouse pointer, the click is intercepted by the invisible or hidden layer, and thus the request is for something other than what the user actually intended.
Clickjacking
is the act of taking advantage of a person's natural tendency to mimic what others are doing or are perceived as having done in the past. For example, bartenders often seed their tip jar with money to make it seem as if previous patrons were appreciative of the service.
Consensus / Social proof
he attack is focused on the visiting user's web browser more than the website being visited. trick the user or the user's browser into performing actions they had not intended or would not have authorized. This could include logging out of a session, uploading a site cookie, changing account information, downloading account details, making a purchase.
Cross-site request forgery (XSRF)
is a form of malicious code-injection attack in which an attacker is able to compromise a web server and inject their own malicious code into the content sent to other visitors.
Cross-site scripting (XSS)
any form of malware that uses cryptography as a weapon or a defense.
Crypto-Malware
in a penetration test or a real-world malicious attack is the event that grants the attacker/tester access to the system. It is the first successful breach of the organization's security infrastructure that grants the attacker/tester some level of command control or remote access to the target.
Initial Exploitation
Weak Implementations
Most failures of modern cryptography systems are due to poor or
Denial of service attack committed using dozens of computers, usually zombies on a botnet.
DDoS
Where DNS look up have been manipulated by a hacker to point websites to the wrong DNS. For eg "www.google.com" DNS could be "poisoned" with a DNS to malicious site set up by the hacker.
DNS poisoning
is a form of attack that has the primary goal of preventing the victimized system from performing legitimate activity or responding to legitimate traffic.
Denial of service (DoS)
is one of the many types of wireless management frames. Can be used in several forms of wireless attacks, including the following: - An attack can send repeated frames to a client - A session hijack - A man-in-the-middle attack .
Disassociation
is the malicious action of changing the registration of a domain name without the authorization of the valid owner. This may be accomplished by stealing the owner's logon credentials; using XSRF, session hijacking, or MitM; or exploiting a flaw in the domain registrar's systems.
Domain hijacking
attempts to prevent a client from successfully negotiating robust high-grade encryption with a server. This attack may be performed using a real-time traffic manipulation technique or through a man-in-the-middle attack
Downgrade Attack
Some forms of malicious code or attacker intrusions will take advantage of a form of software manipulation
Driver Manipulation
is the act of digging through trash, discarded equipment, or abandoned locations in order to obtain information about a target organization or individual. Although discovering confidential documentation or secret information would be a welcomed bonus to attackers, they are looking for more mundane documentation.
Dumpster Diving
is any attack or exploit that grants the attacker greater privileges, permissions, or access than may have been achieved by the initial exploitation or that a legitimate user was assigned.
Escalation of Privilege
is an attack in which a hacker operates a false access point that will automatically clone, or twin, the identity of an access point based on a client device's request to connect.
Evil Twin
a social-engineering principle attempts to exploit a person's native trust in that which is familiar. The attacker often tries to appear to have a common contact or relationship with the target, such as mutual friends or experiences, or uses a facade to take on the identity of another company or person. If the target believes a message is from a known entity, such as a friend or their bank, they're much more likely to trust in the content and even act or respond.
Familiarity/Liking
is a form of social engineering designed to convince targets to perform an action that will cause problems or reduce their IT security.
Hoax
is the act of falsifying data. Usually the falsification involves changing the source address of network packets. As a result of the changed source address, victims are unable to locate the true attackers or initiators of a communication.
IP Spoofing
is the act of taking on the identity of someone else. This can take place in person, over the phone, or through any other means of communication. The purpose of impersonation is to fool someone into believing you have the claimed identity so you can use the power or authority of that identity.
Impersonation
is the transmission of radio signals to prevent reliable communications by decreasing the effective signal-to-noise ratio.
Jamming
a form of malware that records the keystrokes typed into a system's keyboard.
Keylogger
focused on encryption systems that use the same key repeatedly or that select keys in a sequential or otherwise predictable manner. The goal is to discover the key or a key of the series, and then use that key to determine other keys and thus be able to decrypt most or all of the data protected by the flawed encryption system.
Known Plain Text/Cipher Text
Threat actors can vary greatly in their skill level and level of sophistication. Some attackers are highly trained professionals who are applying their education to malicious activities, whereas others are simply bad guys who learned how to perform cyberattacks just to expand theirexisting repertoire.
Level of sophistication (attributes of actors)
is a form of malicious code that remains dormant until a triggering event occurs. The triggering event can be a specific time and date, the launching of a specific program, or the accessing of a specific URL.
Logic Bomb
is used to impersonate another system, often a valid or authorized network device, in order to bypass port security
MAC Spoofing
attack is a communications eavesdropping attack. Attackers position themselves in the communication stream between a client and server (or any two communicating entities). The client and server believe that they're communicating directly with each other—they may even have secured or encrypted communication links. However, the attacker can access and potentially modify the communications.
Man-in-the-Middle
is any form of cyberattack that is able to continually exploit a target over a considerable period of time. Often takes advantage of unknown flaws (that is, not publicly known) and tries to maintain stealth throughout the attack.
Nation States/Advanced Persistent Threat(APT)
is a standard that establishes radio communications between devices in close proximity. It lets you perform a type of automatic synchronization and association between devices by touching them together or bringing them within inches of each other.
Near field communication (NFC)
is the gathering of information from any publicly available resource. This includes websites, social networks, discussion forums, file services, public databases, and other online sources. It also includes non-Internet sources, such as libraries and periodicals.
Open-source intelligence
is involved in cybercrime activities because it is yet another area of exploitation that may allow criminals to gain access, power, or money.
Organized crime
hacking technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case. It replaces the need for stealing the plaintext password with merely stealing the hash and using that to authenticate with.
Pass the Hash
is the activity of gathering information about a target without interacting with the target. Instead, information is collected from sources not owned and controlled by the target (other websites and services) as well as by eavesdropping on communications from the target.
Passive Reconnaissance
is the characteristic of an attack that maintains remote access to and control over a compromised target. Some attacks are quick one-off events where the initial compromise triggers some result, such as stealing data, planting malware, destroying files, or crashing the system.
Persistence
is a form of social engineering attack focused on stealing credentials or identity information from any potential target. It is based on the concept of fishing for information.
Phishing
is the action or ability to compromise a system, and then use the privileges or access gained through the attack to focus attention on another target that may not have been visible or exploitable initially. It is the ability to adjust the focus or the target of an intrusion after an initial foothold is gained.
Pivot
Social engineering works so well because we're human. The principles of social engineering attacks are designed to focus on various aspects of human nature and take advantage of them. Although not every target succumbs to every attack, most of us are vulnerable to one or more of the following common social engineering principles.
Principles (Reasons for Effectiveness)
occurs when a user is able to obtain greater permissions, access, or privileges than they're assigned by an organization.
Privilege escalation
is a tracking technology based on the ability to power a radio transmitter using current generated in an antenna when placed in a magnetic field.
RFID (Radio Frequency Identification)RFID (Radio Frequency Identification)
an attack on a password that uses a large pre-generated data set of hashes from nearly every possible password, take advantage of a concept known as a hash chaidictionary attack
Rainbow Tables
a form of malware that aims to take over a computer system in order to block its use while demanding payment.
Ransomware
is a restricting or reorganizing of software code without changing its externally perceived behavior or produced results.
Refactoring
is a form of malicious code that grants an attacker some level of remote-control access to a compromised system.
Remote Access Trojan (RAT)
an attacker captures network traffic and then retransmit the captured traffic in an attempt to gain unauthorized access to a system.
Replay Attack
Some threat actors are well funded with broad resources, whereas others are not. Some threat actors self-fund; others find outside investors or paying customers. Self-funded threat actors might highjack or use advertisement platforms to obtain funds; others may use ransomware to extort money from their victims.
Resources/funding (attributes of actors)
An unauthorized AP. It can be placed by an attacker or an employee who hasn't obtained permission to do so.
Rogue AP
a type of malicious code that fools the OS into thinking that active processes and files don't exist. Rootkits render a compromised system completely untrustworthy.
Rootkits
is a technique used to convince someone that an object has a higher value based on the object's scarcity. For example, shoppers often feel motivated to make a purchase because of a limited-time offer, due to a dwindling stock level, or because an item is no longer manufactured.
Scarcity
is a form of attack in which the attacker takes over an existing communication session. The attacker can assume the role of the client or the server, depending on the purpose of the attack.
Session Hijacking
is a means of injecting alternate or compensation code into a system in order to alter its operations without changing the original or existing code. A rough analogy would be that when a table on a new floor is wobbly
Shimming
occurs when someone is able to watch a user's keyboard or view their display. This could allow them to learn a password or see information that is confidential, private, or simply not for their eyes.
Shoulder Surfing
This form of DRDoS uses ICMP echo reply packets (ping packets). The attacker sends ICMP Type 8 echo request packets to several intermediary networks' broadcast addresses with the source IP address set to the primary victim. This causes multiple ICMP Type 0 replies to be sent to the victim.
Smurf
is a form of attack that exploits human nature and human behavior
Social engineering
is a more targeted form of phishing where the message is crafted and directed specifically to a group of individuals, rather than being just a blind broadcast to anyone. Often, attackers will first compromise an online or digital business in order to steal their customer database. Then, false messages are crafted to seem like a communication from the compromised business, but with falsified source addresses and incorrect URLs. The hope of the attack is that someone who already has an online/digital relationship with an organization is more likely to fall for the false communication.
Spear phishing
Gathers information about users and may employ that information to customize advertisements or steal identities.
Spyware
occurs when an unauthorized entity gains access to a facility under the authorization of a valid worker but without their knowledge. This attack can occur when a worker uses their valid credentials to unlock and open a door, then walks on into the building as the door closes
Tailgating
First phase is to observe the target's habits. Second phase is to plant malware on watering hole systems. Third phase is to wait for members of the target to revisit the poisoned watering hole and then bring the infection back into the group.
Three phases of Watering Hole Attack
a form of malicious software that is disguised as something useful or legitimate
Trojan Horses
a social engineering principle involves an attacker working to develop a relationship with a victim. This may take seconds or months, but eventually the attacker attempts to use the value of the relationship to convince the victim to reveal information or perform an action that violates company security.
Trust
is a practice employed to capture traffic when a user mistypes the domain name or IP address of an intended resource. A squatter predicts URL typos and then registers those domain names to direct traffic to their own site. This can be done for competition or for malicious intent.
URL Hijacking / Typo squatting
often dovetails with scarcity, because the need to act quickly increases as scarcity indicates a greater risk of missing out. Is often used as a method to get a quick response from a target before they have time to carefully consider or refuse compliance.
Urgency
programs that are designed to spread from one system to another through self-replication and to perform any of a wide range of malicious activities.
Viruses
is phishing done via Voice-over-IP (VoIP) services. VoIP is a technology that allows phone call-like conversations to take place over TCP/IP networks.Tailgating
Vishing
is a type of geek graffiti that some wireless hackers used during the early years of wireless. It's a way to physically mark an area with information about the presence of a wireless network.
War chalking
is the act of using a detection tool to look for wireless networking signals.
War driving
Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected.Hacks looking for specific information may only attack users coming from a specific IP address.
Watering Hole Attack
is a form of phishing that targets specific high-value individuals (by title, by industry, from media coverage, and so forth), such as Clevel executives or high-net-worth clients, and sends messages tailored to the needs and interests of those individuals.Vishing
Whaling
is a security standard for wireless networks. It is intended to simplify the effort involved in adding new clients to a well-secured wireless network. It operates by auto connecting the first new wireless client to seek the network once the administrator has triggered the feature by pressing the ___ button on the base station
WiFi Protected Setup (WPS)
designed to exploit a single flaw in a system (operating system, protocol, service, or application) and then use that flaw to replicate themselves to other systems with the same flaw.
Worms
attacks are newly discovered attacks for which there is no specific defense. Aims to exploit flaws or vulnerabilities in targeted systems that are unknown or undisclosed to the world in general.
Zero Day
designed to try every possible valid combination of characters to create possible passwords, starting with single characters and adding characters as it churns through the process, in an attempt to discover the specific passwords used by user accounts. Such attacks are always successful, given enough time.
brute force
brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. In probability theory, the birthday paradox or birthday problem considers the probability that some paired people in a set of n randomly chosen of them, will have the same birthday.
brute force or birthday attack
companies in the same industry that sell similar products or services to customers, many organizations still elect to perform corporate espionage and sabotage against their competition while it is widely known that such actions are illegal.
competitors
performs password guessing by using a preexisting list of possible passwords. Password lists can include millions of possible passwords.
dictionary attack
is someone who uses their hacking skills for a cause or purpose. commits criminal activities to further their cause.
hacktivist
IDS (Intrusion Detection System)
main defense against these wireless attacks is to operate a wireless
attack is effectively an MitM attack. The only real distinction is that the middleman malware is operating on the victim's system, where it is able to intercept and manipulate communications immediately after they leave the browser and before they exit the network interface.
man-in-the-browser (MitB, MiTB, MiB, MIB)
is one in which the attacker is not working against a live target system but instead is working on their own independent computers. An attacker will have had to obtain the target's password hashes and then transferred them to their own computers.
offline attack
occurs against a live logon on prompt. In this type of attack, the attacker submits credentials, which are then processed by the authentication service of the target system. If the credentials are correct, then the attacker has successfully impersonated the user. If incorrect, a logon denied error occurs.
online password attack
is the retransmission of captured communications in hope of gaining access to the targeted system.
replay attack
are threat actors who are less knowledgeable than a professional skilled attacker. Is usually unable to program their own attack tools and may not understand exactly how the attack operates.
script kiddies
is the person or entity who is responsible for causing or controlling any security-violating incidents experienced by an organization or individual.
threat actor
