Threats, Attacks, and Vulnerabilities

Ace your homework & exams now with Quizwiz!

Pharming

A phishing attack that automatically redirects the user to a fake site.

OSINT (Open Source Intelligence)

Information for collection from publicly available information sources such as publication, geospatial information, and many online resources

Worms

destructive programs that replicate themselves without requiring another program to provide a safe environment for replication

Threat

A circumstance or event that has the potential to compromise confidentiality, integrity, or availability. Threats can be natural (hurricanes, floods, earthquakes, etc), manmade (malicious software, hackers, etc). Can not prvent threats, but reduce impact.

zombie

A computer that is controlled by a hacker who uses it to launch attacks on other computer systems. Can be updated automatically and remotely

Integer Overflow

A condition that occurs when a very large integer exceeds its storage capacity.

MITM

A form of active interception allowing an attacker to intercept traffic and insert malicious code sent to other clients. Kerberos provides mutual authentication and helps prevent MITM attacks. Prevents MITM attack: arp -s IPAddr hexidecimal addr

Replay Attack

A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Kerberos prevents this by using timestamps and USN

Bluejacking

A hacking method that allows an individual to send anonymous messages to Bluetooth-enabled devices. When paired with the attacker's device the user's data becomes available for unauthorized access, modification, or deletion. (bluesnarfing)

Insider Threat

A malicious insider

Banner Grabbing

A method used to gain information about a remote system, often as part of a finger printing attack. It identifies the operating system of the DMZ and other details on the remote system such as patch level version, application patch level, and app version.

Vulnerability Scan

A passive scan that has little impact on a system during a test. Detects vulnerabilities, misconfigurations, and lack of security controls. Helps to identify which systems are vulnerable to attack.

In-Line Scanner

A passive scan used to detect anomalies in network traffic, such as a possible attack. Scanner will then send an alert and log the attack.

Whaling

A phishing attack that is targeted to senior business executives and government leaders

Vishing

A phishing attack that uses a telephone call instead of using e-mail, often with a fake caller ID in an attempt to get account details

Remote Access Trojan (RAT)

A remote administration tool maliciously installed as a Trojan horse to give a remote user some level of control of the infected system via a backdoor into the infected system. Important part of a botnet. • Symptoms: Usually undetectable until activated. System damage, data loss. • Action: Restore system from backups.

Credentialed Vulnerability Scan

A scan that provides credentials to the scanner so that tests for additional internal vulnerabilities (such as uncommon open ports, files, versions, and registry values on the host) can be performed; reduces false positives and will likely produce the most information

Buffer Overflow

A series of No operation commands (x90) Occurs when an app receives more input, or different input, than is expected. The result is an error that exposes system memory that would otherwise be protected and inaccessible. Attacker is able to write malicious code into extra allocated memory. echo "vrfy 'perl -e 'print "hi" x 500 ' ' " | nc www.company.com 25

Keylogger

A small hardware device or a program that monitors each keystroke a user types on the computer's keyboard.

Dynamic Link Library (DLL) Injection

A software vulnerability that can occur when a Windows-based application attempts to force another running application to load a dynamic-link library (DLL) in memory, causing the victim application to experience instability (crashes) or leak sensitive information. To mitigate, all calls to different DLLs should be hard-coded in the application.

Flood Guard

A switch feature that protects against media access control (MAC) flood attacks

Spanning Tree Protocol (STP)

A switching protocol that protects against switching loops by dynamically disabling links as needed and should always be enabled.

Pivoting

A technique in which an attacker uses a single compromised system as a platform for launching attacks deeper into a company's network

Black Box Testing

A testing approach that focuses on the functionality of the application or product without knowledge of the code

Spyware/Adware

A type of Malware that may monitor/collect browser activity and log keystrokes, and may impact computer performance and generate pop-ups

Rogue Access Points

A type of MiTM attack, unauthorized access points (evil twin) that are set up by a department or an individual.

Downgrade Attack/POODLE

A type of attack that forces a system to downgrade its security. The attacker then exploits the lesser security control. MITM Exploit that affects SSLv3.0 with CBC mode cipher

Macro Virus

A virus that's distributed by hiding it inside a macro.

System Sprawl

A vulnerability that occurs when an organization has more systems than it needs, undocumented assets, and systems it owns are underutilized. Asset management prevents system sprawl. Compare with VM sprawl.

Packet Sniffing/ Protocol Analyzer

Allows an attacker to capture and analyze IP headers and examine data/traffic being sent over a network if the data being transmitted is unencrypted/clear text, identify the type of traffic, the source of the traffic and the protocol flags used within the individual packets. TCPDUMP is classified as sniffer

WPS Attack

An attack against an AP. A WPS attack discovers the eight-digit WPS PIN and uses it to discover the AP passphrase.

Pass The Hash Attack

An exploit in which an attacker steals a hashed user credential and uses them as-is to try to authenticate to the same network the hashed credentials originated on. Directed at Windows-based systems, SSO vulnerability, Prevent by removing NTLM (new technology lan manager)

Penetration Testing

An invasive test that identify and repair vulnerabilities by hacking into a network, accessing data without being granted access. Primary Phases: Planning (Reconnaissance), discovery (Initial Exploitation), attack (exploit vulnerabilities) and reporting (Penetration Test Report listing the exploited vulnerabilities)

memory leak

An undesirable state in which a program requests memory but never releases it, which can eventually prevent other programs from running. Found in the task manager, app pool is constantly being recycled

Zero-Day Attack

Attack that exploits previously unknown vendor vulnerabilities, so victims have no time (zero days) to prepare for or defend against the attack.

Amplification Attack

Attack that significantly increases the amount of traffic sent to a victim. DDoS is a type

Plain text Attack

Attacker knows some of the plain text data used to create the encrypted data.

ARP Poisoning

Attackers alter a system's ARP table so it contains incorrect MAC address information, poisoning its table associations of other devices. Uses unsolicited ARP replies

Armored Viruses

Attempt to trick or shield themselves from antivirus software and security professionals.

Threat Actor (People)

Attributes: Actors Relationship to the org, motive, intent, capabilities Types: Script kiddies, insiders, hacktivits, organized crime, competitors, and nation states. Competitors are more likely to want to steal intellectual property to gain a competitive advantage.

Rootkits

Can be installed and hidden on a computer mainly for the purpose of compromising the system. Malware scanners can be used to locate

Tracking Cookie

Can be used by Spyware. Used to track your path through a Web site, the time you spend there, what links you click on, and other details recorded, usually for marketing purposes.

XSRF

Cross-site request forgery. An attack that causes users to perform actions on websites without their knowledge. In some cases, attackers use header manipulation to steal cookies and harvest passwords.

XSS

Cross-site scripting. Used to hijack a user's session. Can be prevented by using input validation techniques to filter special characters used in HTML or java code

Honey Pot

Divert malicious attackers to a harmless area of your network, away from production servers and real data.

False Negative

Does not report an actual attack

Privilege Escalation

Exploiting a vulnerability in software to gain access to resources that the user or application would normally be restricted from obtaining.

DoS and DDoS (AKA Smurf)

Flooding a site with packets to prevent access and contributes to resource exhaustion (based on ICMP echo reply called a Smurf attack) DoS is an attack from one attacker against one target. DDos attacks have one attacker and attack many targets

Jabber

Has serious implications for larger orgs and can potentially allow an attacker to capture conversations

Host Enumeration

Identifies hosts on a network

Viruses

Infect systems and spread copies of themselves

Malware

Malicious software running on a host, Types: Adware (popups), Virus (replication mechanism, attaches to something to activate, usually looking for a result (backdoor)...updated antivirus reduces viruses), Spyware (collect information about computer habits and sell to unauthorized party), reduces performance, can exploit DNS, Trojan

Untrained User

Most likely vulnerable to clicking on a malicious link in an email

NullPointerException

Occurs when an application tried to use an object reference with a null value

Penetration Attack Phase

Order: Initial Exploitation: A successful attack on a single computer, escalation of privilege, pivot and persistence (initial exploitation has concluded, and tester is interested in maintaining their access to the network)

Salt Hashing

Password randomization, preventing a rainbow table attack on password hashes

Syn Stealth Scan

Perfoms a half-open scan. Does not complete the 3-way handshake; instead response exposes IP addresses of systems who respond. Then, an RST (reset) is sent in response to the SYN, closing the connection.

DNS poisoning

Perpetrator redirects traffic by changing the IP record for a specific domain (permitting attackers to send legitimate traffic anywhere they choose)

Default Accounts,Passwords, & Configurations

Provide a simple means for an attacker to gain access to a system bc the system is vulnerable

Security Content Automation Protocol (SCAP)

Provides automation methods for managing vulnerabilities

Password Guessing/Brute Force/ Dictionary Attacks

Repeated guessing of logons and passwords Hybrid Attack: Combo of dictionary and brute-force attacks

Race Condition Vulnerability

Results when several threads try to access and modify the same data concurrently, causing system malfunction, crashes or privilege escalation

Ping Scan

Sends ICMP pings to a range of IP addresses. If the IP responds, the network scanner knows there is a host operations with that IP addr. Most FWs block this capability, so results are inconsistent.

Ransomware

Software that encrypts programs and data until a ransom is paid to remove it.

White Box Testing

Testers use their knowledge of system internals when testing the system

Port Scanning

The act of systematically scanning and identifying a computer's open ports to determine what services are running on the system.

Risk

The possibility of a threat exploiting a vulnerability and resulting in a loss. Risk = Threat * Vulneability

Fuzzing

The practice of sending unexpected input to an application for penetration testing and can be used in a security assessment.

Spoofing

The process of making data look as if it came from a trusted or legitimate source. Create rules to block all incoming traffic from private IP addresses to prevent spoofing

Refactoring

The process of modifying a working program to improve function interfaces and other qualities of the code.

Exploitation Framework

Toolsets that can be used offensively or defensively and are often used by pen testers as well as hackers. Stores information about security vulnerabilities to detect and exploit software. Used for penetration testing and risk assessment

Logic Bombs

Trigger on a particular condition

System Hardening

Use a configuration Compliance Scanner to: Remediate non-compliant config items, disable unnecessary services, restrict administrative access, and enable auditing controls on a server

Gray Box Testing

Uses a combo of white and black box techniques. Tester has some understanding of or limited knowledge of inner workings

Fingerprinting Attack

Usually part of a reconnaissance attack by identifying specific info about a system. It identifies IP addresses used in the target network using method such as ICMP sweep or host enumeration sweep. Ping scanners are also used

False Positives

When a vulnerability is incorrectly identified. False positives from an IDS can cause an increased workload because they falsely indicate an alert has occurred.

Data Execution Prevention (DEP)

Windows feature that uses a combination of software and hardware to prevent the execution of code in unintended areas of memory to protect against buffer overflow attacks.

Class C fire extinguisher

a fire extinguisher rated to put out electrical fires.

Botnet

a group of compromised computers or mobile devices connected to a network

spear phishing

a phishing expedition in which the emails are carefully designed to target a particular person or organization

Whitelisting

a process in which a company identifies the software that it will allow to run on its computers

Password Cracker

a program that attempts to discover passwords

Phishing

a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent e-mail

Rainbow Table Attack

attempts to discover the password from the hash lookup using databases of precomputed hashes and Bypasses maximum failed login restrictions; countermeasure is salting

Trojans

disguised as legit software, harmful software that tricks people into loading and executing on their systems; does not infect files or self replicate

Clickjacking

is a technique that tricks users into clicking on a malicious link by adding the link to a transparent layer over what appears to be a legitimate web page.

Input Validation/Handling

the process of inspecting data given to a program by the user and determining if it is valid. Prevents input that can impact data flow, allowing an attacker to gain control of a system or remotely execute commands. Server-side input validation results in a more secure system than client-side input validation


Related study sets

BRAVE NEW WORLD - ANALYTIC CUBISM

View Set

ACCT 250 GCU, Accounting 250 GCU

View Set

306 Ricci PrepU Chapter 16: Nursing Management During the Postpartum Period 1

View Set

ACCT 3190 Intermediate II CH. 12 Smartbook

View Set

Organization Behavior 7,8,9,10 Exam #3

View Set

Plumbing Unit 13 - Principles of Home Inspection Systems & Standards

View Set