Created by Chad Shreffler
over 5 years ago
|
||
Question | Answer |
Armored Virus | Protected in a way that makes reverse engineering difficult. Makes it ‘armored’ against antivirus programs that have trouble getting to, and understanding, its code. |
Companion Virus | Creates a new program that runs in the place of an expected program of the same name. |
Macro Virus | A software exploitation that works by using the macro feature included in many apps, such as Microsoft Office. |
Multipartite Virus | A software exploitation that works by using the macro feature included in many apps, such as Microsoft Office. |
Phage Virus | Modifies and alters other programs and databases |
Polymorphic Virus | Changes form or mutates to avoid detection. |
Retrovirus | Attacks or bypasses the AV installed on a computer. |
Stealth Virus | Attempts to avoid detection by AV and from the OS by remaining in memory. |
Crypto-malware or Ransomware | o Malware that uses cryptography as part of the attack. o Prevents users from accessing their system or personal files through encryption and demands ransom payment in order to regain access. o Ransomware authors order that payment be sent via cryptocurrency, online payment systems, or credit card. |
Worms | o Use network to replicate copies of themselves to systems or devices automatically and without user intervention o To spread, worms either exploit a vulnerability on the target system or use social engineering to trick users into executing o Takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided |
Trojans | o A harmful piece of software that looks legit or is included with legit apps o Any app that masquerades as one thing in order to get past scrutiny and then does something malicious One major difference between a virus and a trojan is that Trojans tend not to replicate themselves |
Rootkit | o A clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. o Has the ability to obtain admin or root-level access and hide from the OS. |
Keylogger | o Software programs or hardware devices that track the activities from input devices. ie: Keys pressed of a keyboard or Mouse clicks |
Spyware/Adware | o Applications that covertly monitor online behavior without the user’s knowledge or permission o Collected data is relayed to outside parties, often for use in advertising o Otherwise, does not harm the infected computer, user or data o There is a line between illegal spyware and legitimate data collection |
Bots | An automated software program (network robot) that collects information on the web. In its malicious form, a bot is a compromised computer being controlled remotely |
Botnet | A network of compromised computers under the control of a malicious actor (AKA Command & Control Server or CnC) |
RAT (Remote Access Trojans or Remote Administration Tools) | Software that remotely gives a person full control of a tech device |
Logic Bomb | Any code that is hidden within an app and causes something unexpected to happen based on some criteria being met. Examples: A programmer could create a program that always makes sure his name appears on the payroll roster; if it doesn’t, then key files begin to be erased Backdoor is created during certain times |
Backdoor | o Undocumented way of accessing a system, bypassing the normal authentication mechanisms o An opening left in a program application (usually by the developer) that allows additional access to systems or data. These should be closed when the system is moved to production |
Advanced Persistent Threat (APT) | An attack in which unauthorized persons gain access to a network using advanced exploitation techniques and stay there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization. |
Phishing | Sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information |
Spear Phishing | Sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information |
Whaling | Phishing attack that is specifically aimed at wealthy, powerful, or prominent individuals |
Vishing | Making phone calls or leaving voice messages purporting to be from reputable companies |
Pharming | Traffic redirect to a spoofed website |
Tailgating AKA Piggy-backing | Gaining entry to electronically locked systems by following someone through the door they just unlocked. |
Dumpster diving | The practice of foraging in garbage that has been put out on the street in dumpsters, garbage cans, etc., for discarded items that may still be valuable, useful, or used to commit fraud |
Shoulder surfing | Watching someone “over their shoulder” when they enter sensitive data such as a password or credit card information |
Hoax | Malicious actors issuing false warnings to alarm users |
Swatting | Fraudulent calls to the police |
Watering hole attack | A security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit |
Denial of Service (DoS) | Preventing access to resources by users authorized to use those resources. Attacking systems availability |
Distributed Denial of Service (DDoS) | A DoS attack utilizing multiple compromised computer systems as sources of attack traffic (via botnets) |
Man-in-the-middle | Attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other The attacker may either observe (confidentiality attack) or alter (integrity attack) |
Buffer overflow | Type of injection attack When more data are written to a buffer than it can hold An anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations |
Injection | Occurs when untrusted data is sent to an interpreter as part of a command or query. Filter input to prevent |
Cross-site scripting | Occurs whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript |
Cross-site request forgery | An attack that forces an end user to execute unwanted actions on a web app. AKA session riding or one-click attack |
Privilege Escalation | Gaining elevated privileged access to resources that are normally protected from an application or user |
Amplification | The goal of the attacker is to get a response to their request in a greater than 1:1 ratio so that the additional bandwidth traffic works to congest and slow the responding server down |
Zero day | Attack that exploits a previously unknown security vulnerability |
Replay – AKA Masquerading or Impersonation | The act of pretending to be someone or something to gain unauthorized access to a system Capturing network traffic via eavesdropping, then reestablishing a communications session by replaying captured traffic using spoofed authentication creds |
Clickjacking | Tricking a web user into clicking a spoofed button or graphic |
Session hijacking (Cookie hijacking) | Exploiting a valid computer session, or session key, to gain unauthorized access to information or services |
URL hijacking/Typo squatting | The act of registering domains that are similar to those for a known entity but based on a misspelling or typographical error |
Domain Hijacking/DNS poisoning | When an attacker alters the domain-name-to-IP-address mappings in a DNS system to redirect traffic to a rogue system or perform a DoS attack |
Domain Hijacking/DNS Spoofing | When an attacker sends false replies to a requesting system in place of a valid DNS response |
Network hijacking/MAC Spoofing | Technique for changing a factory-assigned MAC address of a network interface on a networked device |
Network hijacking/IP Spoofing | A technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonates another machine by manipulating IP packets. Involves modifying the packet header with a forged (spoofed) source IP address, a checksum, and the order value |
ARP poisoning AKA ARP Spoofing | When an attacker sends a fake ARP (Address Resolution Protocol) messages over a local area network. Results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network |
Shimming | Creating a library – or modifying an existing one – to bypass a driver and perform a function other than the one for which the API was created |
Refactoring | Set of techniques used to identify the flow and then modify the internal structure of code without changing the code’s visible behavior. Used in Mac spoofing and IP spoofing. |
Evil twin | A rogue wireless access point poses as a legitimate wireless |
Rogue AP | Any wireless access point added to your network that has not been authorized |
Jamming | Causing interference with a wireless signal |
Bluejacking | The sending of unsolicited messages (think SPAM) over a Bluetooth connection |
Bluesnarfing | The gaining of unauthorized access and intercepting data through a Bluetooth connection |
Birthday Attack | An attack on cryptographic hash that looks for hash collisions, exploiting the 1-to-1 nature of hashing functions |
Frequency Analysis | Looking at the blocks of an encrypted message to determine if any common patterns exist |
Rainbow tables | All of the possible password hashes are computed in advance and those hash values are compared with the password database. Rainbow tables are extremely large files, often exceeding several TB. |
Dictionary | Systematically entering each word in a dictionary as a password |
Brute force | Systematically attempting all possible combinations of letters, numbers, and symbols. Usually automated. |
Pass the hash | An attacker attempts to authenticate to a remote server or service by intercepting password hashes on a network. |
Threat | o A potential occurrence that can result in an undesirable outcome o A person or thing likely to cause damage or danger |
Threat Actor | A person or entity that is responsible for an event or incident that impacts, or has the potential to impact, the safety or security of another entity |
Script Kiddies | People who use hacking techniques but have limited skills. |
Hacktivist | Person who uses hacking techniques to accomplish some activist or political goal. |
Organized crime | Highly organized groups seeking to steal money, identities, or corporate secrets |
Nation states | Countries sponsoring illegal or fraudulent actions. |
Insiders | Internal employees seeking to cause damage to their organization |
Competitors | Outside organizations seeking to commit corporate espionage for financial or market gain |
Open-Source Intelligence (OSINT) | Any information having military, political, organizational, or financial value, that is readily available to anyone (e.g., Newspapers/News sites) |
Deep Web | Anything on the Internet that a search engine can’t find |
Dark Web | Part of the Deep Web Internet that is only accessible by means of special software (TOR), allowing users and website operators to remain anonymous |
Dark Web Market | A part of the Dark Web often illegally selling goods, merchandise, data/information, or services. |
Penetration (Pen) Test | An authorized, simulated attack on a computer system or network, performed to evaluate the security of the system by actively exploiting found vulnerabilities. AKA Ethical Hacking |
Active Reconnaissance | Gathering information about targeted systems by actively engaging with the targeted system. Directly focuses on the system (port scans, traceroute info, network mapping, vulnerability scanning) to identify weaknesses that could be used to launch an attack. |
Passive Reconnaissance | An attempt to gain information about targeted computers and networks without actively engaging with the systems. o Examples: collecting info from public databases, talking to employees/partners, dumpster diving, etc. |
Pivot | Attacking a system using another, compromised system that’s trusted to the one you are attacking. Often done on the same network through “island hopping” |
Initial Exploitation | Gain a foothold on a system/network. This is often with lesser privileges of access |
Persistence | Maintaining access for a period of time/hiding |
Black Box | The tester has absolutely no knowledge of the system and is functioning in the same manner as an outside attacker |
White Box | The tester has significant knowledge of the system. This simulates an attack from an insider – a rogue employee |
Gray Box | This is a middle ground between the first two types of testing. In gray box testing, the tester has some limited knowledge of the target system |
Vulnerability Scanning | An inspection of the potential points of exploit on a computer, network, or application to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks, and communications equipment and predicts the effectiveness of countermeasures |
Risk Assessment | Allows an organization to understand the cyber security risk to organizational operations (including mission, functions, image, or reputation), organizational assets, systems or individuals |
Race conditions | The behavior of an electronics, software, or other system where the output is dependent on the sequence or timing of other uncontrollable events. When events do not happen in the order the programmer intended |
End-of-Life Systems | OS or application that is no longer supported by the vendor |
Embedded Systems | Systems using specialized chips within devices that contain operating systems themselves |
System Sprawl | Allowing unchecked systems or devices on an internal network. Usually due to a lack of an internal inventory system |
Want to create your own Flashcards for free with GoConqr? Learn more.