Domain 2 Flash Cards

Nation state

Government-sponsored entities that engage in cyber operations to further national security interests, often through sophisticated tactics.

Advanced Persistent Threat (APT)

Nation-backed agents or organized cybercriminal groups recognized for their capability to infiltrate specific systems and remain hidden, gradually stealing data over extended periods.

Unskilled attacker

Individuals who typically lack advanced technical skills and use basic tools sourced from the dark web; their motivations can range from personal gain to seeking notoriety.

Hacktivist

Attacks driven by ideological, political, or social motives aimed at promoting a cause, raising awareness, or enacting change, often through defacement of websites or leaking sensitive information as a form of digital protest.

Client-based scanning

A tool used for automating vulnerability discovery, classification, and reporting to a central management server.

Agentless scanning

A preferred method for threat actors that allows scanning of hosts without necessitating installations.

Legacy and third party software

Common targets for threats due to potential vulnerabilities.

Service Set Identifier (SSID)

Acts as the network name; disabling its broadcast obscures the network presence from casual attackers.

MAC filtering

A security measure that permits only approved MAC addresses to access the wireless network.

Supply Chain

The process of transforming raw materials into finished products for consumer availability.

Managed Service Providers (MSP)

Third-party organizations that handle all of a company's IT needs.

Vendors

Entities that provide goods and services to companies or consumers, often sharing sensitive information.

Suppliers

Third-party contributors who supply goods or services to an organization.

Human Vectors/Social Engineering

Methods used by attackers to manipulate individuals into divulging confidential information.

Pretexting

A social engineering tactic involving the creation of a fabricated scenario to extract information, such as impersonating a tech support agent.

Watering hole attacks

Attacks that compromise legitimate websites to implement malicious code.

Typo squatting

A malicious practice that exploits common typing errors to redirect users to fraudulent sites.

Memory Injection

The secret insertion of malicious code into a program's memory space, often remaining undetected by exploiting the dynamic nature of memory collection.

Buffer Overflow

Attackers flood a program's buffer with excess data, which can overwrite adjacent memory spaces and open doors for unauthorized access.

Race Conditions

Occurs when two instructions from separate threads try to access the same data simultaneously; TOC/TOU deals with synchronization of shared resources.

SQL Injection (SQLI)

Attackers exploit vulnerabilities in a website or application’s input fields to manipulate SQL queries executed on the backend database.

Stored Procedures

Database objects that encapsulate a sequence of SQL statements, providing a layer of security against SQL injection.

VM Escape

An unexpected challenge introduced by hypervisors, potentially creating a path for lateral movement and unauthorized access.

Resource Reuse

Improper allocation and management of resources can lead to performance issues; resource exhaustion is a major concern.

VM Sprawl

Uncontrolled and excessive creation of virtual machines, which can lead to unmanaged growth in the computing environment.

Risk of Shared Tenancy

Multiple customers sharing the same cloud infrastructure, which can expose sensitive data if not properly managed.

Inadequate Configuration Management

Lack of understanding or mishandling of configurations may expose resources or leave open ports vulnerable.

Identity and Access Management Flaws

Issues caused by misconfigured user permissions, compromised credentials, or weak authentication processes.

Cloud Access Security Broker (CASB)

Enforces company security policies by bridging the gap between on-premises and dynamic cloud environments.

Service Provider Vulnerabilities

Poorly managed third-party relationships can result in lapses in security controls and expose organizations to risks.

Hardware Provided Vulnerabilities

Counterfeit or compromised hardware components that can infiltrate the supply chain and pose security risks.

Key Compromise

Keys can be compromised due to theft, weak generation methods, or poor key management practices.

Side Channel Attacks

Attacks that exploit cryptographic operations leaking information through channels like power consumption, timing, or radiation.

Backdoor Exploitation

Access through backdoors can render encryption useless, allowing attackers to compromise cryptographic systems.

Certificate Revocation List (CRL)

A list that indicates which certificates are valid or revoked; essential for maintaining certificate integrity.

Online Certificate Status Protocol (OCSP)

A protocol enabling real-time certificate validation, regarded as superior to traditional CRLs.

SSL Stripping

An SSL downgrade attack that bypasses certificate-based protection, converting secure HTTPS connections to unprotected HTTP.

SSL/TLS Downgrade

Interception of SSL traffic by a server impersonating an older browser, enabling weaker encryption and easier data access.

Network Device Vulnerabilities

Open ports, weak access controls, and unpatched firmware that can facilitate DDoS and man-in-the-middle attacks.

Access Control Lists (ACLs)

Rules that may inadvertently grant unauthorized access to sensitive segments of the network.

Firewalls

Devices that act as a frontline defense against unauthorized access by filtering incoming and outgoing network traffic.

Jailbreaking

The process allowing Apple device users to bypass manufacturer or OS restrictions for enhanced control.

Rooting

Enables Android device users to bypass manufacturer or OS restrictions for greater control over their device.

Sideloading

The practice of using APK files to install applications on Android devices outside of authorized app stores.

Zero Day Vulnerabilities

Hidden flaws in software that hackers can exploit before the developers are aware, providing unrestricted access to systems.

Potentially Unwanted Programs (PUPs)

Programs downloaded alongside other software that overconsume computer resources, leading to performance degradation.

Ransomware

A type of malware that encrypts private files and demands a ransom payment for their release.

Prevention against Ransomware Attacks

Using endpoint protection software such as EDR or XDR tools provides enhanced security against ransomware.

Trojans

Malicious software that deceives users by appearing as legitimate software, potentially creating backdoor access.

Portable Executable Files

Common executable and binary file formats used in Windows operating systems.

Remote Access Trojans (RATs)

Malware that allows attackers to control compromised systems remotely.

Worms

Self-replicating malware that spreads through networks, consuming bandwidth and memory.

Spyware

Malicious software that monitors user activities, consuming system resources.

Bloatware

Pre-installed software on new devices that can drain performance and storage resources.

Polymorphic Viruses

Malware that alters its code to evade detection by traditional security measures.

Keyloggers

Stealthy software that records users' keystrokes to capture sensitive information.

Logic Bombs

Malicious code that remains dormant until triggered by a specific condition.

Rootkits

Malware that hides within the operating system to evade detection while providing remote control capabilities.

Malware Inspection

The process of analyzing suspicious software in a sandbox environment to assess its safety.

Radio Frequency Identification (RFID) Cloning

The unauthorized copying of signals from RFID key cards to gain access to secure areas.

Pivoting

When an attacker moves laterally within a network by exploiting a vulnerable host.

Network Mapper (Nmap) Tool

A tool used to discover hosts and services on a computer network.

Distributed Denial of Service (DDoS)

An attack that overwhelms a target's servers to render them inoperable by flooding them with traffic.

Botnet

A collection of internet-connected devices that are infected and controlled as a group for malicious activities.

Amplified Attack

A type of attack where a small request results in a significantly larger response, exploiting network protocols.

Reflected Attack

An attack where the attacker spoofs the victim's IP address to make it appear as if the victim is sending the request.

Domain Name System (DNS)

The system that translates human-readable domain names to IP addresses.

ARP Poisoning

An attack that sends forged ARP messages to a local area network to map IP addresses to the attacker's MAC address.

DNS Sinkhole

A security measure that redirects traffic intended for malicious domains to controlled servers.

DNS Cache Poisoning

A manipulation technique that alters DNS records to redirect users to malicious sites.

Rogue Access Points

Unauthorized wireless access points that mimic legitimate ones to steal user information.

Evil Twin Attack

A malicious access point that intercepts communications between users and the legitimate network.

Deauthentication and Jamming Attacks

Attacks that disrupt user connections to a wireless access point, forcing disconnections.

MAC Spoofing

The technique of changing a device's MAC address to impersonate an authorized device.

WiFi Analyzers

Tools used to detect and analyze wireless network traffic for security breaches.

On-Path Attack

Interception attacks that allow eavesdropping on data exchanges.

Replay Attack

An on-path attack that captures and retransmits data at a later time.

Credential Replay Attacks

Attacks that capture and reuse valid login credentials for unauthorized access.

NT LAN Manager (NTLM) Disadvantages

Being a legacy system, NTLM is particularly susceptible to various attacks.

Credential Stuffing

An attack that involves using stolen usernames and passwords to access multiple accounts.

Bash Shell Attacks

Exploits that execute unauthorized commands on a system through the bash shell.

Injection Attacks

Attacks that insert untrusted data into a program via inputs, leading to various exploitations.

Buffer Overflow

A vulnerability where excessive data overwrites memory, potentially leading to unauthorized code execution.

Privilege Escalation

Gaining elevated access rights to perform unauthorized actions on a system.

Forgery Attacks

Attacks that manipulate data to impersonate legitimate users or systems.

Server-Side Request Forgery (SSRF)

A vulnerability that permits attackers to send unauthorized requests from a server.

Directory Traversal

An attack that seeks to access restricted files by manipulating directory paths.

Cryptographic Attacks

Attacks that exploit weaknesses in cryptographic algorithms or protocols.

Downgrade Attack

An attack that attempts to weaken encryption between two communicating parties.

SSL/TLS Downgrade Attack

Exploits vulnerabilities to enforce insecure encryption methods during communication.

SSL Stripping

An attack that converts secure HTTPS connections to unprotected HTTP, allowing eavesdropping.

Birthday attack

An attack that exploits the probability of two inputs producing the same hash value due to collisions.

Pass the Hash Attack

An attack that uses the hash of a password to impersonate a user without needing to know the password.

Dictionary Attack

An attack using a list of words to guess passwords, without including variations like misspellings.

Password Spraying

An attack that uses common passwords against many accounts to find a successful login.

Brute Force Attack

A trial-and-error method used to decode encrypted data such as passwords.

Hybrid Attacks

Attacks that combine elements of both dictionary and brute force techniques.

Online Password Attack

An attempt to break a password using the website's login interface.

Offline Password Attack

Cracking passwords from storage without alerting security systems.

Indicators of Attack

Early warnings of potential threats through detection of suspicious activities on a network.