DACS 2201 / 04-Penetration Testing and Malware

Vocabulary practice covering the definitions and types of penetration testing and various categories of malware as presented in the lecture.

Penetration testing (Pen Test)

A simulated cyber attack against an information system to check for exploitable vulnerabilities.

Creep

Expansion beyond the test's limitations that occurs when a pen test is not well planned.

Rules of Engagement

The limitations and parameters of a pen test, including timing, scope, authorization, exploitation level, communication, cleanup, and reporting.

Red Team

The team of attackers in a penetration test.

Blue Team

The team of defenders in a penetration test.

White Team

The referees who enforce the rules of engagement during a pen test.

Purple Team

A team that provides real-time feedback to attackers and defenders to enhance the overall test.

Black Box

A pen test where the tester is given no information and no special privileges.

White Box

A pen test where the tester is given full knowledge of the network and the source code of applications.

Gray Box

A pen test where the tester is given limited knowledge and access level.

Reconnaissance

Also called footprinting; the process of gathering information about the organization through active or passive means.

Open-Source Intelligence (OSINT)

Publicly accessible information found online used during passive reconnaissance.

Scanning

The phase where threat actors identify open ports as potential entry points by checking network traffic.

Establishing Persistence

Installing a backdoor to allow easier, repeated, and long-term access to the system without reusing the initial vulnerability.

Moving Laterally

The process of attempting to escalate to more advanced protected resources (privilege escalation) to reach an ultimate target.

Malware

Malicious Software that enters a computer system without the user’s knowledge or consent to perform unwanted and harmful actions.

Ransomware

Malware that prevents a user’s endpoint device from fully functioning until a fee is paid, often between $200-500$ dollars for individuals.

Cryptomalware

Malware that encrypts all files on a device (or connected servers, NAS, and DAS) so they cannot be opened.

File-based virus

Malicious code attached to a file that reproduces on the same computer but requires human intervention to transfer to another computer.

Fileless virus

Malicious code loaded directly into RAM that takes advantage of native OS services and writes to the Windows Registry for persistence.

Worm

A malicious program, also known as a Network Virus, that uses a computer network to replicate and spread itself automatically.

Bot

Also called a zombie; an infected computer placed under the remote control of an attacker.

Botnet

A group of millions of infected computers receiving instructions through a command and control (C&C) structure.

Bot herder

A remote computer that sends instructions to a botnet.

Keylogger

Malware that silently captures and stores each keystroke typed on a keyboard, available as software or hardware devices.

Spyware

Tracking software deployed without consent that monitors activities like web pages browsed or personal information.

Potentially Unwanted Programs (PUPs)

Software such as adware and browser hijackers that are installed along with other programs when users overlook default installation options.

Trojan

An executable program that disguises itself as a benign activity while performing malicious tasks.

Remote Access Trojan (RAT)

A type of trojan that allows an attacker unrestricted access to monitor users, change settings, or access other networked computers.

Backdoor

A method of access to a computer or program that circumvents normal security protections.

Logic Bomb

Dormant code added to a legitimate program that triggers a malicious activity only when a specific event occurs.

Rootkit

Malware that accesses lower layers of the OS to hide its own presence and the presence of other malware.

Macros

Visual Basic (VB) executable code found in Microsoft Office documents that can be used to host malware.