2.2 Threat Vectors and Attack Surfaces

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/12

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

13 Terms

1
New cards

Vector: Email

📧 The #1 delivery method for phishing, malware, and BEC.

2
New cards

Vector: SMS Texting

📱 The delivery method for Smishing.

3
New cards

Vector: Instant Messaging

💬 Using apps like Teams or WhatsApp to send malicious links or files.

4
New cards

Vector: Image Based

🖼 Hiding a malicious payload inside an image (steganography) or a link in an image.

5
New cards

Vector: File Based

📄 A malicious payload delivered in a document (e.g., a macro in an Excel file) or a script.

6
New cards

Vector: Voice Call

📞 The delivery method for Vishing.

7
New cards

Vector: Removable Device 

💾 Using a USB drive to deliver malware. (e.g., "Baiting" - leaving a drive in a parking lot).

8
New cards

Attack Surface: Vulnerable Software

💻 Unpatched OS/apps, misconfigurations, and software bugs.

9
New cards

Attack Surface: Unsupported Systems

End-of-Life (EOL) hardware or software that no longer receives security patches. A massive vulnerability.

10
New cards

Attack Surface: Unsecure Networks

📡 Any network that allows for eavesdropping. (e.g., Public Wi-Fi, Bluetooth, unencrypted wired traffic).

11
New cards

Attack Surface: Open Service Ports

🚪 A service (like SSH, RDP, Telnet) listening for connections. If unneeded or unpatched, it's a huge vulnerability.

12
New cards

Attack Surface: Default Credentials

🔑 Using the factory-set username/password (e.g., admin/password). A common IoT and router vulnerability.

13
New cards

Vector: Supply Chain

🤝 An attack vector that compromises a trusted vendor (e.g., an MSP, software supplier) to attack their customers.