COMPTIA SECURITY + 701 SECTION 2

Nation-state Attackers

(2.1 Threat Actors and Conversations) Attackers who are directly employed by the government.

Unskilled Attacker

(2.1 Threat Actors and Conversations) Uses existing computer scripts or code to launch attacks.

Hacktivist

(2.1 Threat Actors and Conversations) Launches attacks as part of an activist movement or to further cause.

Insider Threat

(2.1 Threat Actors and Conversations) Anyone with legitimate access to an organizations internal resources.

Organized Crimes

(2.1 Threat Actors and Conversations) Composed of a group of individuals working together in criminal activities.

Shadow IT

(2.1 Threat Actors and Conversations) Any unauthorized systems or applications within an organization, including cloud services.

Attacker Attributes

(2.1 Threat Actors and Conversations) Differences between attackers are whether an attacker comes from an internal or external source, the resources and funding available to the attacker and the attackers level of sophistication and capability

Data Exfiltration

(2.1 Threat Actors and Conversations) Moving data outside of an area where it is allowed to a place where it is not allowed.

Motivations of Attackers

(2.1 Threat Actors and Conversations) Includes data exfiltration, service disruption, blackmail, financial gain, philosophical/political beliefs, ethical hacking, revenge, espionage, and war.

Message-Based

(2.2 Common Threat Vector and Attack Surfaces) Includes phishing, spear phishing, and whaling attacks. Start with emails.

Image-based

(2.2 Common Threat Vector and Attack Surfaces) Threat vectors involve embedding malicious code within image files or using steganography to hide data within an image.

File-Based

(2.2 Common Threat Vector and Attack Surfaces) Involve malicious code hidden in seemingly innocuous files, such as documents or spreadsheets.

Voice Call

(2.2 Common Threat Vector and Attack surfaces) Include phone-based engineering attacks, where attackers impersonate trusted individuals or organizations to manipulate victims into revealing sensitive information or granting access to secure systems.

Removable Device

(2.2 Common Threat Vector and Attack surfaces) Attackers exploit devices like USB or external hard drives, by loading them with software.

Vulnerable Software (Software-based)

(2.2 Common Threat Vector and Attack surfaces) Exploiting vulnerabilities in software either through client-based attacks (Exploiting software installed on users’ devices) or agentless attacks (Directly targeting web application or services.)

Unsupported systems and applications (System-based)

(2.2 Common Threat Vector and Attack surfaces) Vulnerabilities in computer systems such as unsupported operating systems, vulnerable applications, hardware issues, open service ports, or default credentials.

Network-based

(2.2 Common Threat Vector and Attack surfaces) Attack vector that focuses on exploiting weaknesses in network infrastructure, whether through unsecured wired or wireless networks or vulnerable Bluetooth connections.

Supply Chain

(2.2 Common Threat Vector and Attack surfaces) Target the relationships btween organizations and their managed service providers (MSPs), vendors, or suppliers.

Social Engineering

(2.2 Common Threat Vector and Attack surfaces) The practice of using social tactics to gain information.

Phishing

(2.2 Common Threat Vector and Attack surfaces) The practice of sending emails to users to trick them into revealing personal information or clicking on a link.

Vishing

(2.2 Common Threat Vector and Attack Surfaces) Use the phone system to trick users into giving up personal and financial information. Often uses Voice over IP (VoIP) technology allowing the attacker to spoof caller ID, making it appear as though the call came from a real company.

Smishing

(2.2 Common Threat Vector and Attack surfaces) Form of phishing that uses text instead of email.

Misinformation/disinformation

(2.2 Common Threat Vector and Attack Surfaces) An attacker provides false information to their target to influence them to take some action or disclose some information.

Impersonation

(2.2 Common Threat Vector and Attack surfaces) Convince an authorized user to provide some information or help the attacker defeat a security control.

Business Email Compromise (BEC)

(2.2 Common Threat Vector and Attack Surfaces) A type of targeted attack that seeks to exploit the trust and authority of high-level executives or other key personnel within an organization.

Pretexting

(2.2 Common Threat Vector and Attack surfaces) An attacker makes up a convincing story or scenario to manipulate a target into providing sensitive information or granting access to restricted systems or areas.

Watering Hole

(2.2 Common Threat Vector and Attack Surfaces) Attempts to discover which websites a group of people are likely to visit and then infect those websites with malware that can affect visitors.

Brand Impersonation

(2.2 Common Threat Vector and Attack surfaces) Attackers pose as a well-known and trusted company or brand to deceive their targets.

Typo squatting

(2.2 Common Threat Vector and Attack Surfaces) Someone buys a domain name that is similar in name to a legitimate domain name.

Memory Injection

(2.3 Explain Various Types of Vulnerabilities) An attacker exploits a vulnerability and overwrites memory locations with their own code.

Buffer Overflow

(2.3 Explain Various types of Vulnerabilities) An application receives more input, or different input, than it expects.

Race Conditions

(2.3 Explain Various types of Vulnerabilities) When two or more applications attempt to access a resource simultaneously.

Time-of-check (TOC)/Time of Use (TOU)

(2.3 Explain Various types of Vulnerabilities) The attacker tries to race the Target of evaluation (TOE) system to do something malicious with data after the operating system verifies access is allowed (Time of Check) but before the operating system performs a legitimate action at the time of use. (Page 357)

Structured Query Language injection (SQLi)

(2.3 Explain Various types of Vulnerabilities) The attacker enters additional data into the webpage form to generate different SQL statements.

Cross-site Scripting (XSS)

(2.3 Explain Various types of Vulnerabilities) A web application vulnerability that allows attackers to inject scripts into web pages.

End-of-Life (EOL) Hardware

(2.3 Explain Various types of Vulnerabilities) Hardware that has reached the end of its useful life, either because it is no longer supported by the manufacturer or because it is too outdated.

Legacy Hardware

(2.3 Explain Various types of Vulnerabilities) The older computer hardware that is no longer being manufactured or widely used in the industry.

Virtualization

(2.3 Explain Various Types of Vulnerabilities) Allows multiple virtual servers to operate on a single physical server providing increased cybersecurity resilience with lower operating costs.

Virtual Machine (VM) Escape

(2.3 Explain Various types of Vulnerabilities) An attack that allows an attacker to access the host system from within a virtual guest system.

Resource Reuse

(2.3 Explain Various types of Vulnerabilities) The potential for data or resources to remain on a shared infrastructure even after a customer has finished using them,

Supply Chain

(2.3 Explain Various types of Vulnerabilities) Includes all the elements required to produce and sell a product.

Misconfiguration

(2.3 Explain Various types of Vulnerabilities) Can take down a server, disable a network, stop email communications, and even stop all network traffic for an entire enterprise.

Side Loading

(2.3 Explain Various types of Vulnerabilities) Copying an application package in the Application Packet Kit (APK) format to the device and then activating it.

Jailbreaking

(2.3 Explain Various types of Vulnerabilities) Removing all software restrictions from an apple device.

Zero-Day

(2.3 Explain Various types of Vulnerabilities) A vulnerability that is unknown to the vendor, so the vendor has not released a patch.

Ransomware

(2.4 Analyze Indicators of Malicious Activity) Malware takes control of a user’s system or data and there’s an attempt to extort payment from the victim.

Trojan

(2.4 Analyze Indicators of Malicious Activity) Something that appears to be useful, but includes a malicious component, such as installing a backdoor on a user’s system.

Worm

(2.4 Analyze Indicators of Malicious Activity) Self-replicating malware that travels throughout a network without the assistance of a host application or user interaction.

Spyware

(2.4 Analyze Indicators of Malicious Activity) Monitors a users computer and often includes a keylogger.

Bloatware

(2.4 Analyze Indicators of Malicious Activity) Describes programs a user may not want, even if they consented to downloading them.

Virus

(2.4 Analyze Indicators of Malicious Activity) Malicious code that attaches itself to a host application.

Keylogger

(2.4 Analyze Indicators of Malicious Activity) Capture a user’s keystrokes and store them in a file. The file is automatically sent to an attacker or manually retrieved depending on this.

Logic Bomb

(2.4 Analyze Indicators of Malicious Activity) Executes in response to an event, such as when a specific application is executed, or specific time arrives.

Rootkit

(2.4 Analyze Indicators of Malicious Activity) A program that gains administrative access on the system to provide the attacker with administrative privileges and hide the fact that the system has been infected or compromised by malicious code.

Brute Force

(2.4 Analyze Indicators of Malicious Activity) Attempt to simply crash right through physical security controls.

Radio Frequency Identification (RFID) cloning

(2.4 Analyze Indicators of Malicious Activity) An attacker could mimic the tag attached to a valuable object.

Environmental

(2.4 Analyze Indicators of Malicious Activity) Attacks revolving around the destruction of environmental conditions (i.e. Cutting off power to a facility, raising the temperature to cause equipment overheating, flooding it with water, or causing a similar catastrophe.

Distributed Denial of Service (DDoS)

(2.4 Analyze Indicators of Malicious Activity) An attack from two or more computers against a single target.

Amplified DDoS

(2.4 Analyze Indicators of Malicious Activity) It combines reflection techniques with amplification to generate even greater traffic directed at the target.

Reflected DDoS

(2.4 Analyze Indicators of Malicious Activity) An attacker sends requests to a third-party server with a spoofed IP address, which appears to be the target’s IP address.

Domain Name Attacks (DNS) attacks

(2.4 Analyze Indicators of Malicious Activity) Attempts to modify or corrupt DNS data stored on a DNS server.

On-Path (Man-in-the-middle) Attack

(2.4 Analyze Indicators of Malicious Activity) A form of active eavesdropping. It captures data from two other computers in a session.

Credential Replay

(2.4 Analyze Indicators of Malicious Activity) Replaying credentials that were part of a communication session.

SQL Injection (SQLi)

(2.4 Analyze Indicators of Malicious Activity) The attacker enters additional data into the webpage form to generate different SQL statements.

Buffer Overflow

(2.4 Analyze Indicators of Malicious Activity) An application receives more input, or different input than it expects.

Replay

(2.4 Analyze Indicators of Malicious Activity) an attacker replays data that was already part of a communication session.

Privilege Escalation

(2.4 Analyze Indicators of Malicious Activity) Penetration testers use these techniques to gain more access to target systems.

Forgery

(2.4 Analyze Indicators of Malicious Activity) An attacker creates a fake identity, certificate, file, or other object in an attempt to fool an unsuspecting user on the system.

Directory Transversal

(2.4 Analyze Indicators of Malicious Activity) Injection attack that attempts to access a file by including the full directory path or traversing the directory structure on the computer.

Downgrade

(2.4 Analyze Indicators of Malicious Activity) Attack that forces a system to downgrade its security.

Collision (Hash Collision)

(2.4 Analyze Indicators of Malicious Activity) The hashing algorithm creates the same hash from different inputs.

Birthday

(2.4 Analyze Indicators of Malicious Activity) An attacker attempts to create a password that produces the same hash as the users actual password.

Spraying

(2.4 Analyze Indicators of Malicious Activity) An automated program starts with a large list of targeted user accounts. It then picks a password and tries it against every account in the list. It then picks another password and loops through the list again.

Brute Force

(2.4 Analyze Indicators of Malicious Activity) Attempts to guess all password combinations.

Indicators

(2.4 Analyze Indicators of Malicious Activity) Account lockouts, Concurrent session usage, Impossible travel time, Blocked content, Resource Consumption, Resource inaccessibility, Log anomolies, Out-of-Cycle logging, Published/Documented, Missing Logs

Segmentation

(2.5 Purpose of Mitigation Techniques) Places the system on an isolated network.

Access Control

(2.5 Purpose of Mitigation Techniques) Ensures that only authenticated and authorized entities can access resources. Ensures that only authenticated users who have been granted appropriate permissions can access files on a server.

Access Control List (ACLs)

(2.5 Purpose of Mitigation Techniques) Rules are implemented on routers (and on firewalls) to identify what traffic is defined.

Application Allow List

(2.5 Purpose of Mitigation Techniques) A list of authorized software, and it prevents users from installing or running software that isn’t on the list.

Application Block List

(2.5 Purpose of Mitigation Techniques) A list of unauthorized software and prevents users from installing or running software on the list.

Isolation

(2.5 Purpose of Mitigation Techniques) Ensures that one network isn’t connected to another network.

Patching

(2.5 Purpose of Mitigation Techniques) Ensuring that systems and applications stay up to date with current patches.

Encryption

(2.5 Purpose of Mitigation Techniques) Scrambles fata to make it unreadable by unauthorized personnel.

Monitoring

(2.5 Purpose of Mitigation Techniques) Includes routine security audits, regular reviews of access logs, ongoing vulnerability scanning, and analysis of incident response metrics.

Least Privelege

(2.5 Purpose of Mitigation Techniques) Individuals are only granted the privileges that they need to perform their assigned tasks or functions, but no more.

Configuration Management

(2.5 Purpose of Mitigation Techniques) Help organizations deploy systems with secure configurations and enforce requirements that those secure configurations remain in place.

Decommissioning

(2.5 Purpose of Mitigation Techniques) Retiring hardware that is no longer in use.

Host-Based firewall

7(2.5 Purpose of Mitigation Techniques) Monitors traffic going in and out of a single host.

Host-Based Intrusion Prevention System (HIPS)

(2.5 Purpose of Mitigation Techniques) Uses behavior analysis, file integrity monitoring, and application control to prevent unauthorized access, tampering, or other types of attacks.