Jason Dion Security+ with accurate solutions + explanations(pass guaranteed)

Confidentiality

Information has not been disclosed to unauthorized people

Ex: Encryption

Integrity

Information has not been modified or altered without proper authorization

Ex: Hashing

Availability

Information is able to be stored, accessed, or protected at all times

Ex: Redundancy

Authentication

When a person's identity is established with proof and confirmed by a system

Authorization

Occurs when a user is given access to a certain piece of data or certain areas of a building

Accounting

Tracking of data, computer usage, and network resources

White Hats

Non-malicious hackers who attempt to break into a company's systems at their request

Ex: Ethical Hackers, Penetration Testers

Black Hats

Malicious hackers who break into computer systems and networks without authorization or permission

Gray Hats

Hackers without any affiliation to a company who attempt to break into a company's network but risk the law by doing so

Blue Hats

Hackers who attempt to hack into a network with permission of the company but are not employed by the company

Ex: Bug Bounties

Elite

Hackers who find and exploit vulnerabilities before anyone else does

Script Kiddies

Hackers with little to no skill who only use the tools and exploits written by others

Hacktivists

Hackers who are driven by a cause like social change, political agendas, or terrorism

Organized Crime

Hackers who are part of a crime group that is well-funded and highly sophisticated. They are in it for the money

Advanced Persistent Threats

Highly trained and funded groups of hackers (often by nation states) with covert and open-source intelligence at their disposal

Open-Source Intelligence (OSINT)

Methods of obtaining information about a person or organization through public records, websites, and social media

Threat Hunting

A cyber security technique designed to detect presence of threat that have not been discovered by a normal security monitoring. Establish a hypothesis and profile threat actors and activities.

Kill Chain

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion. An older, linear model.

Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control (C2), Actions on Objectives

MITRE ATT&CK Framework

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures (attack.mitre.org). Not linear, uses matrices.

Diamond Model of Intrusion Analysis

A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim

Virus

Malicious code that runs on a machine without the user's knowledge and infects the computer when executed. Require a user action in order to reproduce and spread

Boot Sector Virus

These viruses are stored in the first sector of a hard drive and are loaded into memory upon boot up

Macro Virus

Virus embedded into a document and is executed when the document is opened by the user.

Ex: MS word docs, excel spreadsheets, ppt, etc.

Program Virus

Program viruses that infect an executable or application.

Ex: Anytime you open MW word you load that virus

Multipartite Virus

Virus that combines boot and program viruses to first attach itself to the boot sector and system files before attacking other files on the computer

Encrypted Virus

A virus that encrypts itself to avoid detection from antivirus software

Polymorphic Virus

Advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection

Metamorphic Virus

Virus that is able to rewrite itself entirely before it attempts to infect a file (advanced version of polymorphic virus)

Stealth Virus

A category of viruses. Viruses using techniques to avoid to detection.

Ex: Encrypted, Polymorphic, Metamorphic

Armored Virus

Viruses that have a layer of protection to confuse a program or person analyzing it

Hoax Virus

Trying to trick a user into infecting their own machine

Ex: A fake phone call from Microsoft saying you have a virus, follow these steps to fix it

Worm

Malicious software, like a virus, but is able to replicate itself without user interaction

Trojan Horse

Malicious software that is disguised as a piece of harmless or desirable software. Perform desired functions but does malicious functions too.

Remote Access Trojan (RAT)

Provides the attacker with remote control of a victim computer and is the most commonly used type of Trojan. Placed by an attacker to maintain persistent access.

Ransomware

Malware that restricts access to a victim's computer system until a ransom is received

Spyware

Malware that secretly gathers information about the user without their consent

Ex: Keylogger

Adware

Displays advertisements based upon its spying on you

Grayware

Software that isn't benign nor malicious and tends to behave improperly without serious consequences

Ex: Crazy mouse

Rootkit

Software designed to gain administrative level control over a system without detection. Are activated before booting the operating system and are difficult to detect. DLL Injection and Driver Manipulation are methods used to accomplish this

Spam

Activity that abuses electronic messaging systems, most commonly through email. Often exploit a company's open mail relays to send their messages

Watering Hole Attack

Malware is placed on a website that you know your potential victims will access

Typo Squatting

Redirecting a user to a fictitious website based on a misspelling of the URL. Also called URL hijacking.

Botnet

A collection of compromised computers under the control of a master node

Active Interception

Occurs when a computer is placed between the sender and receiver and is able to capture or modify the traffic between them

Privilege Escalation

Occurs when a user is able to gain the rights of another user or administrator

Logic Bomb

Malicious code that has been inserted inside a program and will execute only when certain conditions have been met

Easter Egg

Non-malicious code that when invoked, displays an insider joke, hidden message, or secret feature

Dropper and Downloader

Dropper- Malware designed to install or run other types of malware embedded in a payload on an infected host. Initiates the attack

Downloader- A piece of code that connects to the Internet to retrieve additional tools after the initial infection by a dropper

Shellcode

Any lightweight code designed to run an exploit on the target, which may include any type of code format from scripting languages to binary code

Code Injection

Exploit technique that runs malicious code with the identification number of a legitimate process

Living Off the Land

Exploit techniques that use standard system tools and packages to perform intrusions. The attacker is using your own tools against you for bad.

Host-Based Firewall

Software application that protects a single computer from unwanted Internet traffic

Intrusion Detection System (IDS)

Device or software application that monitors a system or network and analyzes the data passing through it in order to identify an incident or attack. Can only alert or log suspicious activity.

Intrustion Prevention System (IPS)

Software or hardware that monitors patterns in the traffic flow to identify and automatically block attacks. Can stop malicious activity from being executed.

Detection Methods

Signature-based- A specific string of bytes triggers an alert

Policy-based- Relies on specific declaration of the security policy (i.e., 'No Telnet Authorized')

Anomaly-based- Analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average

Data Loss Prevention (DLP)

Systems designed to protect data by conducting content inspection of data being sent out of the network. Making sure data doesn't leave your network

Basic Input Output System (BIOS)

Firmware that provides the computer instructions for how to accept input and send output. BIOS and UEFI are used interchangeable

Network Attached Storage (NAS)

Storage devices that connect directly to your organization's network

Storage Area Network (SAN)

Network designed specifically to perform block storage functions that may consist of NAS devices

Software Encryption

More common and less expensive than hardware encryption. Can encrypt at the drive level (disk encryption) or at the file level.

Ex: Mac uses FileVault, Windows uses BitLocker

Trusted Platform Module (TPM)

A chip on the motherboard of the computer that provides cryptographic services. Use this to decrypt software encryption like Bitlocker.

Self-Encrypting Drive (SED)

Hardware based encryption. Storage device that performs whole disk encryption by using embedded hardware. Expensive and not as common as software based security.

Hardware Security Module (HSM)

Hardware based encryption. Physical devices that act as a secure cryptoprocessor during the encryption process. Most commonly an adapter card that plugs in through USB or a network attached device. High security, but more expensive and less common that software encryption.

Endpoint Protection Platform (EPP)

A software agent and monitoring system that performs multiple security tasks such as anti-virus, HIDS/HIPS, firewall, DLP, and file encryption. A Swiss Army knife of security tools. Uses signature based detection.

Endpoint Detection and Response (EDR)

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats. Like an EPP but uses behavioral and anomaly based detection.

User and Entity Behavior Analytics (UEBA)

A system that can provide automated identification of suspicious activity by user accounts and computer hosts. Basically has a baseline of good knowledge and compares everything to it to find suspicious activity

OPEN, WEP, WPA, WPA2, WPA3

Open- No Security

WEP- Old, bad, IV

WPA- Old, bad, TKIP and RC4

WPA2- CCMP and AES

WPA3- the newest and best wireless security

SIM Cloning

Allows two phones to utilize the same service and allows an attacker to gain access to the phone's data

Bluejacking

Sending of unsolicited messages to Bluetooth-enabled devices

Bluesnarfing

Unauthorized access of information from a wireless device over a Bluetooth connection

Remote Wipe

Remotely erases the contents of the device to ensure the information is not recovered by the thief

Mobile Device Management

Centralized software solution that allows system administrators to create and enforce policies across its mobile devices

Geotagging

Embedding of the geolocation coordinates into a piece of data (i.e., a photo)

Storage Segmentation

Creating a clear separation between personal and company data on a single device. Use this for BYOD, bring your own device

Hardening

Act of configuring an operating system securely by updating it, creating rules and policies to govern it, and removing unnecessary applications and services

Least Functionality

Process of configuring workstation or server to only provide essential applications and services

Application Whitelist

Only applications that are on the list are allowed to be run by the operating system while all other applications are blocked

Application Blacklist

Any application placed on the list will be prevented from running while all others will be permitted to run

Trusted Operating System (TOS)

An operating system that meets the requirements set forth by government and has multilevel security

Ex: Windows 7, MAC OS X 10.6, etc.

Patch Management

Process of planning, testing, implementing, and auditing of software patches

Group Policy

A set of rules or policies that can be applied to a set of users or computer accounts within the operating system

Ex: § Password complexity § Account lockout policy § Software restrictions § Application restrictions

Baselining

Process of measuring changes in the network, hardware, and software environment. Establishes what is normal so you can find deviations

New Technology File System (NTFS)

The default file system format for Windows and is more secure because it supports logging, encryption, larger partition sizes, and larger file sizes than FAT32

Due Diligence

A legal principle identifying a subject has used best practice or reasonable care when setting up, configuring, and maintaining a system

Trusted Foundry

A microprocessor manufacturing utility that is part of a validated supply chain (one where hardware and software does not deviate from its documented function)

Hardware Source Authenticity

The process of ensuring that hardware is procured tamper-free from trustworthy suppliers

Hardware Root of Trust (ROT)

A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics. Used to scan the boot metrics and OS files to verify their signatures, which we can then use to sign a digital report

Trusted Platform Module (TPM)

A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information

Anti-Tamper

Methods that make it difficult for an attacker to alter the authorized execution of software

Unified Extensible Firmware Interface (UEFI)

A type of system firmware providing support for 64-bit CPU operation at boot, full GUI and mouse operation at boot, and better boot security. Basically the same thing as BIOS.

Secure Boot

A UEFI feature that prevents unwanted processes from executing during the boot operation

Measured Boot

A UEFI feature that gathers secure metrics to validate the boot process in an attestation report

Attestation

A claim that the data presented in the report is valid by digitally signing it using the TPM's private key

eFUSE

A means for software or firmware to permanently alter the state of a transistor on a computer chip

Trusted Firmware Updates

A firmware update that is digitally signed by the vendor and trusted by the system before installation

Self-Encrypting Drives

A disk drive where the controller can automatically encrypt data that is written to it

Secure Processing

A mechanism for ensuring the confidentiality, integrity, and availability of software code and data as it is executed in volatile memory

Processor Security Extensions

Low-level CPU changes and instructions that enable secure processing

Trusted Execution

The CPU's security extensions invoke a TPM and secure boot attestation to ensure that a trusted operating system is running

Secure Enclave

The extensions allow a trusted process to create an encrypted container for sensitive data