Ben's Notes

Application Attack

Malicious activities or techniques targeting web applications.

Buffer overflow

Occurs when a buffer exceeds its storage capacity, leading to data spillover into other memory locations.

SSL Stripping

A MITM attack downgrading secure HTTPS connections to insecure HTTP connections.

Pass the Hash

Hacking technique using hashed values for authentication.

Directory traversal attack

Unauthorized access attempt to bypass restrictions and execute commands on a web server.

Race condition

Data inconsistencies and vulnerabilities due to multiple processes sharing resources without synchronization.

Application whitelisting

Only approved software allowed to run on a system.

Refactoring

Enhancing code structure without altering external behavior.

Shimming

Code layer enhancing compatibility between software components.

RFC (Request for Comment)

document series that sets the standards of design, development, and implementation of internet standards

CVE (Common Vulnerabilities and Exposures)

document series that sets the standards of design, development, and implementation of internet standards

NVD (National Vulnerability Database)

Government repository for vulnerability management data.

TTP (Tactics, Techniques, and Procedures)

Methods used by attackers in conducting attacks.

CVSS (Common Vulnerability Scoring System)

Framework quantifying security vulnerability severity.

STIX (Structured Threat Information Expression)

Framework for exchanging cybersecurity threat intel.

TAXII (Trusted Automated Exchange Indicator Information)

Framework for relaying cybersecurity threat information.

HIPS (Host-based Intrusion Prevention System)

Security tech protecting hosts from intrusions malicious activities.

SIEM (Security Information and Event Management)

Collects log data and takes security actions.

PCAP (Packet Capture)

Software tool analyzing network traffic.

SOAR (Security Orchestration, Automation, and Response)

combines security orchestration and automation with incident response to improve efficiency of security operations

DLP (Data Loss Prevention)

Defines data sharing and protection to prevent unauthorized access.

Hot Site

Fully operational off-site facility.

Warm Site

Partially equipped off-site facility.

Cold Site

Off-site facility with physical space but lacking technological infrastructure.

MSP (Managed Service Provider)

Ensures operational IT systems.

MSSP (Managed Security Service Provider)

Ensures secure and reliable IT operations.

Data sanitization

Erasing data to prevent recovery.

Normalization

Standardizing data format.

Baselining

Monitoring network performance by comparing to historical levels.

Code obfuscation

Making applications challenging to disassemble.

VM Sprawl

Ineffective management due to excessive virtual machines.

VM escape

Attacker gaining hypervisor access through VM code.

OWASP (Open Worldwide Application Security Project)

Community providing web app security resources.

TOTP (Time-based One Time Password)

Algorithm generating one-time passwords.

FAR (False Acceptance Rate)

Rate of unauthorized access in biometric security.

FRR (False Rejection Rate)

Rate of authorized user rejection in biometric security.

RAID (Redundant Array of Independent Disks)

Technology combining hard drives for performance and redundancy.

UPS (Uninterruptible Power Supply)

Emergency power source.

Restore point

File-based representation of a VM's current state.

RSA (Rivest-Shamir-Adleman)

RSA is one of the most widely used asymmetric encryption algorithms. It relies on the difficulty of factoring large prime numbers. The algorithm generates a public-private key pair, where the public key is used for encryption, and the private key is used for decryption. RSA is often employed in secure email communication, SSL/TLS protocols, digital signatures, and key exchange.

Diffie-Hellman (DH)

Diffie-Hellman is a key exchange algorithm that allows two parties to establish a shared secret key over an insecure communication channel. It enables secure communication even if an eavesdropper intercepts the exchange. Diffie-Hellman is used in various protocols such as SSL/TLS, IPsec, and secure email

ECC (Elliptic Curve Cryptography)

ECC is a family of asymmetric algorithms based on the mathematics of elliptic curves over finite fields. ECC provides the same level of security as RSA but with smaller key sizes, making it computationally efficient. It is commonly used in resource-constrained environments such as mobile devices and Internet of Things (IoT) devices. ECC is utilized in SSL/TLS, digital signatures, and secure key exchange.

DSA (Digital Signature Algorithm)

DSA is a widely used algorithm for creating and verifying digital signatures. It provides authentication, integrity, and non-repudiation of digital documents. DSA uses the mathematics of modular exponentiation and discrete logarithms. It is commonly used in digital certificates, secure email, and secure file transfers

DNSSEC

Ensures secure communication with correct websites.

Incremental backups

Backing up changed data since the last backup.

Snapshot backups

Capturing system state at a specific time.

SCADA (Supervisory Control and Data Acquisition)

Monitors and controls industrial processes and infrastructure.

ICS (Industrial Control System)

Controls industrial systems, often with SCADA.

MFD/MFP (Multi-Function Device/Multi-Function Printer)

Device combining multiple functionalities.

RTOS (Real-time Operating System)

OS for real-time applications when timing is critical.

POSIX (Portable Operating System Interface)

standards that define an interface between applications and operating systems

HSM (Hardware Security Module)

a hardware device securing cryptographic keys and operations.

Zigbee

wireless communication protocol for low-power, low-data rate devices (IoT devices)

ANT+

Wireless protocol for low-latency sports/health monitoring.

Extranet

Extended network access for external parties.

Degaussing

Erasing data from magnetic media.

tail

Displays the last part of a file or stream.

openssl

Open-source library for cryptography.

grep

Searches and filters text based on patterns.

Nmap

Network scanning

MTTR (Mean Time To Recovery)

The amount of time it’ll take to repair a system

MTTF (Mean Time to Failure)

The amount of time until a system is expected to fail

RTO (Recovery Time Objective)

The maximum amount of time that is tolerable to have the systems down

DAC (Discretionary Access Control)

Access to a resource is outlined by the owner

COPE (Corporate Owned Personally-Enabled)

MDM strategy where organizations provide devices, while allowing limited personal use

VDI (Virtual Desktop Infrastructure)

Technology that allows OS and apps to be hosted and delivered to end-user devices over a network

DNS Sinkhole

Manipulating DNS responses to redirect traffic from malicious domains to a non-existent or controlled destination

Dump

The process of capturing the contents inside of a computer’s RAM at a specific moment

POST (Power-On Self Test)

Tests performed by a computer system to verify hardware components are functioning properly during start-up

Kerberos

A network authentication protocol that provides secure authentication for client-server applications over an untrusted network, helps prevent eavesdropping, replay attacks, and unauthorized access

HSM (Hardware Security Module)

Tamper-resistant hardware device designed for secure key management, used to safeguard sensitive information like cryptography keys, certificates, and other critical data

Screened subnet or DMZ

A network architecture design that separates the internal network from the internet (like a network air gap)

VPN concentrator or VPN gateway

Networking device that enables secure remote access to a private network over the internet

IMAP (Internet Message Access Protocol)

Email retrieval protocol that allows clients to manage emails stored on the mail server

S/MIME

A standard for securing email messages with encryption and digital signatures

Data Custodian

A team or individual responsible for the storage, management, and protection of data

ALE (Annualized Loss Expectancy)

The expected financial impact of a specific risk over one year

SLE (Single Loss Expectancy)

The expected loss of revenue from a specific risk

ARO (Annualized Rate of Occurrence)

The frequency of the specific event occurring within a one-year period

Containerization

a type of virtualization in which all the components of an application are bundled into a single container image and can be run in isolated user space on the same shared operating system

Normalization

organizes data within a database, allowing it to run smoother

One Time Password

an algorithm that generates a one time password

CER

the overall accuracy of the biometric system

curl

command line tool that is used for making HTTP requests and interacting with web servers, can be used to download files, send data to web servers, and test APIs.

head

command used to display the first few lines of a file or beginning of a stream

tracert

command that is used to trace the route a packet takes from the source device to the destination device

netstat

command used to view active network connections, listening ports,

routing tables

netcat

command that is used to establish and interact with network connections, can be used for data transmission, port scanning, file transfer, and testing

digg

command used for querying DNS servers to get information about domain names, IP addresses, and more.

pathping

combines the features of ping and tracert

hping

used for security auditing and testing of firewalls and networks

chmod

sets permissions of file or directories

STP frame (Spanning Tree Protocol

a network protocol used to prevent loops in Ethernet networks

MTU (Maximum Transmission Unit);;

the maximum size of a data packet that can be transmitted over a network protocol without fragmentation

BPDU (Bridge Protocol Data Unit);;

unit of communication in STP protocol

Jump server;;

a dedicated system used as an access point for connecting and managing other systems in a network

NAT (Network Address Translation);;

process for translating IP address between different network domains, Layer 3, used to overcome IPv4 limitations by allowing multiple devices with private IP address to share a single public IP address

Geofencing;;

technology that allows the creation of virtual boundaries around realworld geographic areas

OTG (On-the-go);;

enables direct USB connection between devices