Home
Explore
Exams
Search for anything
Login
Get started
Home
CMSC 426 Lecture 3
CMSC 426 Lecture 3
0.0
(0)
Rate it
Studied by 0 people
View linked note
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Card Sorting
1/40
There's no tags or description
Looks like no tags are added yet.
Study Analytics
All
Learn
Practice Test
Matching
Spaced Repetition
Name
Mastery
Learn
Test
Matching
Spaced
No study sessions yet.
41 Terms
View all (41)
Star these 41
1
New cards
Attacker
An individual, group, or entity attempting to compromise the confidentiality, integrity, and availability of information systems.
2
New cards
Types of attackers
Script Kiddies, Cybercriminals, Hacktivists, Advanced Persistent Threats (APTs).
3
New cards
APTs
Resource-rich threat actors that target long-term objectives, examples include APT1 and Sandworm.
4
New cards
Offensive security
A proactive approach to computer security involving red teaming and penetration testing.
5
New cards
Reconnaissance
The phase where attackers gather information using techniques such as OSINT and social engineering.
6
New cards
Weaponization & Development
Creating tailored payloads and determining target connection methods based on gathered intelligence.
7
New cards
Delivery methods
Techniques used to deliver payloads, including social engineering and phishing emails.
8
New cards
Initial Access, Exploitation, & Execution
Executing crafted code or malware on the target system.
9
New cards
Installation & Persistence
Installing additional malware to establish persistent access.
10
New cards
Command & Control
The stage where the compromised system communicates with the attacker's server.
11
New cards
Discovery, Escalation, & Lateral Movement
Gathering more information, escalating privileges, and compromising additional systems.
12
New cards
Actions on Objective
Completing the attacker’s mission such as data exfiltration or disruption.
13
New cards
Incident Response (IR)
The process of detecting and responding to cyber incidents to minimize damage.
14
New cards
Main phases of Incident Response
Detection, Response (Containment), Mitigation, Recovery, and Reporting.
15
New cards
Detection phase
Identifying suspicious activity through monitoring and logging.
16
New cards
Response (Containment) phase
Containing the incident to limit damage and isolate affected systems.
17
New cards
Mitigation phase
Analyzing the incident to determine its cause and securing systems against exploited vulnerabilities.
18
New cards
Recovery phase
Returning systems to a stable state post-incident.
19
New cards
Reporting phase
Documenting the incident and outlining lessons learned.
20
New cards
Antivirus Software (AV)
Software that detects, blocks, and removes malware through various methods.
21
New cards
Intrusion Detection System (IDS)
A system that monitors for signs of malicious activity and alerts administrators.
22
New cards
Difference between IDS and IPS
IDS detects and alerts, while IPS actively blocks threats.
23
New cards
Endpoint Detection and Response (EDR)
A security solution monitoring endpoint activities for threats.
24
New cards
Security Information and Event Management (SIEM)
Aggregates logs and alert data for centralized event management.
25
New cards
Indicators of Compromise (IOCs)
Artifacts left by attacks, such as malicious file hashes and IP addresses.
26
New cards
Tactics, Techniques, and Procedures (TTPs)
Methods and behaviors used by threat actors during attacks.
27
New cards
Entry Point in cybersecurity
The initial access vector through which attackers gain system access.
28
New cards
Difference between vulnerability and exploit
A vulnerability is a weakness; an exploit is a technique to take advantage of that weakness.
29
New cards
Command injection
An attack where unsanitized user input is passed to system commands.
30
New cards
Techniques used in command injection attacks
Appending commands using separators and piping outputs.
31
New cards
Defenses against command injection
Input validation, sanitization, escaping dangerous characters, whitelists.
32
New cards
SQL Injection attack
Inserting user input directly into an SQL query to manipulate databases.
33
New cards
Prevention strategies for SQL Injection
Input validation, sanitization, using stored procedures.
34
New cards
Cross-Site Scripting (XSS)
A vulnerability where attackers inject malicious JavaScript into websites.
35
New cards
Types of XSS attacks
Stored (persistent) XSS and reflected XSS.
36
New cards
Defenses against XSS
Secure input handling, sanitizing user input, Content Security Policies.
37
New cards
Basic structure of an HTTP request
Method, path, HTTP version, headers, and optional body.
38
New cards
Basic structure of an HTTP response
HTTP version, status code, headers, and response data.
39
New cards
Common HTTP methods
GET (retrieve data) and POST (send data).
40
New cards
Cookies in HTTP
Small data pieces stored in a user's browser for maintaining state.
41
New cards
Maintaining sessions using cookies
Server sends cookies that browsers return with subsequent requests.
Explore top notes
Chapter 11: Globalization and the Future of Comparative Politics
Updated 804d ago
Note
Preview
Chapter 6: Civil Rights
Updated 796d ago
Note
Preview
Abortion
Updated 1144d ago
Note
Preview
What was Early Fiji like?
Updated 249d ago
Note
Preview
Entrecultures 3 - Unité 2 Dècouvrons 3: Présenter une hypothèse, Et si...?
Updated 967d ago
Note
Preview
conscience and virtue
Updated 990d ago
Note
Preview
What is Anthropology?
Updated 406d ago
Note
Preview
Major Political Events in 1868-1900s
Updated 1132d ago
Note
Preview
Explore top flashcards
spanish vocab unit 5: en la cuidad
Updated 910d ago
Flashcards (54)
Preview
English Stuff
Updated 456d ago
Flashcards (68)
Preview
Mentor - Cinderella (AP Lit)
Updated 534d ago
Flashcards (39)
Preview
Consejos para Mejorar la Salud y el Bienestar
Updated 100d ago
Flashcards (26)
Preview
BIOL1020 Week 6 : Gene Regulation in Prokaryotes and Eukaryotes
Updated 413d ago
Flashcards (21)
Preview
ap psych units 1-7 review
Updated 919d ago
Flashcards (355)
Preview
History KT5 - Salem
Updated 211d ago
Flashcards (40)
Preview
AP Computer Science A Ultimate Guide
Updated 598d ago
Flashcards (60)
Preview