1/43
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
Specialized Systems
Refers to non-traditional computing environments such as industrial control systems and technologies involving NFC
Jailbreaking
Enables a user to obtain root privileges, sideload apps, change or add carriers, and customize the interface of an iOS device
Biggest security risk is the removal of vendor security protections
Rooting
Enables a user to obtain root privileges, sideload apps, change or add carriers, and customize the interface of an Android device
Biggest security risk is the removal of vendor security protections
Custom Firmware / Custom ROM
A new Android OS image that can be applied to a device
Systemless Root
Does not modify system partitions or files and is less likely to be detected than a custom ROM
Sideloading
Installs an app on a mobile device directly from an installation package instead of an official store
Device Configuration Profiles / Protocols
Implement settings and restrictions for mobile devices from centralized mobile device management systems
MicroSD Hardware Security Module (HSM)
Stores the different cryptographic keys securely inside the mobile device, like a TPM module in a desktop or laptop
Operating System Layer - VPN
Always on
Application Layer - VPN
Per-app basis
Web-Based Layer - VPN
Location masking
Location Services
Refers to how a mobile device is allowed to use cellular data, Wi-Fi, GPS, and Bluetooth to determine its physical location
Geolocation
Uses a device’s ability to detect its location to determine if access to a particular resource should be granted
Geofencing
Creates virtual boundaries based on geographical locations and coordinates
Geotagging
Adds location metadata to files or devices
Mobile Security Framework (MobSF)
Automated, all-in-one mobile application pentesting framework that can perform static and dynamic analysis
APK Files and IPA Files
APK is the package file format used by Android OS for the distribution and installation of mobile apps
IPA files are the equivalent for Apple’s iOS
Frida
Open-source tool that provides powerful capabilities for penetration testing across various operating systems
Used for dynamic analysis and hooking into running applications to inspect and manipulate data during mobile penetration testing
Drozer
A comprehensive security and attack framework for Android
Android Debug Bridge (ADB)
Versatile command-line tool that allows testers to communicate with an Android device
Bluejacking
Practice of sending unsolicited messages to Bluetooth-enabled devices, this can be done using the device’s Bluetooth messaging feature
Bluetooth Spamming
Sends multiple unsolicited messages or files to Bluetooth devices, often to overwhelm or spread malware
Radio Frequency Identification (RFID)
A form of radio frequency transmission modified for use in authentication systems
EM4100
Older RFID badges relied on this system which uses 125 kilohertz technologies
Near Field Communication (NFC)
Uses radio frequency to send electromagnetic charge containing the transaction data over a short distance
Prompt Injection Attacks
Targets AI systems that rely on user inputs to generate responses
Implement input validation and sanitization
Model Manipulation
Tampering with an AI model’s parameters, training data, or operational environment to alter its behavior
Ensure the integrity of the training data
Monitor the training process for any anomalies
Safeguard the AI model’s environment with robust security measures
Implement continuous monitoring and validation of the model’s outputs
Operational Technology (OT)
Designed to implement an industrial control system rather than business and data networking systems
Think about technology that interacts with the real world
Industrial Control System (ICS)
Provides the mechanisms for workflow and process automation by using embedded devices
Single plant or system
Fieldbus
Links different programmable logic controllers together
Programmable Logic Controller (PLC)
Enables automation in assembly lines, autonomous field operations, robotics, and other applications
Can be programmed to conduct an action based on an input it receives from a given sensor
Human-Machine Interface (HMI)
Input and output controls on a PLC that allow a user to configure and monitor the system
Ladder Logic
Programming language entered into the system through the creation of a graphical diagram used in the PLCs
Data Historian
Aggregates and catalogs data from multiple sources within an ICS by collecting all the events generated from the control loop
Supervisory Control and Data Acquisition (SCADA)
A type of ICS that manages large scale, multiple-site devices and equipment over a geographic region from a host computer
Many different ICS and / or DCS plants interconnected through a wide area network
Controller Area Network (CAN)
Designed to allow communications between embedded programmable logic controllers
With a car-based CAN, a user can connect to the controller area network using the OBD-II port
On-Board Diagnostic II (OBD II) Port
Designed for troubleshooting by plugging a diagnostic tool into the OBD-II port and receiving a code indicating the vehicle issue
Controller Area Network (CAN) Bus
A contention-based network like Ethernet, meaning devices send data and, if a collision occurs, they resend the data
Modbus
Gives control servers and the SCADA host the ability to query and change configurations of each PLC over a network
Data Distribution Service (DDS)
Provides network interoperability and facilitates the required scalability, performance, and QoS features
Safety Instrumented System (SIS)
Composed of sensors, logic solvers, and control elements to return an industrial process to a safe state after detecting a predetermined condition
Wireshark
A network protocol analyzer that captures and inspects packets in real-time
Tcpdump
A command-line packet analyzer used to capture and display packet headers
Scapy
Used for packet crafting, manipulation, and network testing