Security+ Domain 1 Professor Messer Flashcards

Security+ Professor Messer Flashcards

Phishing

Someone pretending to be a company or organization such as your bank or phone company trying to get information from you such as log-in information.

Typosquatting

attacker takes advantage of common typing errors by registering domain names that are similar to popular websites or brands, in order to divert traffic or spread malware.

Prepending

A type of Typosquatting where there is a letter or something before the address of a real certified site.

Pretexting

type of social engineering attack that involves creating a false identity or purpose to gain access to otherwise confidential or protected information.

Pharming

Mass redirection from a legit website to a bogus site, usually with a poisoned DNS server or client vulnerabilities. Most combine pharming and phishing.

Vishing

Voice phishing, caller ID spoofing is common

Smishing

SMS Phishing

Reconnaissance

Gathering information on a victim or network

Spear Phishing

attack that uses personalized, targeted messages to trick victims into providing confidential information or transferring money.

Whaling

Spear phishing of high level people in a company or high level government officials

Dumpster Diving

Grabbing things from a dumpster that people have thrown out that might be important information

Shoulder Surfing

The looking at a screen of someone to find passwords or important information

Hoax

A threat that doesn’t actually exist, usually to get information or money out of the victim under the threat that something will happen. this could also be fake malware or viruses

Watering Hole Attack

A watering hole attack is a type of cyber attack where the attacker targets a specific group of people by infecting websites, applications, or online services they are known to visit.

Spam

Unsolicited Messages over email, forums, etc. where someone is trying to advertise something or do a phishing attack.

Influence Campaigns

A type of social engineering attack that is trying to change public opinion, sway public sentiment, or influence decision making.

Tailgating

Unauthorized people following through a door or into a secure building without proper authorization.

Invoice scam

Spear phishing the person that pays the invoices for the company or department and sending a fake invoice to them from a fake company for something they actually get, addressed is a spoofed version of the CEO

Credential harvesting

also called password harvesting, trying to find the passwords from your local computer

Malware

form of malicious software designed to damage, disrupt, or gain unauthorized access to a computer system or network.

Virus

Malware that reproduces itself, but needs you to execute the program before it does anything. It reproduces through file systems or through the network

Program Virus

Virus that is part of an application that when you run the application it will run the virus.

Boot sector virus

Virus that runs through the boot sector of the operating system, where when you boot up the operating system the virus is launched.

Script Virus

viruses/malware written in script programming languages, such as Visual Basic Script and JavaScript and are usually embedded in HTML documents.

Macro Viruses

a computer virus written in the same language used to create software programs such as Microsoft Excel or Word, that use macros to do things on the program. It centers on software applications and does not depend on the operating system

Fileless virus

A virus that never installs itself or saves itself as a file on your computer, it rather operates in the memory (RAM) of the computer, but does not install itself or goes into the storage device.

Worm

Malware that self replicates without needing a user to open it or execute it, using the network as a transmission medium.

Ransomware

Embedding malware on a system that asks for money to unlock or remove the malware from your computer. Many of these are hoaxes

Crypto-malware

A form of malware that encrypts all of the files on your computer, OS remains available. Usually a form of ransomware, where the attacker is asking for money to unlock the information.

Trojan Horse

type of malicious software (malware) that is designed to look like a legitimate application or file, but is actually intended to cause harm to a system or steal data.

Potentially unwanted program (PUP)

A program that is installed on a computer without the user’s knowledge or consent that are often installed along with legitimate software, so that it is difficult to detect

Backdoor

A vulnerability that allows an attacker access to a system without proper authentication. It is often placed on your computer through malware

Remote Access Trojan (RAT)

Malware installs the server, service, or host to control a device that can be used for things such as key logging, screen recording, screenshots, copy files, or to embed more malware.

Rootkit

A piece of malware that modifies core or kernel system files, that can be invisible to the operating system. It cannot be stopped or terminated as it is part of the system files.

Adware

Malware that shows ads everywhere on your computer, usually pop-ups

Spyware

Malware that spies on you for advertising, identity theft, or affiliate fraud. It usually monitors web surfing habits, and includes key loggers.

Bots

A computer that is a part of a botnet, usually because of malware installed through a Trojan Horse. Controlled through a Command & Control (C&C) server or service.

Botnets

A group of bots working together, can be used for Distributed Denial of Service (DDOS) attacks, relay spam, proxy network traffic, and distributed computing tasks.

Logic Bomb

A type of malware that is set off by a specific event, or a time or date passing.

Plaintext/Unencrypted Passwords

Stored passwords in a server that are not hashed or encrypted, and are just in normal text

Hash

A representation of data as a fixed-length string of text, usually a mix of letters, numbers, and symbols

Spraying Attack

Attack that tries to log in with common passwords for an account, and if it doesn’t work then it moves on.

Online Brute-Force Attack

online attack in which an attacker tries to guess the password or other credentials of a user or system by systematically trying all possible combinations of characters, words or phrases. This Will usually lead to lock-out due to amount of attempts

Offline Brute-Force Attack

Trying every possible password combination until the hash is matched with a downloaded file, where they will not be locked out of the account

Dictionary Attacks

Password attack using a dictionary to find common words, using the word lists trying to find passwords. It can also substitute letters for symbols that could be used.

Rainbow Tables

precomputed table of hash values for plain text words, phrases, and numbers. It is used to quickly find the plain text counterpart of a given hash value.

Salt

Random data added to a password when hashing, which is different for every hash that is created, this makes rainbow tables not work.

Malicious USB cable

USB cables that have been modified to contain malicious software that can be used to gain access to a computer or device without the user's knowledge or permission. These cables can be used to steal confidential data, install malware, or even gain remote control of the system.

Malicious Flash Drive

A flash drive that has malicious scripts or data on it, or can identify itself as a HID, and infect with malware. It could also be configured as a boot device or as a trojan, or even as an ethernet adapter that can redirect or modify internet traffic requests.

Skimming

Stealing credit card information, usually during a normal transaction using a magnetic stripe. Could also include a small camera to watch for your pin.

Poisoned Training Data

form of data poisoning where malicious data is injected into a dataset used to train a machine learning model. This data can lead to misinformed predictions or erroneous outcomes and can be used to deliberately disrupt or manipulate the performance of a machine learning model.

Evasion Attacks

attacks at test time, in which the attacker aims to manipulate the input data to produce an error in the machine learning system

Supply Chain Attack

type of cyberattack in which an attacker infiltrates a supplier's or vendor's system or network to gain access to the target's network or system.

Cryptographic Attacks

a type of malicious attack that attempts to gain access to information that is protected by cryptography.

Hash Collision

When two plaintext passwords create the same hash

Downgrade Attack

type of attack in which an attacker attempts to force a system or network to use an older, less secure version of software or protocol. This attack usually involves exploiting vulnerabilities in the system or network’s authentication protocol.

Privilege Escalation

Exploiting a vulnerability in an operating system or application to gain more access than is granted for that user.

Cross-Site Scripting (XSS)

A website taking scripts from other servers and loading things from other sites onto it’s own site.

Cross-site Scripting (XSS) Attack

An attacker inputting scripts into a site that is executed with the other legitimate scripts that are ran when the website is loaded to access cookies, session tokens, or other sensitive information that is retained by the browser/site

Non-Persistent XSS Attack

An XSS attack that is injected through a form field or URL parameter, that is not stored in the application’s database or the user’s web browser, and is only active while the attack is active.

Persistent Stored XSS Attack

A XSS attack that is stored into a web page and executed when the page is loaded by the user, it will not be removed until the website is manually patched or updated

Code Injection

attack technique used to exploit web applications and software by inserting malicious code into the input fields of the application. This malicious code can be used to execute unauthorized commands, change data, access sensitive information, or even create new user accounts with privileged access.

SQL Injection

a type of attack that takes advantage of vulnerabilities in web application code to inject malicious SQL statements into a backend database. These malicious statements can be used to bypass authentication and authorization, modify data, or even delete entire tables or databases.

XML Injection

a type of attack that focuses on exploiting vulnerabilities in XML-based applications. This type of attack involves injecting malicious code into an application's XML document in order to gain access to sensitive information or modify data.

LDAP Injection

a type of attack that exploits the vulnerabilities of an application that utilizes LDAP (Lightweight Directory Access Protocol) for client-server communication. It occurs when malicious code is inserted into an LDAP query in order to reveal confidential data, such as user credentials or other sensitive information, or to gain access to resources.

DLL Injection

a technique used to run code in the memory space of another process. This is done by either directly loading a dynamic-link library (DLL) into the process address space or by manipulating the code of the process to load a DLL into its address space. This technique is commonly used by malicious attackers to inject malicious code into legitimate processes to gain privileged access to the system or to modify the behavior of the process.

Buffer Overflow

Overwriting a buffer of memory, spilling over into other memory areas. This can cause elevated privileges or causing the system to crash whenever the attacker would like.

Replay Attack

an attack in which an attacker captures and then retransmits a valid data transmission in an attempt to gain unauthorized access to a system or data. It works by capturing a valid packet of data sent from one computer to another, and then replaying the data at a later time with the intention of fooling the receiving computer into believing that the data originated from the original source.

Session Hacking (Sidejacking)

Grabbing a session ID from a user by grabbing the packets that are sent to the server, and using the same session ID to gain access to the server

Cross-Site request Forgery (CSRF)

An attacker sends a request to a victim’s computer, where the victim activates the request without realizing it so that the attacker’s request can log onto a site that already has trust that a site has for the user’s computer or browser

Server-side request forgery (SSRF)

The attacker finds a vulnerable web application, and sends a request to a web server, and the web server performs the request on behalf of the attacker, this could be to perform a task for the attacker such as sending a request to another server or accessing sensitive data.

Driver Manipulation

Attacker taking advantage of files inside of a driver, including changing the settings of a driver, adding or removing driver files, or directly editing the driver code.

Shimming

Inserting a small piece of malicious code into a program or system to intercept certain requests or commands and modify the program’s behavior. This could be used to bypass authentication measures, redirect requests, or manipulate data

Refactoring (metamorphic malware)

A tactic used by attackers to hide malicious code from detection by altering it’s own code without changing it’s functionality, this could be done by changing the structure, variable names, program flow, or other elements of the code.

SSL Stripping/HTTP Downgrade

where the attacker intercepts an incoming HTTPS request and forces the user to communicate over HTTP instead to modify the website's content, inject malicious code, or intercept data by being in the middle

Race Condition

When a system produces different results depending on the order or timing of how certain operations are executed. When two or more processes are trying to access and modify the same resource at the same time, and the result of the operation depends on which operation finishes first. Results can be unpredictable

Time-of-check to time-of-use Attack (TOCTOU)

Takes advantage of race conditions between the period of time between when a system checks the validity of a resource to when it uses that resource. Attackers can intervene between these times and make the resource invalid while the system still uses the resource.

Memory Leak

Unused memory is not properly released, and begins to slowly grow in size until it uses all available memory and crashes.

NULL Pointer Dereference attack

attack that exploits a programming error in a computer program, in which the program attempts to access a memory location that has not been allocated or contains invalid data. This type of attack is possible when a program attempts to access a memory address that is set to NULL, a memory location that does not contain any data. In many cases, this attack will cause the program to crash or enter an undefined state, resulting in a denial of service. The attacker may also be able to gain access to critical system resources or manipulate data stored in memory.

Integer Overflow attack

attack that exploits the fact that a computer cannot accurately represent certain values that are too large or too small to fit into its memory. In this attack, an attacker sends malicious input data to a vulnerable application or system, which causes an overflow of the integer variable that is used to store the input. This leads to the variable storing an incorrect value, which can then be used to trigger a buffer overflow, resulting in the execution of arbitrary code. The attacker can then gain access to the system, modify data or even crash the system.

Directory Traversal attack

When an attacker gains access to restricted file directories by manipulating the way a server or web application navigates through a file system

API attack

When an attacker targets an Application programing interfaces that are vulnerable to grab information that is being transferred between the applications and servers.

Resource Exhaustion Attack

attack that attempts to overwhelm a system or network by consuming its resources. It is done by flooding the target with a large number of requests, which can cause the system to become unresponsive or even crash. The attacker typically uses a botnet or distributed denial of service (DDoS) attack to send a large number of requests to the target in a short amount of time. The goal of the attack is to exhaust the target’s resources, such as memory, bandwidth, or processing power, so that it can no longer function properly. This type of attack can be used to take down websites, disrupt services, or cause other damage.

DHCP Starvation Attack

Attack on a DHCP server trying to exhaust it’s IP address pool, to deny legitimate users from joining the network

Rogue Access Point

An access point that added to your network without authorization that could be used as a backdoor to your network.

Wireless Evil Twin

Looks like a legit access point to your network that is configured to look like an existing network, using the same or similar SSID and security settings

Bluejacking

Sending a unsolicited message to another device via bluetooth

Bluesnarfing

Accessing a bluetooth enabled device to steal it’s data such as contact lists, logs, and data

Wireless Disassociation/Wireless Deauthentication Attack

Attackers using malicious code to disconnect a user from a wireless network by sending fake deauthentication packets that appears to be from the wireless access point

Radio Frequency Jamming (RF Jamming)

Transmit interfering wireless signals to decrease the signal to noise ratio at the receiving device to disrupt the functioning of the network

Radio Frequency Identification (RFID)

Identification using radio frequencies usually for access

Near field communication (NFC)

Two way wireless communication, typically for payment systems

Cryptographic Nonce

A random number used only once in a cryptographic communication or transaction, that cannot be reused

Initialization Vector

A piece of data used in some encryption algorithms to ensure that the same plaintext is encrypted differently each time, that is usually generated randomly and is sent along with the encrypted data to the receiver. The receiver then uses the IV to decrypt the data

On-Path Attack (man-in-the-middle)

Attacker redirects your traffic to another computer, reads it, and then passes it onto it’s destination

ARP Poisoning

Grabbing the ARP (Address Resolution Protocol) request to the router, and updating the target’s ARP cache to believe the attacker’s MAC address is the one of the router, which redirects all traffic through the attacker’s computer, also allowing modification of that traffic.

On-path browser attack

attacker is able to intercept and modify data that is being transmitted between a user’s browser and a website. This type of attack is possible because the attacker is able to insert themselves in the middle of the communication path using malware or a trojan horse, allowing them to view, modify, and even delete the data that is being sent.

MAC Address

Ethernet Media Access Control Address, the physical address of a network address, LAN switches forward or drop frames based on the destination MAC address

MAC Flooding

Attacker sending traffic with difference source MAC addresses to add to the MAC table, which forces out the legitimate MAC addresses. When the table fills up the switch begins flooding traffic to all interfaces, which lets the attacker easily capture all network traffic.

MAC Cloning/Spoofing

Modify MAC address to match the MAC address of an existing device to circumvent filters, or to create a DoS disrupting communication to the legitimate MAC