Cybersecurity Key Concepts: CIA Triad, Attacks, Malware, and Defense Strategies

CIA Triad

Confidentiality, Integrity, Availability - Foundational security model ensuring data is private, accurate, and accessible when needed.

AAA

Authentication, Authorization, Accounting - Framework for controlling access, verifying identity, granting permissions, and tracking user actions.

MFA

Multi-Factor Authentication - Security method requiring two or more verification factors (something you know, have, or are).

Rainbow Table

Precomputed table used to crack password hashes by mapping hashes to plaintext passwords, bypassing salting if not used.

Brute Force Attack

Attempt to gain access by systematically trying all possible password combinations until the correct one is found.

Dictionary Attack

Password attack using a list of common words or phrases instead of random combinations.

Offline Attack

Attacking password hashes stored locally, without interacting with the authentication system.

Online Attack

Attempting to log in by guessing passwords through a live authentication interface.

Password Hashing

Converting a password into a fixed-length string using a one-way function to protect stored passwords.

Salt

Random data added to a password before hashing to prevent rainbow table attacks.

Stuxnet

A sophisticated worm discovered in 2010, designed to target Iran's nuclear facilities by sabotaging industrial control systems.

Biometrics

Authentication using unique biological traits (fingerprint, face, iris).

Social Engineering

Manipulating people into divulging confidential information or performing actions that compromise security.

Phishing

Fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity in electronic communication.

Spear Phishing

Targeted phishing attack aimed at a specific individual or organization.

Whaling

Phishing attack targeting high-profile individuals like executives.

Vishing

Voice phishing - Using phone calls to trick people into revealing information.

Smishing

SMS phishing - Phishing via text messages.

Typosquatting

Registering domains with common misspellings of legitimate websites to capture traffic or conduct phishing.

Watering Hole Attack

Compromising a website frequented by a target group to infect their devices with malware.

Credential Harvesting

Collecting usernames and passwords through phishing, keyloggers, or data breaches.

Influence Campaign

Coordinated effort to manipulate public opinion, often using misinformation.

Insider Threat

Security risk originating from within the organization (employees, contractors).

Hoax

Deliberate fabrication intended to deceive, often spread via email or social media.

Malware

Malicious Software - Any software intentionally designed to cause damage to a computer, server, or network.

Ransomware

Malware that encrypts files and demands payment for decryption.

Trojans

Malware disguised as legitimate software, often creating backdoors.

Backdoor

Hidden method for bypassing authentication to gain unauthorized access.

RAT

Remote Access Trojan - Malware that allows unauthorized remote control of a system.

Virus

Malware that attaches itself to a legitimate program and spreads when the program runs.

Worm

Self-replicating malware that spreads across networks without user interaction.

Spyware

Malware that secretly monitors user activity and collects data.

Adware

Unwanted software that displays advertisements, often bundled with free software.

Keylogger

Hardware or software that records keystrokes to capture sensitive information like passwords.

Logic Bomb

Malicious code that executes when specific conditions are met (e.g., date, system event).

Rootkit

Stealthy malware designed to hide the existence of certain processes or programs from detection.

DoS / DDoS

Denial of Service / Distributed Denial of Service - Attacks aimed at making a system unavailable by overwhelming it with traffic.

Botnet

Network of infected devices controlled by an attacker, often used for DDoS.

DNS Attack

Exploiting vulnerabilities in the Domain Name System to redirect traffic or intercept data.

DNS Spoofing

Corrupting DNS cache to redirect users to malicious sites.

Wireless Attack

Exploiting weaknesses in wireless networks (e.g., weak encryption, rogue access points).

On-Path Attack (MitM)

Attacker secretly intercepts and relays messages between two parties who believe they are communicating directly.

Replay Attack

Capturing and resending a valid transmission (like a session token) to gain unauthorized access.

Endpoint Security

Protecting end-user devices like laptops, phones, and tablets from threats.

Protocol Security

Securing communication protocols (e.g., HTTPS, SSH, WPA3).

Email Security

Protecting email from phishing, spam, malware, and spoofing.

Application Vulnerability

Weakness in software that can be exploited (e.g., SQL injection, XSS).

Session Replay Attack

Capturing and resending a valid session token to gain unauthorized access.

Directory Traversal

Exploiting insufficient security validation to access files and directories outside the web root folder.

Privilege Escalation

Gaining higher-level permissions than intended, often through exploiting vulnerabilities.

Pass the Hash

Using a captured password hash to authenticate without needing the plaintext password.

Buffer Overflow

Writing more data to a buffer than it can hold, causing memory corruption and potential code execution.

Command Injection

Injecting malicious commands into a system through vulnerable input fields.

CSRF

Cross-Site Request Forgery - Tricking a user into executing unwanted actions on a web app where they're authenticated.

SQL Injection

Inserting malicious SQL code into input fields to manipulate a database.

XSS

Cross-Site Scripting - Injecting malicious scripts into web pages viewed by other users.

OS Vulnerabilities

Weaknesses in operating systems (e.g., Windows, Linux) that can be exploited.

Web-based Vulnerabilities

Security flaws in web applications or services (e.g., CMS, APIs).

Hardware Vulnerabilities

Flaws in physical devices (e.g., CPUs, routers, IoT devices).

Virtualization Vulnerabilities

Weaknesses in virtual machines or hypervisors (e.g., VENOM).

Supply Chain Attack

Compromising a system by targeting less-secure elements in the supply chain (e.g., software updates, hardware).

Zero-Day Vulnerability

A security flaw unknown to the vendor, with no patch available, often exploited before discovery.

Cryptographic Vulnerability

Weakness in encryption algorithms or implementation (e.g., weak keys, outdated protocols).

Mobile Security

Protecting smartphones and tablets from malware, data leakage, and network attacks.

Physical Attack

Gaining access through physical means (e.g., theft, tampering, shoulder surfing).

Physical Security

Measures to protect hardware, facilities, and personnel (e.g., locks, cameras, access logs).

VENOM Vulnerability

Virtualized Environment Neglected Operations Manipulation - A flaw in virtual floppy disk code allowing escape from a VM to the host.

Heartbleed

Critical vulnerability in OpenSSL (2014) allowing attackers to read memory of systems protected by SSL/TLS.

Race Condition

Flaw where output depends on sequence/timing of uncontrollable events, leading to security issues.

Integer Overflow

When an arithmetic operation exceeds the maximum value a variable can hold, causing unexpected behavior.

Geolocation Data

Information about the physical location of a device, which can be leaked or exploited.

Wireless Disassociation Attack

Sending deauthentication frames to disconnect users from a Wi-Fi network.

Chrome Crash Catastrophe

Example of a vulnerability causing browser crashes, potentially leading to exploitation.

iPhone Integer Overflow

Case study of an integer overflow vulnerability in iOS leading to security bypass.

FBI Response to REvil Ransomware

Example of law enforcement action against ransomware operators.

TeaBot Malware

Android malware stealing banking credentials and SMS messages, spreading globally.

Salesforce Phishing Case

Example of phishing targeting CRM users to steal credentials.

Influence Campaign Case

Example of misinformation used to manipulate public perception.

cd (Linux)

Change directory - navigates to a specified folder.

ls

List files and directories in the current folder.

pwd

Print working directory - shows current path.

touch

Creates a new empty file.

mkdir

Creates a new directory.

rm

Removes files or directories.

cp

Copies files or directories.

mv

Moves or renames files/directories.

cat

Displays file contents.

man

Displays manual for a command.

grep

Searches text using patterns.

sort

Sorts lines of text files.

sudo

Runs a command with superuser privileges.

cd (Windows)

Change directory.

dir

List files and directories.

copy

Copies files.

del

Deletes files.

type

Displays file contents.

Relative Path

Path relative to current directory (e.g., ./docs/file.txt).

Absolute Path

Full path from root (e.g., /home/user/docs/file.txt).

Redirecting Output (>)

Sends command output to a file (overwrites).

Appending Output (>>)

Appends command output to a file.