Security+ Domain 1

studied byStudied by 1 person
0.0(0)
get a hint
hint

Social Engineering

1 / 246

encourage image

There's no tags or description

Looks like no one added any tags here yet for you.

247 Terms

1

Social Engineering

an attempt by an attacker to convince someone to provide info like a password or perform an action they wouldn’t normally perform such as clicking on a malicious link

New cards
2

Phishing

commonly used to try to trick users into giving up personal information such as user accounts and passwords, click a malicious link, or open a malicious attachment

New cards
3

Spear Phishing

targets specific groups of users

New cards
4

Whaling

targets high level executives

New cards
5

Vishing

(Voice Phishing) phone based

New cards
6

Smishing

uses sms text messaging on mobile

New cards
7

Spam

Unsolicited email, generally considered an irritant

New cards
8

Spim

SPAM over instant messaging, also generally considered an irritant

New cards
9

Dumpster Diving

Gathering important details (intelligence) from things that people have thrown out in their trash

New cards
10

Tailgating

when an unauthorized individual might follow you in through that open door without badging in themeselves

New cards
11

Eliciting information

strategic use of casual conversation to extract information without the arousing suspicion of the target

New cards
12

Shoulder Surfing

a criminal practice where thieves steal you personal data by spying over your shoulder

New cards
13

Pharming

an online scam similar to phishing, where a website’s traffic is manipulated. and confidential information is stolen

New cards
14

Identity Fraud

use of another person’s personal information, without authorization, to commit a crime or to deceive or defraud that person or another third party

New cards
15

Prepending

is adding words or phrases like “SAFE” to a malicious file or suggesting topics via social engineering to uncover information of interest

New cards
16

Invoice Scams

fake invoices with a goal of receiving money or by prompting a victim to put their credentials into a fake login screen

New cards
17

Credential Harvesting

attackers trying to gain access to your usernames and passwords that might be stored on your local computer

Countermeasures: email defense, anti-malware, EDR/XDR solutions that will check URL’s and block the scripts often used to execute the attack

New cards
18

Reconnaissance

A common technique that comes in multiple forms

New cards
19

Passive discovery

techniques that do not send packets to the target like Google hacking, phone calls, DNS and WHOIS lookups

New cards
20

Semi-passive discovery

Touches the target with packets in a non-aggressive fashion to avoid raising alarms of the target

New cards
21

Active discovery

More aggressive techniques likely to be noticed by the target, including port scanning, and tools like nmap and Metasploit

New cards
22

Hoaxes

Intentional falsehoods coming in a variety of forms ranging from virus hoaxes to fake news. Social media plays a prominent role in hoaxes today

New cards
23

Impersonation

A form of fraud in which attackers pose as a known or trusted person to dupe the user into sharing sensitive info, transferring money, etc.

New cards
24

Watering hole attack

Attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware

New cards
25

Typosquatting

a form of cybersquatting (sitting on sites under someone else’s brand or copyright) targeting users who type an incorrect website address

This often employs a drive-by download that can infect a device even if the user does not click anything

New cards
26

Pretexting

an attacker tries to convince a victim to give up information of value, or access to a service or system

The distinguishing feature is that the attacker develops a story, or pretext in order to fool the victim. This often leans an establishing authority for the attacker as someone who should have access to information. This often includes a character played by the scam artist and a plausible situation where that character needs access to information

New cards
27

Influence Campaign

A social engineering attack intended to manipulate the thoughts and minds of large groups of people

New cards
28

Hybrid Warfare

Attack using a mixture of conventional and unconventional methods and resources to carry out the campaign

New cards
29

Social media

May use multiple social platforms everaging multiple / many individuals to amplify the message, influencing credibility. Many involve creating multiple fake accounts to post content and speed the spread.

New cards
30

Principles of Social Engineering

Authority - Citing position, responsibility, or affiliation that grants the attacker the authority to make the request.

Intimidation - Suggesting you may face negative outcomes if you do not facilitate access or initiate a process.

Consensus - Claiming that someone in a similar position or peer has carried out the same task in the past.

Scarcity - Limited opportunity, diminishing availability that requires we get this done in a certain amount of time, similar to urgency.

Familiarity - Attempting to establish a personal connection, often citing mutual acquaintances, social proof.

Trust - Citing knowledge and experience, assisting the target with an issue, to establish a relationship

Urgency - Time sensitivity that demands immediate action, similar to scarcity

New cards
31

Application Attacks

attacks attackers use to exploit poorly written software

New cards
32

Rootkit (escalation of privilege)

freely available on the internet and exploit known vulnerabilities in various operating systems enabling attackers to elevate privilege. Always keep security patches up to date and install anti malware software EDR / XDR

New cards
33

Back Door

undocumented command sequences that allow individuals with knowledge of the back door to bypass normal access restrictions often used in development and debugging.

New cards
34

Computer Virus

a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.

New cards
35

Crypto malware

Ransomware that encrypts files stored on a computer or mobile device in order to extort money.

New cards
36

Hoaxes

Virus hoaxes are a nuisance that result in wasted resources. Used to spread through “email from a friend” but have changed with social media.

New cards
37

Logic Bombs

Logic Bombs are malicious code objects that infect a system and lie dormant until they are triggered by the occurrence of one or more conditions, such as time, program launch, website logon, etc.

New cards
38

Trojan Horse

a software program that appears good and harmless but carries a malicious, hidden payload that has the potential to wreak havoc on a system or network. Only install software from trusted sources and do not let users install anything they want.

New cards
39

Worm

a type of malware that spreads copies of itself from computer to computer, replicating itself without human interaction.

New cards
40

Potentially unwanted programs (PUPs)

a program that may be an unwanted app often delivered alongside a program the user wants. PUPs include spyware, adware, and dialers.

New cards
41

Keylogger

Designed to log keystrokes, creating records of everything you type on a computer or mobile keyboard.

New cards
42

Spyware

Malware designed to obtain information about an individual, system, or organizaiton.

New cards
43

Fileless virus

a type of malicious software that does not rely on virus-laden files to infect a host. Instead, it exploits applications that are commonly used for legitimate and justified activity to execute malicious code in resident memory.

New cards
44

Command and control

a computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network.

New cards
45

Remote access trojan (RAT)

a malware program that gives an intruder administrative control over a target computer.

New cards
46

Ransomware

infects a target machine and then uses encryption technology to encrypt documents, spreadsheets, and other files stored on the system with a key known only to the malware creator. Some countermeasures are to backup your computer, store backups separately, and to do file auto-versioning. To prevent malware, update / patch your computer, use caution with web links, use caution with email attachments, verify email senders, and preventative software programs and user awareness training.

New cards
47

Dictionary attacks

Use programs with built in dictionaries. They attempt all dictionary words to try and find the correct password, in the hope that a user would have used a standard dictionary word. Countermeasures include MFA, biometric authentication, limit number of attempts, and to force reset after certain number of failed attempts.

New cards
48

Password spraying

Attacker tries a password against many different accounts to avoid lockouts that typically come when brute forcing a single account. This will succeed when the admin or an application sets a default password for new users. Countermeasures to this include MFA, CAPTCHA, and forcing password change on first login.

New cards
49

Offline

Attempt to discover passwords from a captured database or captured packet scan.

New cards
50

Online

Attempts to discover a password from an online system. For example, an attacker trying to log on to an account by trying to guess a user’s password. Most web and wi-fi attacks are online attacks.

New cards
51

Plaintext / unencrypted

Protocols and authentication methods that leave credentials unencrypted, like basic authentication and telnet.

New cards
52

Brute Force Attack

Attempts to randomly find the correct cryptographic key attempting all possible combinations (trial and error). Password complexity and attacker resources will determine effectiveness of this attack. Countermeasures include cryptographic salts, CAPCHA, and throttling the rate of repeated logins and IP blocklists.

New cards
53

Cryptographic Salts

help us neutralize the rainbow tables attackers may be using

New cards
54

Rainbow tables

These contain precomputed values of cryptographic hash functions to identify commonly used passwords

New cards
55

Salt

random data that is used as an additional input to a one-way function that hashes data, a passwords, or passphrase. Adding salts to the passwords before hashing them reduces the effectiveness of rainbow table attacks.

New cards
56

Multi-factor Authentication

  • Something you know (pin or password)

  • Something you have (trusted device)

  • Something you are (biometric)

This prevents phishing attacks, spear phishing attacks, keyloggers, credential stuffing, brute force and reverse brute force attacks, and man-in-the-middle attacks.

New cards
57

Bots

represent significant threats due to the massive number of computers that can launch attacks.

New cards
58

Botnet

a collection of compromised computing devices (often called bots or zombies)

New cards
59

Bot Herder

criminal who uses a command-and-control-server to remotely control the zombies. They often use botnets to launch attacks on other systems or to send spam or phishing emails.

New cards
60

Malicious flash drive

Attack comes in two common forms:

  • Drives dropped where they are likely to be picked up.

  • Sometime effectively a trojnan, shipped with malware installed after leaving the factory.

New cards
61

Malicious USB cable

Less likely to be noticed than a flash drive. May be configured to show up as a human interface device (e.g. a keyboard)

New cards
62

Card cloning

Focusses on capturing info from cards used for access, like RFID and magnetic stripe cards.

New cards
63

Skimming

Involve fake card readers or social engineering and handheld readers to capture (skim) cards, then clone so attacker may use for their own purposes.

New cards
64

Adversarial Artificial Intelligence

A rapidly developing field targeting AI and ML.

New cards
65

Tainted training data for machine learning (ML)

Data poisoning that supplies AI and ML algorithms with adversarial data that serves the attackers purposes, or attacks against privacy.

New cards
66

Security of machine learning algorithms

  • Validate quality and security of the data sources.

  • Secure infrastructure and environment where AI and ML is hosted.

  • Review. test. and document changes to AI and ML algorithms.

New cards
67

Artificial Intelligence (AI)

Focusses on accomplishing “smart” tasks combining machine learning and deep learning to emulate human intelligence

New cards
68

Machine Learning (ML)

A subset of AI, computer algorithms that improve automatically through experience and the use of data.

New cards
69

Deep Learning

a subfield of machine learning concerned with algorithms inspired by the structure and function of the brain called artificial neural networks.

New cards
70

Supply Chain Attacks

a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain.

  • Often attempt to compromise devices, systems. or software before it reaches an organization.

  • Sometimes focus on compromising a vulnerable vendor in the organization’s supply chain, and then attempting to breach the target organization.

  • This attack is known as an “island hopping” attack.

New cards
71

Cloud_based attacks

  • Data center is often more secure and less vulnerable to disruptive attacks such as DDoS.

  • On the downside, you will not have facility-level or physical system-level audit access.

New cards
72

On-premise attacks

  • You do not benefit from the cloud’s shared responsibility model.

  • You have more control, but are responsible for security of the full stack.

New cards
73

Collision Attack

attack on a cryptographic hash to find two inputs that produce the same hash value

New cards
74

Downgrade Attack

when a protocol is downgraded from a higher mode or version to a low-quality mode or lower version.

New cards
75

Birthday Attack

an attempt to find collisions in hash functions.

New cards
76

Replay Attack

an attempt to rescue authentication requests.

New cards
77

Privilege Esculation

A security hole created when code is executed with higher privileges than those of the user running it.

New cards
78

Request Forgeries

a type of injection using malicious scripts

New cards
79

Cross-site scripting (XSS)

A type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

This occurs when an attacker uses a web application to send malicious code to a different end user.

New cards
80

Cross-site request forgery (XSRF or CSRF)

exploits user trust to execute code

similar to cross-site scripting attacks, but exploit a different trust relationship.

exploits trust that a user has in a website to execute code on the user’s computer.

New cards
81

Dynamic-link library (DLL)

Is a situation in which the malware tries to inject code into the memory process space of a library using a vulnerable/compromised DLL.

New cards
82

Lightweight Directory Access Protocol (LDAP)

exploits weaknesses in LDAP implementations

This can occur when the user’s input is not properly filtered, and the result can be executed commands, modified content, or results returned to unauthorized queries.

New cards
83

Extensibe Markup Language (XML)

when users enter values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack.

XPATH works in a similar manner to SQL except that it does not have the same levels of access control, so exploits can return entire documents.

New cards
84

SQL injection attakcs

used to compromise web front-end and backend databases

Use unexpected input to a web application to gain unauthorized access to an underlying database. Some countermeasures include input validation, use prepared statements, and limit account privileges.

New cards
85

Pointer / Object Dereference

An attack that consists of finding null references in a target program and dereferencing them, causing an exception to be generated.

The vulnerability in memory that usually causes the applications to crash or a denial of service is a NULL Pointer dereference.

In this case, there is nothing at that memory address to dereference (it is empty, or NULL) and the application crashes.

New cards
86

Directory Traversal

Gaining access to restricted directories

If an attacker is able to gain access to restricted directories through HTTP, it is known as a directory traversal attack.

One of teh simplest ways to perform directory traversal is by using a command injection attack that carries out the action.

Most vulnerability scanners will check for weaknesses with directory traversal / command injection and inform you of their presence.

New cards
87

Buffer Overflows

attacks attackers use to exploit poorly written software.

exists when a developer does not validate user input to ensure that it is of an appropriate size (allows input that is too large can “overflow” memory buffer).

New cards
88

Race Conditions

A condition where the system’s behavior is dependent on the sequence or timing of other uncontrollable events.

New cards
89

Time-of-Check-to-Time-of-Use (TICTOU)

a timing vulnerability that occurs when a program checks access permissions too far in advance of a resource request.

New cards
90

Error handling

Related to input validation is error handling

Every function that has any meaningful functionality should have appropriate error handling.

Properly done, the user will simply see an error message box.

Error handling is an element of good coding practices.

New cards
91

Session Replay

an attacker steals a valid session ID of a user and reuses it to impersonate an authorized user and perform fraudulent transactions or activities.

New cards
92

Integer Overflow

Putting too much information into too small of a space that has been set outside for numbers.

A type of arithmetic overflow error when the result of an integer operation does not fit within the allocated memory space.

Instead of an error handled in the program, it usually causes the result to be unexpected.

Other lead to buffer overflows and generally ranked as one of the most dangerous software errors.

Countermeasures; Good coding practices, appropriate typing of variables using large variable types, like long (Java) or long int (C).

New cards
93

API Attacks

Attempts to manipulate the application programming interface (API)

Include DDoS, Man in the Middle, and injection attacks focused on an API

Goals are to gain additional resource or data access, or interrupt service

Countermeasures: Transport Layer Security (TLS), OAuth, request timestamps, key/password hash

New cards
94

Resource Exhaustion

When an application continuously allocates additional resources exhausting machine resources, leading the system to hang or crash.

When exploited, vulnerabilities in apps, software, or system security that hang, crash, or interfere with external programs perform designated tasks properly.

Memory leaks can lead to resource exhaustion (see “memory leaks” in this session).

However, these attacks can be executed by exhausting other resource subsystems, such as CPU, disk, or network.

Countermeasures: Good software development practices (e.g. preventing memory leaks), limiting what files and apps can be executed on endpoints.

New cards
95

Memory Leak

The most common issue in memory management

Which languages are susceptible?

Many modern programming languages (such as C# and Java) don’t allow the programmer to directly allocate or deallocate memory. Therefore, those programming languages are not prone to memory leaks. However, certain older languages most notably C and C++, give the programmer a great deal of control over memory management.

Cause

Memory leaks are usually caused by failure to deallocate memory that has been allocated.

New cards
96

Secure Sockets Layer (SSL) Stripping

A technique by which a website is downgraded from https to http

This attack downgrades you connection from HTTPS to HTTP and exposes you to eavesdropping and data manipulation.

How it works

To execute an SSL strip attack, there must be three entities which are the victim’s system, secure web server, and attacker’s system.

In order to “strip” the TLS/SSL, an attacker intervenes in the redirection from HTTP to HTTPS and intercepts a request from the user to the server.

Countermeasures: Enable HTTPS on All pages of your website, implement a HTTP Strict Transport Security (HSTS) policy, so the browser requires HTTPS

New cards
97

Shimming

A shim is a small library that is created to intercept API calls transparently and do one of three things: handle the operation itself, change the arguments passed, or redirect the request elsewhere.

Involves creating a library (or modifying an existing) to bypass a driver and perform a function other than the one for which the API was created.

New cards
98

Refactoring

The name given to a set of techniques used to identify the flow and then modify the internal structure of code without changing the code’s visible behavior.

In legitimate scenarios, this is done in order to improve the design, to remove unnecessary steps, and to create better code.

In malware, this is often done to look for opportunities to take advantage of weak code and look for holes that can be exploited.

New cards
99

Pass the Hash

a technique whereby. an attacker captures a password hash (as opposed to the password characters) and then passes it through for authentication and lateral access.

Pass the hash vs Pass the Ticket

One primary difference between them is ticket expiration.

Countermeasures: Enforce least privilege access, analyze applications to determine which require admin privileges, use flexible policies that allow only trusted applications to run and in specific context.

New cards
100

On-Path (Man-in-the-Middle) Attack

Attacker who sits in the middle between to endpoints and is able to intercept traffic, capturing (and potentially changing) information.

Fools both parties into communicating with the attacker (in between the two) instead of directly with each other.

Different versions of the attack exist, some affecting websites, email communications, DNS lookups, or Wi-Fi networks

Countermeasures: only use secured Wi-Fi, VPN, HTTPS, and use multi-factor authentication.

New cards

Explore top notes

note Note
studied byStudied by 45 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 10 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 187 people
Updated ... ago
4.3 Stars(4)
note Note
studied byStudied by 45 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 7 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 5 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 8 people
Updated ... ago
4.7 Stars(3)
note Note
studied byStudied by 78 people
Updated ... ago
5.0 Stars(1)

Explore top flashcards

flashcards Flashcard48 terms
studied byStudied by 16 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard25 terms
studied byStudied by 17 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard110 terms
studied byStudied by 10 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard21 terms
studied byStudied by 5 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard34 terms
studied byStudied by 13 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard42 terms
studied byStudied by 13 people
Updated ... ago
5.0 Stars(3)
flashcards Flashcard28 terms
studied byStudied by 1 person
Updated ... ago
5.0 Stars(1)
flashcards Flashcard60 terms
studied byStudied by 148 people
Updated ... ago
5.0 Stars(9)