Security+ Domain 1

studied byStudied by 1 person
get a hint

Social Engineering

1 / 246

encourage image

There's no tags or description

Looks like no one added any tags here yet for you.

247 Terms


Social Engineering

an attempt by an attacker to convince someone to provide info like a password or perform an action they wouldn’t normally perform such as clicking on a malicious link

New cards


commonly used to try to trick users into giving up personal information such as user accounts and passwords, click a malicious link, or open a malicious attachment

New cards

Spear Phishing

targets specific groups of users

New cards


targets high level executives

New cards


(Voice Phishing) phone based

New cards


uses sms text messaging on mobile

New cards


Unsolicited email, generally considered an irritant

New cards


SPAM over instant messaging, also generally considered an irritant

New cards

Dumpster Diving

Gathering important details (intelligence) from things that people have thrown out in their trash

New cards


when an unauthorized individual might follow you in through that open door without badging in themeselves

New cards

Eliciting information

strategic use of casual conversation to extract information without the arousing suspicion of the target

New cards

Shoulder Surfing

a criminal practice where thieves steal you personal data by spying over your shoulder

New cards


an online scam similar to phishing, where a website’s traffic is manipulated. and confidential information is stolen

New cards

Identity Fraud

use of another person’s personal information, without authorization, to commit a crime or to deceive or defraud that person or another third party

New cards


is adding words or phrases like “SAFE” to a malicious file or suggesting topics via social engineering to uncover information of interest

New cards

Invoice Scams

fake invoices with a goal of receiving money or by prompting a victim to put their credentials into a fake login screen

New cards

Credential Harvesting

attackers trying to gain access to your usernames and passwords that might be stored on your local computer

Countermeasures: email defense, anti-malware, EDR/XDR solutions that will check URL’s and block the scripts often used to execute the attack

New cards


A common technique that comes in multiple forms

New cards

Passive discovery

techniques that do not send packets to the target like Google hacking, phone calls, DNS and WHOIS lookups

New cards

Semi-passive discovery

Touches the target with packets in a non-aggressive fashion to avoid raising alarms of the target

New cards

Active discovery

More aggressive techniques likely to be noticed by the target, including port scanning, and tools like nmap and Metasploit

New cards


Intentional falsehoods coming in a variety of forms ranging from virus hoaxes to fake news. Social media plays a prominent role in hoaxes today

New cards


A form of fraud in which attackers pose as a known or trusted person to dupe the user into sharing sensitive info, transferring money, etc.

New cards

Watering hole attack

Attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware

New cards


a form of cybersquatting (sitting on sites under someone else’s brand or copyright) targeting users who type an incorrect website address

This often employs a drive-by download that can infect a device even if the user does not click anything

New cards


an attacker tries to convince a victim to give up information of value, or access to a service or system

The distinguishing feature is that the attacker develops a story, or pretext in order to fool the victim. This often leans an establishing authority for the attacker as someone who should have access to information. This often includes a character played by the scam artist and a plausible situation where that character needs access to information

New cards

Influence Campaign

A social engineering attack intended to manipulate the thoughts and minds of large groups of people

New cards

Hybrid Warfare

Attack using a mixture of conventional and unconventional methods and resources to carry out the campaign

New cards

Social media

May use multiple social platforms everaging multiple / many individuals to amplify the message, influencing credibility. Many involve creating multiple fake accounts to post content and speed the spread.

New cards

Principles of Social Engineering

Authority - Citing position, responsibility, or affiliation that grants the attacker the authority to make the request.

Intimidation - Suggesting you may face negative outcomes if you do not facilitate access or initiate a process.

Consensus - Claiming that someone in a similar position or peer has carried out the same task in the past.

Scarcity - Limited opportunity, diminishing availability that requires we get this done in a certain amount of time, similar to urgency.

Familiarity - Attempting to establish a personal connection, often citing mutual acquaintances, social proof.

Trust - Citing knowledge and experience, assisting the target with an issue, to establish a relationship

Urgency - Time sensitivity that demands immediate action, similar to scarcity

New cards

Application Attacks

attacks attackers use to exploit poorly written software

New cards

Rootkit (escalation of privilege)

freely available on the internet and exploit known vulnerabilities in various operating systems enabling attackers to elevate privilege. Always keep security patches up to date and install anti malware software EDR / XDR

New cards

Back Door

undocumented command sequences that allow individuals with knowledge of the back door to bypass normal access restrictions often used in development and debugging.

New cards

Computer Virus

a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.

New cards

Crypto malware

Ransomware that encrypts files stored on a computer or mobile device in order to extort money.

New cards


Virus hoaxes are a nuisance that result in wasted resources. Used to spread through “email from a friend” but have changed with social media.

New cards

Logic Bombs

Logic Bombs are malicious code objects that infect a system and lie dormant until they are triggered by the occurrence of one or more conditions, such as time, program launch, website logon, etc.

New cards

Trojan Horse

a software program that appears good and harmless but carries a malicious, hidden payload that has the potential to wreak havoc on a system or network. Only install software from trusted sources and do not let users install anything they want.

New cards


a type of malware that spreads copies of itself from computer to computer, replicating itself without human interaction.

New cards

Potentially unwanted programs (PUPs)

a program that may be an unwanted app often delivered alongside a program the user wants. PUPs include spyware, adware, and dialers.

New cards


Designed to log keystrokes, creating records of everything you type on a computer or mobile keyboard.

New cards


Malware designed to obtain information about an individual, system, or organizaiton.

New cards

Fileless virus

a type of malicious software that does not rely on virus-laden files to infect a host. Instead, it exploits applications that are commonly used for legitimate and justified activity to execute malicious code in resident memory.

New cards

Command and control

a computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network.

New cards

Remote access trojan (RAT)

a malware program that gives an intruder administrative control over a target computer.

New cards


infects a target machine and then uses encryption technology to encrypt documents, spreadsheets, and other files stored on the system with a key known only to the malware creator. Some countermeasures are to backup your computer, store backups separately, and to do file auto-versioning. To prevent malware, update / patch your computer, use caution with web links, use caution with email attachments, verify email senders, and preventative software programs and user awareness training.

New cards

Dictionary attacks

Use programs with built in dictionaries. They attempt all dictionary words to try and find the correct password, in the hope that a user would have used a standard dictionary word. Countermeasures include MFA, biometric authentication, limit number of attempts, and to force reset after certain number of failed attempts.

New cards

Password spraying

Attacker tries a password against many different accounts to avoid lockouts that typically come when brute forcing a single account. This will succeed when the admin or an application sets a default password for new users. Countermeasures to this include MFA, CAPTCHA, and forcing password change on first login.

New cards


Attempt to discover passwords from a captured database or captured packet scan.

New cards


Attempts to discover a password from an online system. For example, an attacker trying to log on to an account by trying to guess a user’s password. Most web and wi-fi attacks are online attacks.

New cards

Plaintext / unencrypted

Protocols and authentication methods that leave credentials unencrypted, like basic authentication and telnet.

New cards

Brute Force Attack

Attempts to randomly find the correct cryptographic key attempting all possible combinations (trial and error). Password complexity and attacker resources will determine effectiveness of this attack. Countermeasures include cryptographic salts, CAPCHA, and throttling the rate of repeated logins and IP blocklists.

New cards

Cryptographic Salts

help us neutralize the rainbow tables attackers may be using

New cards

Rainbow tables

These contain precomputed values of cryptographic hash functions to identify commonly used passwords

New cards


random data that is used as an additional input to a one-way function that hashes data, a passwords, or passphrase. Adding salts to the passwords before hashing them reduces the effectiveness of rainbow table attacks.

New cards

Multi-factor Authentication

  • Something you know (pin or password)

  • Something you have (trusted device)

  • Something you are (biometric)

This prevents phishing attacks, spear phishing attacks, keyloggers, credential stuffing, brute force and reverse brute force attacks, and man-in-the-middle attacks.

New cards


represent significant threats due to the massive number of computers that can launch attacks.

New cards


a collection of compromised computing devices (often called bots or zombies)

New cards

Bot Herder

criminal who uses a command-and-control-server to remotely control the zombies. They often use botnets to launch attacks on other systems or to send spam or phishing emails.

New cards

Malicious flash drive

Attack comes in two common forms:

  • Drives dropped where they are likely to be picked up.

  • Sometime effectively a trojnan, shipped with malware installed after leaving the factory.

New cards

Malicious USB cable

Less likely to be noticed than a flash drive. May be configured to show up as a human interface device (e.g. a keyboard)

New cards

Card cloning

Focusses on capturing info from cards used for access, like RFID and magnetic stripe cards.

New cards


Involve fake card readers or social engineering and handheld readers to capture (skim) cards, then clone so attacker may use for their own purposes.

New cards

Adversarial Artificial Intelligence

A rapidly developing field targeting AI and ML.

New cards

Tainted training data for machine learning (ML)

Data poisoning that supplies AI and ML algorithms with adversarial data that serves the attackers purposes, or attacks against privacy.

New cards

Security of machine learning algorithms

  • Validate quality and security of the data sources.

  • Secure infrastructure and environment where AI and ML is hosted.

  • Review. test. and document changes to AI and ML algorithms.

New cards

Artificial Intelligence (AI)

Focusses on accomplishing “smart” tasks combining machine learning and deep learning to emulate human intelligence

New cards

Machine Learning (ML)

A subset of AI, computer algorithms that improve automatically through experience and the use of data.

New cards

Deep Learning

a subfield of machine learning concerned with algorithms inspired by the structure and function of the brain called artificial neural networks.

New cards

Supply Chain Attacks

a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain.

  • Often attempt to compromise devices, systems. or software before it reaches an organization.

  • Sometimes focus on compromising a vulnerable vendor in the organization’s supply chain, and then attempting to breach the target organization.

  • This attack is known as an “island hopping” attack.

New cards

Cloud_based attacks

  • Data center is often more secure and less vulnerable to disruptive attacks such as DDoS.

  • On the downside, you will not have facility-level or physical system-level audit access.

New cards

On-premise attacks

  • You do not benefit from the cloud’s shared responsibility model.

  • You have more control, but are responsible for security of the full stack.

New cards

Collision Attack

attack on a cryptographic hash to find two inputs that produce the same hash value

New cards

Downgrade Attack

when a protocol is downgraded from a higher mode or version to a low-quality mode or lower version.

New cards

Birthday Attack

an attempt to find collisions in hash functions.

New cards

Replay Attack

an attempt to rescue authentication requests.

New cards

Privilege Esculation

A security hole created when code is executed with higher privileges than those of the user running it.

New cards

Request Forgeries

a type of injection using malicious scripts

New cards

Cross-site scripting (XSS)

A type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

This occurs when an attacker uses a web application to send malicious code to a different end user.

New cards

Cross-site request forgery (XSRF or CSRF)

exploits user trust to execute code

similar to cross-site scripting attacks, but exploit a different trust relationship.

exploits trust that a user has in a website to execute code on the user’s computer.

New cards

Dynamic-link library (DLL)

Is a situation in which the malware tries to inject code into the memory process space of a library using a vulnerable/compromised DLL.

New cards

Lightweight Directory Access Protocol (LDAP)

exploits weaknesses in LDAP implementations

This can occur when the user’s input is not properly filtered, and the result can be executed commands, modified content, or results returned to unauthorized queries.

New cards

Extensibe Markup Language (XML)

when users enter values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack.

XPATH works in a similar manner to SQL except that it does not have the same levels of access control, so exploits can return entire documents.

New cards

SQL injection attakcs

used to compromise web front-end and backend databases

Use unexpected input to a web application to gain unauthorized access to an underlying database. Some countermeasures include input validation, use prepared statements, and limit account privileges.

New cards

Pointer / Object Dereference

An attack that consists of finding null references in a target program and dereferencing them, causing an exception to be generated.

The vulnerability in memory that usually causes the applications to crash or a denial of service is a NULL Pointer dereference.

In this case, there is nothing at that memory address to dereference (it is empty, or NULL) and the application crashes.

New cards

Directory Traversal

Gaining access to restricted directories

If an attacker is able to gain access to restricted directories through HTTP, it is known as a directory traversal attack.

One of teh simplest ways to perform directory traversal is by using a command injection attack that carries out the action.

Most vulnerability scanners will check for weaknesses with directory traversal / command injection and inform you of their presence.

New cards

Buffer Overflows

attacks attackers use to exploit poorly written software.

exists when a developer does not validate user input to ensure that it is of an appropriate size (allows input that is too large can “overflow” memory buffer).

New cards

Race Conditions

A condition where the system’s behavior is dependent on the sequence or timing of other uncontrollable events.

New cards

Time-of-Check-to-Time-of-Use (TICTOU)

a timing vulnerability that occurs when a program checks access permissions too far in advance of a resource request.

New cards

Error handling

Related to input validation is error handling

Every function that has any meaningful functionality should have appropriate error handling.

Properly done, the user will simply see an error message box.

Error handling is an element of good coding practices.

New cards

Session Replay

an attacker steals a valid session ID of a user and reuses it to impersonate an authorized user and perform fraudulent transactions or activities.

New cards

Integer Overflow

Putting too much information into too small of a space that has been set outside for numbers.

A type of arithmetic overflow error when the result of an integer operation does not fit within the allocated memory space.

Instead of an error handled in the program, it usually causes the result to be unexpected.

Other lead to buffer overflows and generally ranked as one of the most dangerous software errors.

Countermeasures; Good coding practices, appropriate typing of variables using large variable types, like long (Java) or long int (C).

New cards

API Attacks

Attempts to manipulate the application programming interface (API)

Include DDoS, Man in the Middle, and injection attacks focused on an API

Goals are to gain additional resource or data access, or interrupt service

Countermeasures: Transport Layer Security (TLS), OAuth, request timestamps, key/password hash

New cards

Resource Exhaustion

When an application continuously allocates additional resources exhausting machine resources, leading the system to hang or crash.

When exploited, vulnerabilities in apps, software, or system security that hang, crash, or interfere with external programs perform designated tasks properly.

Memory leaks can lead to resource exhaustion (see “memory leaks” in this session).

However, these attacks can be executed by exhausting other resource subsystems, such as CPU, disk, or network.

Countermeasures: Good software development practices (e.g. preventing memory leaks), limiting what files and apps can be executed on endpoints.

New cards

Memory Leak

The most common issue in memory management

Which languages are susceptible?

Many modern programming languages (such as C# and Java) don’t allow the programmer to directly allocate or deallocate memory. Therefore, those programming languages are not prone to memory leaks. However, certain older languages most notably C and C++, give the programmer a great deal of control over memory management.


Memory leaks are usually caused by failure to deallocate memory that has been allocated.

New cards

Secure Sockets Layer (SSL) Stripping

A technique by which a website is downgraded from https to http

This attack downgrades you connection from HTTPS to HTTP and exposes you to eavesdropping and data manipulation.

How it works

To execute an SSL strip attack, there must be three entities which are the victim’s system, secure web server, and attacker’s system.

In order to “strip” the TLS/SSL, an attacker intervenes in the redirection from HTTP to HTTPS and intercepts a request from the user to the server.

Countermeasures: Enable HTTPS on All pages of your website, implement a HTTP Strict Transport Security (HSTS) policy, so the browser requires HTTPS

New cards


A shim is a small library that is created to intercept API calls transparently and do one of three things: handle the operation itself, change the arguments passed, or redirect the request elsewhere.

Involves creating a library (or modifying an existing) to bypass a driver and perform a function other than the one for which the API was created.

New cards


The name given to a set of techniques used to identify the flow and then modify the internal structure of code without changing the code’s visible behavior.

In legitimate scenarios, this is done in order to improve the design, to remove unnecessary steps, and to create better code.

In malware, this is often done to look for opportunities to take advantage of weak code and look for holes that can be exploited.

New cards

Pass the Hash

a technique whereby. an attacker captures a password hash (as opposed to the password characters) and then passes it through for authentication and lateral access.

Pass the hash vs Pass the Ticket

One primary difference between them is ticket expiration.

Countermeasures: Enforce least privilege access, analyze applications to determine which require admin privileges, use flexible policies that allow only trusted applications to run and in specific context.

New cards

On-Path (Man-in-the-Middle) Attack

Attacker who sits in the middle between to endpoints and is able to intercept traffic, capturing (and potentially changing) information.

Fools both parties into communicating with the attacker (in between the two) instead of directly with each other.

Different versions of the attack exist, some affecting websites, email communications, DNS lookups, or Wi-Fi networks

Countermeasures: only use secured Wi-Fi, VPN, HTTPS, and use multi-factor authentication.

New cards

Explore top notes

note Note
studied byStudied by 45 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 10 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 187 people
Updated ... ago
4.3 Stars(4)
note Note
studied byStudied by 45 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 7 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 5 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 8 people
Updated ... ago
4.7 Stars(3)
note Note
studied byStudied by 78 people
Updated ... ago
5.0 Stars(1)

Explore top flashcards

flashcards Flashcard48 terms
studied byStudied by 16 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard25 terms
studied byStudied by 17 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard110 terms
studied byStudied by 10 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard21 terms
studied byStudied by 5 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard34 terms
studied byStudied by 13 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard42 terms
studied byStudied by 13 people
Updated ... ago
5.0 Stars(3)
flashcards Flashcard28 terms
studied byStudied by 1 person
Updated ... ago
5.0 Stars(1)
flashcards Flashcard60 terms
studied byStudied by 148 people
Updated ... ago
5.0 Stars(9)