Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
64 Cards in this Set
- Front
- Back
software exploitation |
attacks launched against applications and higher-level services |
|
spyware |
works on behalf of a 3rd party spread to users who inadvertently ask for it acquired via downloads, visiting infected sites, etc monitors user's activity and reports it mostly exists to provide commercial gain legal uses include monitoring children's online activity |
|
adware |
primary person is to deliver ads Windows Defender can be used as first line of defense |
|
rootkits |
the software exploitation program du jour software programs that have the ability to hide things from the O.S. |
|
Verify Running processes |
In windows use Task Manager In Linux use ps -ef | more |
|
ps -u root |
look at daemons and processes running on root |
|
the man command |
pulls up the user manual can be used to find the definitions of processes running on Linux |
|
trojan horse |
programs that enter a network or system under the guise of another program used to create backdoors or replace valid programs can exist for years without detection |
|
Boonana Trojan |
used facebook asked users if it was them in a video and posted a link clicking the link triggered a Java applet that directed them to malware servers |
|
Ghost Rat |
a trojan horse that exploited the remote administration feature in Windows OS that allowed attackers to record audio and video remotely |
|
viruses are usually distributed through which type of file? |
screensavers--.scr files |
|
common filenames that should not be allowed into the network via email attachments |
.bat .com .exe .hlp .pif .scr |
|
logic bombs |
programs or code snippets that execute when a certain predefined event occurs |
|
backdoor attacks |
an access modification attack will be detected by most AV popular tools include: Back Orifice and NetBus |
|
botnets |
software running on infected computers called zombies can be used to run DoS and DDos attacks |
|
ransomware |
often delivered through a trojan horse attacker takes control of a system and demands to be paid |
|
virus |
piece of software designed to infect a computer system. |
|
how are viruses spread? |
1. contaminated media 2. email and social networking sites 3. as a part of another program |
|
virus classifications |
1. polymorphic - change to avoid detection 2. stealth- stay hidden 3. retroviruses- attack or bypass the AV 4. multipartite - attack system in multiple ways 5. armored - designed to be difficult to detect or analyze 6. companion - attaches to legit programs, then creates a program with different file ext. 7. phage-modifies and alters other programs and databases 8. macro - exploits program enhancements |
|
virus symptoms |
1. programs start to load slowly 2. unusual files appear, files disappear 3. program size changes 4. browser/software starts looking or acting differently 5. system shuts down or restarts by itself- disk activity increases 6. lose access to drives or system resources 7. system stop rebooting or gives unexpected error messages during startup |
|
spam |
unwanted, unsolicited email SPIT (spam over internet telephony) SPIM ( spam over instant messaging) |
|
antivirus software |
used as a preventative measure for the propagation of malicious code. it scans for viruses, worms and trojan horses should be used at the gateways, servers and desktops
|
|
Klez32 virus |
uses Outlook grabs a random name from address book and uses it in the header uses a worm to use a mini-mailer and then send it out to all persons in the address book |
|
attack |
occurs when an unauthorized individual or group attempts access, modify or damage your systems or environment |
|
reasons for attacks |
for fun criminals trying to steal trying to make a political statement or commit an act of terrorism |
|
Denial of Service (DoS) attacks |
prevent access to resources for legitimate users deny access crash system 2 types: ping of death and buffer overflow |
|
ping of death attack |
a DoS attack crashes a system by sending ICMP packets that are larger than the system can handle e.g. sPing |
|
buffer overflow attack |
a DoS attack attempt to put more data into buffer than it can hold usually long input strings e.g.s Code Red, Slapper, slammer |
|
Distributed Denial of Service (DDoS) |
amplifies DoS concepts by using multiple systems (usually botnets) focused on 1 target exploit DLS and cable weaknesses |
|
spoofing attacks |
attempt to masquerade as someone or something else usually an access attack e.g.s - IP Spoofing, aRP spoofing (cache poisoning), DNS spoofing (Fast flux) |
|
domain name kiting |
deleting a domain name account within the 5 day grace period and re-registering it- allowing for unpaid for accounts |
|
pharming attacks |
a form of redirection in which traffic intended for one host is sent to another accomplished by changing entries in the host file or in a DNS server think illegitimate copy cat web sites |
|
phishing |
a form of social engineering asking for info by appearing to be a legitimate request e.g. emails requesting you update your bank records |
|
spear phishing |
a form of phishing message comes from someone you know and trust instead of a 3rd party e.g. email from boss or HR |
|
vishing |
phishing over VOIP |
|
Xmas attack |
an attack that uses Nmap sets 3 flags to get around the firewall to look for open ports (FIN, PSH, and URG) |
|
man-in-the middle attacks |
a clandestine addition between the server and user that intercepts data an active attack may alter the data also known as TCP/IP hijacking |
|
replay attacks |
information is captured over a network access/modification attack |
|
smurf atatck |
spoofing the target machine ip address and broadcasting to that machine's routers so the routers think the target is sending the broadcast the result is an overload of the target system the fix is to eliminate ICMP traffic through a router |
|
password attacks |
used via password crackers types include, brute force, dictionary, hybrid, birthday, rainbow table |
|
birthday attack |
a type of password attack works on the premise if your key is hashed, given enough time another value can be created that will give the same hash value |
|
white box testing |
ethical hacking knowing something about network and systems known as full disclosure testing used as a way to guard against malicious insider threats |
|
client side attacks |
targets vulnerabilities in client applications that interact with a malicious server |
|
URL hijacking |
a.k.a. typo squatting the act of registering domains that are similiar to a known entity based on spelling or typo errors |
|
watering hole attack |
identify a site visited by the target poison the site and await the results |
|
types of application attacks |
cross site scripting and forgery (XSS) and (XSRF) SQL injection LDAP injection XML injection Directory traversal/command injection buffer overflow integer overflow zero-day exploits cookies and attachments locally shared objects (LSO) malicious add-ons session hijacking header manipulation arbitrary code and remote code execution |
|
cross site scripting (XSS) |
when a user is tricked into executing code locally |
|
cross site request forgery (XSRF) |
session riding one click attack involves unauthorized commands coming from a trusted user to the website |
|
SQL injection |
attacker manipulates the database code to take an advantage of a weakness in it e.gs escape characters not filtered correctly, type handling not properly done, conditional errors, time delays |
|
Directory Traversal |
when an attacker is able to gain access to restricted directories (such as root) through HTTP used with command injection that carries out the action can be mitigated with a vulnerability scanner |
|
cookies |
text files that a browser maintains on the user's hard disk in order to provide a persistent, customized web experience each visit. it contains info about the user |
|
evercookie |
a type of cookie that writes data to multiple locations to make it next to impossible to remove completely |
|
Locally shared object (LSO) |
a.k. flash cookies data stored on a user's computer by Adobe Flash it can represent a security/privacy threat |
|
Malicious add-ons |
java applets that run outside of the sandbox that may perform malicious operations and gain access to sensitive information |
|
authenticode |
a certificate technology that allows ActiveX components to be validated by a server |
|
session hijacking |
when a cookie is stolen and used by another entity to establish a session with a host that thinks it is still communicating with the 1st party |
|
attacks that use session hijacking |
man in the middle sidejacking |
|
ways to prevent session hijacking |
encrypt sessions have users log off sites when finished perform secondary checks on user identity |
|
header manipulation |
uses other attack methods to change values in HTTP headers and falsify access. used with XSRF attacker can change user's cookie InPrivate filtering can help this |
|
vulnerability scanner |
software application that checks your network for any security holes can be a port scanner, network enumerator,or a worm e.gs Nessus, Retina, SAINT, OpenVAS, Nmap |
|
major tasks of vulnerability scanners |
1. passively test security controls 2. interpret results 3. identify vulnerabilities 4. identify lack of security controls 5. identify common misconfigurations |
|
port scanning |
a systematic query of your network to determine which services and ports are open |
|
banner grapping |
looks at the information within the banner to find out data about the system. can be done with telnet, netcat or nmap |
|
attack surface |
the area of that application that is available to users |