Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
42 Cards in this Set
- Front
- Back
|
Phishing |
The fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to a reveal personal information |
|
|
Smishing |
A social engineering attack that uses fake mobile text messages to trip people into downloading malware |
|
|
Vishing (voice phishing) |
A type of cyber attack that uses voice and telephone technologies to trick targeted individuals into revealing sensitive data to an authorized entities |
|
|
Spam |
Unsolicited unsolicited and unwanted junk email sent out in bulk to an indiscriminate recipient list |
|
|
SPIM (spam over internet messaging) |
A kind of spam that targets those who utilize s m s comma private conversations comma or instant messaging services |
|
|
Spear phishing |
A specific or targeted attack on one or more select number of victims |
|
|
Prepending |
Attacker attaches trustworthy values to make a message appear more trustworthy |
|
|
Trojan |
Malware that misleads the user of its true intent by disguising itself as a standard program |
|
|
Worms |
A maliciois program that replicates itself across a network |
|
|
Fileless virus |
Uses legitimate program to infect a computer and leaves no footprint |
|
|
Command and control |
Methods that cyber criminals use to communicate with compromised devices within a target company's network |
|
|
Crypto malware |
Soaks up all of the resources from a victims computer to mine cryptocurrency |
|
|
Spraying attack |
Brute force where hacker "sprays" an authentication server with combinations of username and passwords |
|
|
Dictionary attack |
Brute force attack using list of known wordsb and commonly used passwords |
|
|
Bruteforce attack online/offline |
Online: where the attacker performs the attack by directly interacting with the applicationOffline: attacker can attack the data directly, such as in an extracted database, using their own equipment Online: where the attacker performs the attack by directly interacting with the applicationOffline: attacker can attack the data directly, such as in an extracted database, using their own equipment |
|
|
Rainbow table attack |
Brute forcing using a table of hashes |
|
|
Malicious USB cable |
Data exfiltration, GPS tracking, and audio eavesdropping |
|
|
Tainted training for machine learning (ML) |
Attacker intentionally provides incorrect or biased data to the machine learning model during the training phase |
|
|
Security of machine learning algorithms |
Data encryption, model validation, secure communication protocols, staff training, and third party risk management |
|
|
Supply chain attack |
Targets a trusted third party vendor who offers services or software vital to the supply chain |
|
|
Birthday attack |
Success of this attack that largely depends upon the huge likelihood of collisions foundv between random attack attempts and a fixed degree of permutations |
|
|
Collision attack |
Attacker generates two or more different messages that produce the same hash value |
|
|
DLL injection attack |
Technique used for running code with the address space of another process by forcing it to load a DLL. Often used by external programs to influence the behavior of another program |
|
|
LDAP attack |
Attack used to exploit web based applications that construct ldap statements based on user input |
|
|
Pointer/object dereference |
Accessing the value stores at the memory address pointed to by that pointer |
|
|
Directory traversal |
aims to access files and directories that are stored outside the web root folder |
|
|
Race condition |
When a computer program has multiple code paths that are executing at the same time |
|
|
Inproper input handling |
Improper user input valdiation allowing attackers to inject malicious code or perform unauthorized actions |
|
|
Replay attack |
A type of network attack in which an attacker captures a valid network transmission and then retransmit it later. Trick the system into accepting the retransmission of the data as a legitimate |
|
|
API attacks |
Attackers exploit vulnerabilities in API endpoints to gain unautorized access, compromise data, disrupt services, perform other malicious activities |
|
|
Memory leak |
When memory is allocated but not properly deallocated, causing memory to be leaked over time and leading to resource exhaustion |
|
|
SSL stripping |
Hackers downgrade a web connection |
|
|
Shimming attack (API HOOKING) |
Bad actor introduces a small piece of code into system to modify data or potentially execute malicious activities |
|
|
Refactoring |
Altering the internal structure of the code without changing its behavior |
|
|
Bluesnarfing |
Accessing data through an unauthorized wireless connection. Mobile phone, tablet, smartwatchq |
|
|
OSINT (open source intelligence) |
Method of gathering information from public or other own sources, which can be used by security expects, national intelligence agencies, or cybercriminal |
|
|
STIX (structured threat information exchange |
Programming language for conveying data about cybersecurity threats in a way that can be easily understood by both humans and security technologies |
|
|
TAXII (Trusted automated exchange of indicator information) |
Protocol used to exchange cyber intelligence over HTTPS |
|
|
Intelligence fusion |
A fusion center is a collaborative effort of two or more agencies that provide resources, expertise and information to the center with the goal of maximizing their ability to detect, prevent, investigate, and respond to criminal and terrorist activity. |
|
|
Security orchestration, automation, response (SOAR) |
stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance |
|
|
White team hacking |
Overseers of red vs blue exercises |
|
|
Pruple team hacking |
Brings red and blue team to test and improve organization security posture |
