Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
104 Cards in this Set
- Front
- Back
What is Payload? |
Is a malware component that performs malicious actions like searching the HDD for tax returns, credit card statements, compromising login credentials, encrypting Data making it unavailable then ask for ransom. |
|
Virus |
Is a type of malware that spreads from system to system by user actions like opening email attachments, inserting infected usb drive into a system, clicking links of infected website |
|
Worm |
Is a type of malware that spread from system to system on its own |
|
What is Propagation Mechanism? |
Is a malware component were-by malware spreads from one system to another |
|
Trojan horse |
Is a type of malware that disguises is self a beneficial program |
|
Adware |
Is a payload type of malware for a specify purpose of displaying advertisements |
|
Spyware |
Is a payload type of malware that gathers information then sends it back to the malware author or even capture login credentials |
|
Ransomware |
Is a payload type of malware that blocks access encrypting files with a secret key then selling the key for ransom |
|
Crypto malware |
Is a payload type of malware that hopes to mine crypto currencies |
|
Preventing Malware Attacks |
*installing and keeping antivirus software current on your systems *Applying security patches promptly *Educating end users about the dangers of malware |
|
Backdoor |
A programmer grants access for future use incidences like customers being locked out of their system |
|
Logic Bomb |
Set to execute a payload when certain conditions are met like date and time reached, modifications of contents of a file with trigger information and API (Application Programming Interface) call results |
|
Rootkit |
Type of advanced malware designed to escalate user privileges |
|
User mode |
Is a rootkit mode run with normal user privileges easy to write hard to detect |
|
Kernel mode |
Is a rootkit mode that runs with very advanced privileges hard to write easy to detect |
|
Fileless |
Is a type of advanced malware that remains in the memory and operates in there *it writes a copy of its self in the registry were it can instruct windows to load them back in memory after rebooting |
|
Botnets |
It’s a type of advanced malware made of a collection of zombie computers used for malicious delivery purposes |
|
Malicious scripts execution |
Is a type of advanced malware were attackers may write scripts to perform malicious tasks or other malicious things |
|
Shell scripts |
run at the command line and integrate with the operating system |
|
Application Scripts |
Run with a software application and integrates with that application |
|
Programming Languages |
Allow the creation of general purpose code. |
|
Bash |
Is a scripting language used on Linux and Mac systems. |
|
PowerShell |
provides scripting capabilities for windows systems |
|
Visual Basic For Applications (VBA) |
is a macro scripting language used with Microsoft office |
|
Python |
is a powerful general purpose programming language used to write code for any task |
|
Script kiddies |
Type of attacker that are unskilled and reuse hacking tools developed by others *Easily defeated with basic security controls like regular patching, endpoint security software, firewalls, and intrusion prevention systems |
|
Hacktivists |
Type of attacker that Seek to use of hacking tools to advance political and social agenda |
|
Criminal syndicates |
Kind of attack using hacking tools such as Ransomware for financial gain |
|
Corporate Espionage |
An attacker uses hacking tools and techniques against competitors |
|
Nation state actors |
These sponsor attackers Advanced Persistent Threat (APT) groups like military units that employ extremely advanced tools and that are difficult to detect |
|
White Hats |
Type of hackers that work with full permission of the target to find security flaws that can then be fixed |
|
Black Hats |
Type of hackers that work without permission of the target with the intent of malicious purposes |
|
Gray Hats |
Type of hackers without permission but for good reason to help improve security |
|
Differentiating Attackers |
*Internal vs External attackers *Level of sophistication *Access to resources *Motivation *Intent |
|
Insider Threats |
Risk of internal compromise by trusted individuals with the intent to steal money or information or cause damage to the company |
|
HR practices control insider Threats |
* Perform background checks to uncover past legal issues * Give users only the permission they need *Require multiple users to carry out sensitive operations *Implement mandatory vacations for important staff |
|
Shadow IT |
Is the technology brought into the company by individual employees without the approval of technical leaders this can expose your data to an expected level of risk |
|
Attack Vectors |
Are paths attackers use to gain initial access. |
|
Attack Vectors Examples |
*Attackers send phishing messages and malicious content via email leading to ransomware *Social media can be used as part of an influence campaign designed to social engineer *Flash drives and other removable media embedded chip in usb cable may contain malware that triggers when inserted into a new device *Card skimmers read magnetic stripes which may then be used in card cloning attacks *Attackers with direct Acces to systems and networks can easily compromise them *Tampering with devices in the supply chain allows attackers to insert Backdoors. *Wireless networks allow attackers to remotely attack an organization’s network |
|
Ethical Disclosure |
*Notify the vendor of the vulnerability *Provide the vendor a reasonable amount of time to create a patch *Disclose the vulnerability publicly |
|
Zero-Day Vulnerability |
A vulnerability in a product that has been discovered by at least one researcher but has not yet been patched by the vendor |
|
Window of Vulnerability |
The time between the discovery of a zero day vulnerability and the release of a security update |
|
Advanced Persistent Threats (APT) characteristics |
* Are well funded and highly skilled * Are typically government sponsored *Have access to zero days and other sophisticated weapons *Work methodically to gain access to a target |
|
Defending against APTs |
*Build a strong security foundation *Implement strong encryption *Use rigorous monitoring |
|
Threat Intelligence |
set of activities that an organization undertakes to educate itself about changes in the cybersecurity threat landscape, and adapt security controls based upon that information |
|
Open source intelligence sources |
* security websites * Vulnerability database *News media *social media *Dark web *information sharing centers *File repositories *Code repositories *Security researcher |
|
Evaluation of Threat intelligence source |
*Timeliness How promptly is threat intelligence delivered *Accuracy Is the data correct? *Reliability Is the provider consistent |
|
Threat indicators |
Properties that describe a threat like IP addresses, malicious file signatures, communication patterns, or other identifiers that security analysts uses to identify a threat actor |
|
Automated Tools used for Threat information sharing and description |
* Cyber Observable eXpression(CybOX) -Helps understand what properties we can use to describe intrusion attempts, malicious software, and other observable security events *Structured Threat Information eXpression(STIX) -Takes properties of the CybOX framework and gives us a language that we can use to describe those properties in a structured manner *Trusted Automated eXchange of Indicator Information(TAXII) -provides a technical framework for exchanging messages that are written in the STIX language *OpenIOC |
|
What is the purpose of TAXII,STIX, and CybOX? |
Facilitate information sharing. |
|
What business functions benefit from threat intelligence information within an organization |
*Incident response team *Vulnerability management team *Risk management team *Security engineering team *Detection and monitoring team |
|
What is the purpose of ISACs(Information Sharing and Analysis Centers) |
Brings together cybersecurity teams from competing organizations to help share industry specific security information in a confidential manner |
|
Threat research |
Is the process of using threat intelligence to get inside the heads of our adversaries |
|
Threat research |
Is the process of using threat intelligence to get inside the heads of our adversaries |
|
What is reputation threat research? |
*Is a type of threat technique seeks to identify actors who are known to have engaged in malicious activity in the past *This can be know by an IP address, email address, or domain previously used in attacks |
|
What is behavioral threat research? |
Seeks to identify people and systems who are behaving in ways attackers have behaved in the past |
|
What are examples of threat research sources? |
*Vendor websites *Vulnerability feeds *Cybersecurity conferences *Academic journals * RFC documents * Local industry groups * Social media *Threat feeds *Adversary tactics, techniques, and procedures(TTP) |
|
structured approach to threat management |
*Asset focus Use the asset inventory as the basis for the analysis *Threat Focus Identify how specific threats may affect each information system *Service Focus Identify the impact of various threats on a specific service |
|
What is threat hunting |
Threat hunting is an organized, systematic approach seeking out indicators of compromise on our networks using expertise and analytical techniques. |
|
List indicators of a compromise |
*Unusual binary files *Unexpected processes or resource consumption *Deviations in network traffic *Unexplained log entries *Unapproved configurations changes |
|
What is Social Engineering? |
Manipulating people into divulging information or performing an action that undermines security |
|
Reasons why social engineering succeed |
*Authority and trust -People defer to authority and well dressed people *Intimidation -Scaring people that something bad will happen to the organization if they don’t comply * Consensus/Social Proof -The herd mentality I.e copying other people’s behavior *Scarcity -Getting the last one I.e tricking someone into allowing them to installing hardware in an office making them believe it’s the last one *Urgency -Time is running out like they have other appointments to attend to *Familiarity/Liking -We say yes to people we like.I.e flattery, false compliments to get on the good side to influence their activities |
|
Phishing |
A type of impersonation attack were thousands of e-mails with an infected link are sent to recipients once clicked on and entering login credentials it sent back to the hacker who then gets control of the account |
|
What are Prepending Attacks? |
Attackers add tags such as safe making it appear that the email was screened by phishing mechanisms |
|
Spear phishing |
Type of impersonation attack that targets a small business with names of business leaders added to the phishing email like invoices hoping that they will be paid |
|
Whaling |
Type of impersonation attack that targets executives like fake court documents saying the organization is sued prompting them to click a link |
|
Pharming Attacks |
Users being redirected to fake websites that look similar to the real one for the purpose of capturing login credentials |
|
Vishing |
Type of impersonation attack by a phone call were people are tricked into revealing sensitive information or visit a site to install a file to improve security |
|
Smishing and SPIM |
Type of impersonation attack of using instant messaging services to send spam and phishing messages |
|
Spoofing |
Type of impersonation attack of faking an identity with the help of software to send emails under a fake name |
|
What is pretexting attack? |
Impersonating a consumer I.e contacts a third party company trying to gain access as the owner |
|
What is Keylogger? |
are programs used by attackers to capture a user's keystrokes. |
|
How are Website great for watering holes to spread malware effectively? |
*Users trust websites they visit, to some extent. *Browsers and addons often have vulnerabilities *Users are conditioned to click Ok on security warnings |
|
Steps how a watering hole attack works |
*Identify and compromise a highly targeted website *Choose a client to exploit and bundle in a botnet *Place the malware on the compromised website *Sit back and wait for infected systems to phone home |
|
What are examples of Physical Social engineering? |
*Shoulder Surfing Watching someone’s screen by looking over their shoulder while they do something sensitive on there computer.Beware of your surroundings, and use privacy filters *Dumpster diving Digging through the trash looking for documents that contain sensitive information.Shred documents |
|
What are examples of Physical Social engineering? |
*Shoulder Surfing Watching someone’s screen by looking over their shoulder while they do something sensitive on there computer.Beware of your surroundings, and use privacy filters *Dumpster diving Digging through the trash looking for documents that contain sensitive information.Shred documents |
|
What are examples of Physical Social engineering? |
*Shoulder Surfing Watching someone’s screen by looking over their shoulder while they do something sensitive on there computer.Beware of your surroundings, and use privacy filters *Dumpster diving Digging through the trash looking for documents that contain sensitive information.Shred documents *Tailgating Slipping in behind someone |
|
What are examples of Physical Social engineering? |
*Shoulder Surfing Watching someone’s screen by looking over their shoulder while they do something sensitive on there computer.Beware of your surroundings, and use privacy filters *Dumpster diving Digging through the trash looking for documents that contain sensitive information.Shred documents *Tailgating Slipping in behind someone. Remind people about anti tailgating procedures. |
|
What are Watering hole attacks limitations? |
*Attackers can’t just build their own sites -due to nobody is going to visit there sites -Content filtering can block known malware sites |
|
What is a hash function? |
A mathematical function that converts a variable length input into a fixed length output in a collision resistant manner |
|
What is the Hash Function Criteria? |
*It must produce a completely different output for each input * it must be computationally difficult to retrieve the input from the output *It must be computationally difficult to find two different inputs that generate the same output |
|
Examples of password attacks |
*Brute force attacks -Trying all possibilities *Dictionary attacks -Trying English words first *Hybrid attacks -Add variations to tries like replacing letters with numbers *Rainbow table attack -Precomputes hashes *Password spraying attack -Exploits commonly used passwords these can be listed on GitHub. *Credential stuffing -Exploits reused passwords -Avoid reusing passwords |
|
The birthday problem(collision) |
Collision becomes common with larger samples |
|
Avoiding password attacks |
*Password algorithms should use strong hashing and the files are safe guarded *Passwords should be only one component of a multi factor authentication system * Incorporate lists of commonly used passwords into access control systems and preventing users from selecting a password on the list *Avoid reusing passwords *Use password manager to generate and maintain unique passwords for each site visited *Multi factor authentication stops password spraying and credential stuffing attacks |
|
What is machine learning? |
Discovers knowledge in data |
|
What is machine learning? |
Discovers knowledge in data |
|
What is Artificial Intelligence? |
A collection of techniques including machine learning that are designed to mimic the human thought processes in computers to some extent |
|
What is Descriptive analytics? |
Is a type of machine learning that seek to describe our data |
|
What is predictive analytics? |
A type of machine learning that seek to predict future events and behavior |
|
What is prescriptive analytics? |
A type of machine learning that use simulations to optimize our behavior |
|
Ways Adversarial AI (exploit AI techniques) occurs |
*Breach confidentiality of machine learning algorithms *Inject tainted data into training processes *Fool deployed algorithms |
|
What do Vulnerabilities impact in cybersecurity? |
The confidentiality, Integrity, and availability (CIA 3 legged stool) |
|
What is the purpose of Confidentiality? |
*Protects information and systems from unauthorized access -Disclosure attacks seek to undermine confidentiality -Data breaches are violations of confidentiality -Data exfiltration the act of removing sensitive information from an organization systems and networks |
|
What is the purpose of Integrity? |
*Protects information and systems from unauthorized modifications *alteration attacks seek to undermine integrity |
|
What is the purpose of availability? |
*Ensures that information and systems are available for authorized users when needed -Denial of service (DOS) attacks seek to undermine availability |
|
What are the impacts of a security incident? |
*Finacial risk involves monetary loss to the organization I.e -cost of restoring damaged equipment and data. -conducting an incident response investigation -Notifying individuals that their data was stolen and now vulnerable to identity theft *Reputational risk impacts how stakeholders view our organization |
|
What are the impacts of a security incident? |
*Finacial risk involves monetary loss to the organization I.e -cost of restoring damaged equipment and data. -conducting an incident response investigation -Notifying individuals that their data was stolen and now vulnerable to identity theft *Reputational risk impacts how stakeholders view our organization *Strategic risk jeopardizes our ability to meet our major |
|
What are the impacts of a security incident? |
*Finacial risk involves monetary loss to the organization I.e -cost of restoring damaged equipment and data. -conducting an incident response investigation -Notifying individuals that their data was stolen and now vulnerable to identity theft *Reputational risk impacts how stakeholders view our organization *Strategic risk jeopardizes our ability to meet our major goals and objectives *Operational risks affects our ability to carry out day to day activities *Compliance risk involves potential violations of laws or regulations like HIPAA |
|
What are the stages in supply chain vulnerabilities? |
*End of sale Product will no longer be offered for purchase but will support existing customers *End of support The vendor will reduce or eliminate support for existing users of the product *End of life The vendor will no longer provide any support or updates for the product |
|
What are the risks of configuration vulnerabilities? |
*Default configurations may contain misconfigured firewalls with open ports and services, unnecessarily open permissions, guest accounts, default passwords, or unsecured root accounts. - Follow security standards and baselines when installing, configuring systems and applications. |
|
What occurs in Cryptographic Vulnerabilities? |
*weak cipher suites *Weak cryptographic protocols implementations may be subject to eavesdropping and tampering *Poor key management *Poor certificate management |
|
Patch management |
*Operating systems *Applications *Firmware |
|
What causes Architectural vulnerabilities? |
*Improper design in a complex system *Untrained users and weak business processes *system sprawl new devices are connected to a network but old devices (Assets) are not properly disconnected leading to security vulnerabilities especially if they are undocumented -Incorporate security early -Avoid bolt on security requirements |
|
What is IT Architecture? |
The processes and practices used to design systems |