Shared Flashcard Set

Details

CEH Certified Ethical Hacker 312-50:Exam Tips
CEH Certified Ethical Hacker 312-50:Exam Tips
32
Computer Science
Professional
02/04/2014

Additional Computer Science Flashcards

 


 

Cards

Term
Escalation of privileges is between
Definition
Gaining Access and Maintaining Access
Term
Hacker
Definition
Use a specialized set of tools, techniques, knowledge, and skills to bypass computer security measures.
Term
This is sent with digital cert
Definition
Public (key is located where).
Term
COllision attack (definition)
Definition
The unlikely possibility that two different values will be computed to the same hash.
Term
Footprinting (def)
Definition
Process of gathering information on computers/networks. High level blueprint from public information.
Term
Email header
Definition
contains useful information
Term
An email process used to assist in determining an attack vector
Definition
Send email and watch what comes back
Term
Make use of the Korek implementation for WEP cracking (2)
Definition
Cain and Aircrack
Term
Aircrack is *much faster* than what at WEP cracking
Definition
Cain
Term
Cain is *much slower* than what at WEP cracking
Definition
Aircrack
Term
"mis-association" attacks" AKA (2)
Definition
Rogue APs are also known as evil twins
Term
AV will not detect what
Definition
hardware keyloggers.
Term
Keyloggers are what category
Definition
Malware
Term
Phlashing(def)
Definition
DoS attack that causes permanent damage to a system / bricking a system.
Term
Software keylogger (stealth ability level)
Definition
Easy to spot with antivirus and other scanning options
Term
Hardware keylogger
Definition
Almost impossible to detect.
Term
dot-dot-slash attack (AKA)
Definition
Directory traversal; a variant of the "Unicode" / unvalidated input attack.
Term
Convert to Unicode for what
Definition
Standard obfuscation method.
Term
Unvalidated Input Attack (def)
Definition
Server has not been configured to accept only specific input during an HTTP GET, so an attacker can craft the request to ask for command prompts, to try administrative access passwords.
Term
Windows system password locations (2)
Definition
c:\windows\system32\config\SAM, c:\windows\repair\SAM).
Term
Linux password location
Definition
/etc/shadow
Term
HTTP tunneling (def)
Definition
Use port 80 packets to deliver payload because port 80 is usually open.
Term
Spoofing disadvantage
Definition
Data going back to a fake address cannot be seen by the attacker.
Term
Wireless security features
Definition
Encryption algorithms(WEP/WPA), and physical concerns (placement of APs and antennas used)
Term
SSIDs are no help to what
Definition
Security. do nothing for security, other than identify which network you're on.
Term
XSS (def)
Definition
Vulnerability found in web applications which enables attackers to inject client-side script into web pages viewed by other users. Result: attackers bypass access controls such as the same origin policy.
Term
XSS types (2)
Definition
Reflected/non-persistent and stored/persistent.
Term
Reflected/non-persisent
Definition
XSS type where the victim executes malicious code passed via email or a neutral site, against legitimate site.
Term
Stored/persistent
Definition
XSS type where the actual web page contains malicious code, such as in a forum post.
Term
Risk assessment
Definition
The process of evaluating assets to ascertain the amount of vulnerability they represent to the company.
Term
Risk mitigation types
Definition
Accept, mitigate, transfer, or avoid.
Term
Trapdoor
Definition
Secret entry point into a program, written into the program by the legitimate application developer. They typically bypass authentication, so if found, are dangerous.
Supporting users have an ad free experience!