Term
|
Definition
| Someone who is a master of asking seemingly non-invasive or unimportant questions to gather information over time. |
|
|
Term
| Social Engineering Attacks |
|
Definition
-Phishing
-Spear Phishing (Targeted attack)
-Whaling (Targets high profile execs) |
|
|
Term
|
Definition
| Voice phishing. Over the phone, email. Poses as repairman, security, or someone of trust |
|
|
Term
|
Definition
| Following someone into a gated badged access area. |
|
|
Term
| Impersonation or Replay Attack |
|
Definition
| Capture packets using sniffer potential to be re transmitted. |
|
|
Term
|
Definition
| Removing trash with sensitive information |
|
|
Term
|
Definition
Someone logs in
-Attacker watches keystrokes
-Or strike up a conversation about kids
-talk about sports see some pics
-Try those as passwords |
|
|
Term
| Mitigation Shoulder Surfing |
|
Definition
| Privacy Screen, Masked Passwords, Technical Controls cameras and keycards |
|
|
Term
|
Definition
-Social engineering technique
-Using the phone or voicemail to trick the target into providing sensitive information.
-Impersonates irate customer, or employee |
|
|
Term
|
Definition
| SPAM filters, Heuristics for pattern recognition, Firewalls / Deep Packet Inspection, User Training |
|
|
Term
|
Definition
| Attackers plant malware on web sites that users in a company or whales like to visit that are less secure. Like golfing sites, or basketball etc. They plant the malware there to the target's systems. Attackers use code that scan the target computers for vulnerabilities and then download code to attack those vulnerabilities. |
|
|
Term
| Six Principles (Reasons for effectiveness) |
|
Definition
| Authority, Intimidation, Consensus/Social Proof, Familiarity/Liking, Trust, Scarcity/Urgency |
|
|
Term
|
Definition
Bad Actor appears to know or has special knowledge of the company
Poses as Position of Authority using
- Technical Jargon
- Name Dropping
- Knowledge of Specific Systems / applications |
|
|
Term
| Social Engineering - Intimidation |
|
Definition
Bad Actor poses as position of authority and tries to impose will using
- Threaten Negative Action
- Threaten to Release Sensitive Info
- Combine with Scarcity/Urgency |
|
|
Term
| Social Engineering - Consensus |
|
Definition
| People act when they believe they are in alignment with a larger group. Mob Mentality, packed parking lot, loaded tip jar, positive product reviews |
|
|
Term
| Social Engineering - Familiarity / Like |
|
Definition
| People like what is familiar to them, like people they perceive are like them. Attacker establishes a common contact or friend to gain trust. |
|
|
Term
|
Definition
| Tactics used as shortcuts to gain trust; people will act when they trust the person. |
|
|
Term
|
Definition
| Act quickly or risk losing out. Sale ends in 30 minutes. |
|
|
Term
|
Definition
Modifying the SQL query that's passed to web application, SQL Server.
Adding code into a data stream:
- Bypass logon
- Website return usernames, passwords
- App throws error and causes crash |
|
|
Term
|
Definition
| Leads to remote code execution by exceeding memory set aside for application and executing malicious code |
|
|
Term
|
Definition
| Like SQL Injection, inserts queries to return user accounts, level of access, group membership info. |
|
|
Term
|
Definition
| Used to inject markup language statement to alter a path to a file and disclose information. |
|
|
Term
|
Definition
| User clicks link in email requesting page from a server that sends malicious script. Script executes on browser goes to legitimate site and makes additional requests without the user being aware. |
|
|
Term
| Cross Site Request Forgery - XSRF, or CSRF (SeeSurf) aka One Click attack |
|
Definition
-Hijacking session attack
-Non Persistent: emails, blog posts, etc
-Persistent: server based
-Victim has recently visited a site and has a valid cookie (not expired)
-Targeted attack.
-Obtains Valid session ID from Cookie. |
|
|
Term
|
Definition
-Cross Site, the BROWSER runs the code because it was served from a SITE IT TRUSTS.
-Request forgery, the SERVER performs an action because it received a request from a CLIENT IT TRUSTS. |
|
|
Term
|
Definition
Obtaining elevated privs on the target
-Dump SAM
-Get /etc/passwd file
-DLL pre-loading
-Insecure or weak security on processes |
|
|
Term
|
Definition
Putting incorrect ARP information into the victims arp cache. Allows the following
-Man IN the Middle
-Malicious Web Server
-Session Hijacking |
|
|
Term
|
Definition
| Victim's IP address is spoofed and ICMP messages are broadcast to a computer network. Every host responds to ping. |
|
|
Term
|
Definition
| Vulnerabilities that are discovered and exploited before the developer has a chance to issue a patch or fix |
|
|
Term
|
Definition
| Adding false record to a server to send systems to malicious web site. |
|
|
Term
|
Definition
| Harvesting encrypted password values to authenticate to other servers. THey are captured with a packet analyzer and used with username to login. |
|
|
Term
|
Definition
| Tricks a user into performing undesired action by clicking a concealed link. Loads another invisible page on top of the websites page. User may enter credentials or other information. |
|
|
Term
|
Definition
Items used to validate a users's session are compromised and reused.
-Man in the middle
-Sidejacking |
|
|
Term
|
Definition
| When the initial login is encrypted but the reset of the session is not. Can be captured using packet sniffer. |
|
|
Term
|
Definition
| Setting up domain names that are typos of legitimate sites like Facbook instead of Facebook or Goggle instead of Google. |
|
|
Term
|
Definition
| Use misspelled Web site URL's to set up ads that have similar items for sale. |
|
|
Term
|
Definition
-Using custom databases to install code.
-Designed to mimic MS Windows App Compatibility databases. |
|
|
Term
|
Definition
| Fix bugs, patch code, tighten security, without adversely affecting the underlying functionality. |
|
|
Term
|
Definition
| WEP with only 24 bit IV. Sniffed and able to be recognized. |
|
|
Term
|
Definition
| PIN has 7 unknown digits. Cracked in 3-5 hours. Tools like Reaver. |
|
|
Term
|
Definition
| Linux Pen Test tools installed on Kali |
|
|
Term
|
Definition
| Sending of unauthorized messages or data to a victim's device via Bluetooth technology. Typically sending a vCard which contains a message in the name field to another Bluetooth enabled device via the OBEX ObjectExchange protocol |
|
|
Term
|
Definition
| Must be discoverable. Pull data from a bluetooth device usually a phone. Contact lists, pictures, messages, PII |
|
|
Term
|
Definition
| Uses two way RFID type tech NFC. Can be used to pay when 3-4 inches away. Can also allow attacker to steal data. |
|
|
Term
|
Definition
| Two types of systems Active Reader Passive Tag 3 ft range, and Active Reader Active Tag 100 meters range. |
|
|
Term
|
Definition
| Using a given mac address disassociate from WAP. Can use Aircrack-Ng |
|
|
Term
|
Definition
| Birthday attack uses. Just running through every possible birthday as a password. The odds that a password hash will match a different password are pretty good. |
|
|
Term
|
Definition
Removing trash from dumpsters that could reveal sensitive information such as:
-Usernames and Passwords
-PII
-Company documents
-Resumes |
|
|
Term
| Dumpster Diving Mitigation |
|
Definition
-Shredder
-Crosscut Shredder |
|
|
Term
|
Definition
Precomputed table of password hashes. Reduces time to brute-force a password.
-Requires more storage
-Requires table ofr each type of hash such as MD5, SHA1, etc |
|
|
Term
|
Definition
Attack that tries to find two hash inputs that have the same output.
-Can be used to bypass security and enable a malicious file to appear legit if the hash values are the same |
|
|
Term
|
Definition
Legitimate File = Hash Value
Malicious File = Hash Value
When hash values match, the file appears legitimate and can bypass virus scanners |
|
|
Term
|
Definition
| An attack that forces a system to negotiate down to a lower-quality method of communication. Allowed in situations to support legacy systems. |
|
|
Term
| Known Plain Text / Cipher text |
|
Definition
| When both the plain text and cipher text versions are known, a mathematical relationship between the two can be determined. WPA and WEP are vulnerable to this attack but WPA-2 using AES is not. |
|
|
Term
|
Definition
Do Not USE Weak algorithms such as MD5 and SHA1
Use NIST approved algorithms like AES or TDEA (Triple Data Encryption Algorithm)
https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet
NIST Special Publication 800-57 Part 1
Revision 4: Recommendation for Key Management
Part 1: General 4.2.2 Symmetric-Key Algorithms used for Encryption and Decryption
The approved algorithms for encryption/decryption are symmetric key algorithms: AES and TDEA.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf |
|
|
Term
|
Definition
| Nist Approved Block Ciphers |
|
|
Term
|
Definition
| Triple Data Encryption Algorithm |
|
|
