Shared Flashcard Set

Details

CompTIA Sec+ 1.2
Comparing and Contrasting Attack Types
57
Computer Science
Professional
11/01/2018

Additional Computer Science Flashcards

 


 

Cards

Term
Social Engineer
Definition
Someone who is a master of asking seemingly non-invasive or unimportant questions to gather information over time.
Term
Social Engineering Attacks
Definition
-Phishing
-Spear Phishing (Targeted attack)
-Whaling (Targets high profile execs)
Term
Vishing
Definition
Voice phishing. Over the phone, email. Poses as repairman, security, or someone of trust
Term
Tailgating
Definition
Following someone into a gated badged access area.
Term
Impersonation or Replay Attack
Definition
Capture packets using sniffer potential to be re transmitted.
Term
Dumpster Diving
Definition
Removing trash with sensitive information
Term
Shoulder Surfing
Definition
Someone logs in
-Attacker watches keystrokes
-Or strike up a conversation about kids
-talk about sports see some pics
-Try those as passwords
Term
Mitigation Shoulder Surfing
Definition
Privacy Screen, Masked Passwords, Technical Controls cameras and keycards
Term
Hoaxes
Definition
-Social engineering technique
-Using the phone or voicemail to trick the target into providing sensitive information.
-Impersonates irate customer, or employee
Term
Mitigation for Hoaxes
Definition
SPAM filters, Heuristics for pattern recognition, Firewalls / Deep Packet Inspection, User Training
Term
Watering Hole Attack
Definition
Attackers plant malware on web sites that users in a company or whales like to visit that are less secure. Like golfing sites, or basketball etc. They plant the malware there to the target's systems. Attackers use code that scan the target computers for vulnerabilities and then download code to attack those vulnerabilities.
Term
Six Principles (Reasons for effectiveness)
Definition
Authority, Intimidation, Consensus/Social Proof, Familiarity/Liking, Trust, Scarcity/Urgency
Term
Authority
Definition
Bad Actor appears to know or has special knowledge of the company

Poses as Position of Authority using
- Technical Jargon
- Name Dropping
- Knowledge of Specific Systems / applications
Term
Social Engineering - Intimidation
Definition
Bad Actor poses as position of authority and tries to impose will using
- Threaten Negative Action
- Threaten to Release Sensitive Info
- Combine with Scarcity/Urgency
Term
Social Engineering - Consensus
Definition
People act when they believe they are in alignment with a larger group. Mob Mentality, packed parking lot, loaded tip jar, positive product reviews
Term
Social Engineering - Familiarity / Like
Definition
People like what is familiar to them, like people they perceive are like them. Attacker establishes a common contact or friend to gain trust.
Term
Trust
Definition
Tactics used as shortcuts to gain trust; people will act when they trust the person.
Term
Scarcity / Urgency
Definition
Act quickly or risk losing out. Sale ends in 30 minutes.
Term
SQL Injection
Definition
Modifying the SQL query that's passed to web application, SQL Server.

Adding code into a data stream:
- Bypass logon
- Website return usernames, passwords
- App throws error and causes crash
Term
Buffer Overflow
Definition
Leads to remote code execution by exceeding memory set aside for application and executing malicious code
Term
LDAP Injection
Definition
Like SQL Injection, queries LDAP to return user accounts, lovel of access, group membership info.
Term
XML Injection
Definition
Used to inject markup language statement to alter a path to a file and disclose information.
Term
XSS Cross Site Scripting
Definition
User clicks link in email requesting page from a server that sends malicious script. Script executes on browser goes to legitimate site and makes additional requests without the user being aware.
Term
Cross Site Request Forgery - XSRF, or CSRF (SeeSurf) aka One Click attack
Definition
-Hijacking session attack
-Non Persistent: emails, blog posts, etc
-Persistent: server based
-Victim has recently visited a site and has a valid cookie (not expired)
-Targeted attack.
-Obtains Valid session ID from Cookie.
Term
XSS and XSRF Distinction
Definition
-Cross Site, the BROWSER runs the code because it was served from a SITE IT TRUSTS.

-Request forgery, the SERVER performs an action because it received a request from a CLIENT IT TRUSTS.
Term
Privilege Escalation
Definition
Obtaining elevated privs on the target
-Dump SAM
-Get /etc/passwd file
-DLL pre-loading
-Insecure or weak security on processes
Term
ARP Poisoning
Definition
Putting incorrect ARP information into the victims arp cache. Allows the following

-Man IN the Middle
-Malicious Web Server
-Session Hijacking
Term
Smurf Attack
Definition
Victim's IP address is spoofed and ICMP messages are broadcast to a computer network. Every host responds to ping.
Term
Zero Day
Definition
Vulnerabilities that are discovered and exploited before the developer has a chance to issue a patch or fix
Term
DNS Poisoning
Definition
Adding false record to a server to send systems to malicious web site.
Term
Pass the Hash
Definition
Harvesting encrypted password values to authenticate to other servers. THey are captured with a packet analyzer and used with username to login.
Term
Clickjacking
Definition
Tricks a user into performing undesired action by clicking a concealed link. Loads another invisible page on top of the websites page. User may enter credentials or other information.
Term
Session Hijacking
Definition
Items used to validate a users's session are compromised and reused.
-Man in the middle
-Sidejacking
Term
Sidejacking
Definition
When the initial login is encrypted but the reset of the session is not. Can be captured using packet sniffer.
Term
Typo Squatting
Definition
Setting up domain names that are typos of legitimate sites like Facbook instead of Facebook or Goggle instead of Google.
Term
Ad portals
Definition
Use misspelled Web site URL's to set up ads that have similar items for sale.
Term
Shimming
Definition
-Using custom databases to install code.
-Designed to mimic MS Windows App Compatibility databases.
Term
Refactoring - Purpose
Definition
Fix bugs, patch code, tighten security, without adversely affecting the underlying functionality.
Term
IV Attack
Definition
WEP with only 24 bit IV. Sniffed and able to be recognized.
Term
WPS attack
Definition
PIN has 7 unknown digits. Cracked in 3-5 hours. Tools like Reaver.
Term
Reaver and Bully
Definition
Linux Pen Test tools installed on Kali
Term
Bluejacking
Definition
Sending of unauthorized messages or data to a victim's device via Bluetooth technology. Typically sending a vCard which contains a message in the name field to another Bluetooth enabled device via the OBEX ObjectExchange protocol
Term
Bluesnarfing
Definition
Must be discoverable. Pull data from a bluetooth device usually a phone. Contact lists, pictures, messages, PII
Term
NFC Attack
Definition
Uses two way RFID type tech NFC. Can be used to pay when 3-4 inches away. Can also allow attacker to steal data.
Term
RFID tags
Definition
Two types of systems Active Reader Passive Tag 3 ft range, and Active Reader Active Tag 100 meters range.
Term
Deauthentication Attack
Definition
Using a given mac address disassociate from WAP. Can use Aircrack-Ng
Term
Birthday
Definition
Birthday attack uses. Just running through every possible birthday as a password. The odds that a password hash will match a different password are pretty good.
Term
Dumpster Diving
Definition
Removing trash from dumpsters that could reveal sensitive information such as:

-Usernames and Passwords
-PII
-Company documents
-Resumes
Term
Dumpster Diving Mitigation
Definition
-Shredder
-Crosscut Shredder
Term
Rainbow Tables
Definition
Precomputed table of password hashes. Reduces time to brute-force a password.
-Requires more storage
-Requires table ofr each type of hash such as MD5, SHA1, etc
Term
Collision Attack
Definition
Attack that tries to find two hash inputs that have the same output.
-Can be used to bypass security and enable a malicious file to appear legit if the hash values are the same
Term
Collision Attack Example
Definition
Legitimate File = Hash Value
Malicious File = Hash Value

When hash values match, the file appears legitimate and can bypass virus scanners
Term
Downgrade Attack
Definition
An attack that forces a system to negotiate down to a lower-quality method of communication. Allowed in situations to support legacy systems.
Term
Known Plain Text / Cipher text
Definition
When both the plain text and cipher text versions are known, a mathematical relationship between the two can be determined. WPA and WEP are vulnerable to this attack but WPA-2 using AES is not.
Term
Weak Encryption Methods
Definition
Do Not USE Weak algorithms such as MD5 and SHA1

Use NIST approved algorithms like AES or TDEA (Triple Data Encryption Algorithm)

https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet

NIST Special Publication 800-57 Part 1
Revision 4: Recommendation for Key Management
Part 1: General 4.2.2 Symmetric-Key Algorithms used for Encryption and Decryption
The approved algorithms for encryption/decryption are symmetric key algorithms: AES and TDEA.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf
Term
AES and TDEA
Definition
Nist Approved Block Ciphers
Term
TDEA
Definition
Triple Data Encryption Algorithm
Supporting users have an ad free experience!