Attacks, threats, and vulnerabilities

  1. Hoax is a fake security threat that can consume both time and resources to combat.

  2. Intimidation is when an attacker threatens the victim using bullying tactics or threat to get the victim to take an action.

  3. Elicitation: process of eliciting information through conversation to gather useful information. It is a SE toolkit.

  4. Sometimes Scarcity and Urgency means same thing under certain circumstances.

  5. A credentialed scan provides a tester login credentials allowing them to condust a scan with a account or accounts that allow them to access to check settings and configurations.

  7. Pretexting using fake motive and lying to obtain information.

  8. If general information is provided, it is a Partially known envoirnment.

  9. Maneuver: a threat hunter who think as a malicious user to help identify potential IoC.

  10. RAT (Remote Access Trojan) give remote access wrapped in a legitimate program.

  11. SYN Flood is a type of resource exhaustion attack.

  12. DoS targets memory leak.

  13. Application DDoS targets mobile game server. Network DDoS targets network technology, devices or protocols. Operational Technology (OT) DDoS targets SCADA, ICS (Industrial Control System), or any utiliy.

  14. Memory Leak is when the application fails to release unused memory. They can cause crashes.

  15. Time of Check is when multithreaded application does not properly handle various threads. Example: actor is able to access content before authenticating.

  16. Near Field Communication (NFC) is susceptible to an attacker eavesdropping on the signal.

  17. Access Resolution Protocol (ARP) consists corrupting MAC-to-IP mapping.

  18. DNS Poisoning attack attempts to insert incorrect ot malicious entries into trusted DNS Server.

  19. An unknown envoirnment test provides information needed to identify the target. Ex:- Domain name, website, router default gateway.

  20. SOAR does not provide automated malware analysis.

  21. Intrusion Prevention System (IPS) defends against DoS.

  22. Typo-Scatting and URL Hijacking are interchangeable terms.

  23. Access Control Vestibule is synonym of Mantrap to mitigate gender issue.

  24. On-Path is synonym of Man-in-The-Middle to mitigate gender issue.

  25. Advanced Encryption Standard (AES) is not vulnerable to Plain text or cipher text attack where one could look for secret keys, etc.

  26. Adversarial Artificial Intelligence (AI) attack: to fool ML models by providing tainted input.

  27. Pointer Dereferences cause an application to throw an exception error, which results in application crashing. Which leads to DoS, RCE, etc.

  28. Identity fraud and Identity theft commonly use Social Security number (SSN) as part of theft of identity.

  29. A watering hole attack target groups by focusing on commonly shared behaviour like visiting specific websites, nearby sandwich shop. So attacker compromises those websites therefore when the target group visits those websites (third party), target also gets compromised.

  30. Impersonation is a Social engineering technique where you claim to be someone else.

  31. Shimming is when the attacker places some malware between an application and some other file and intercepts the communication to that file (usually library or system API or DLL file).

  32. Cyber-intelligence fusion is the process of gathering, analyzing, and then distributing information between disparate agencies and organizations.

  33. Downgrade attack seek to make a Transport Layer Security (TLS) connection use a weaker cipher version.

  34. A macro virus is a malicious script (macro) embedded into a file, typically writen in Visual Basics for Application (VBA) script.

  35. Bluesnarfing involves accessing data from a Bluetooth device when it is in range.

    • Bluejacking involves sending unsolicited message to bluetooth device when they are in range.

  36. Segmentation falult will typically stop thr program from running. This type of issue is why a - NULL pointer or other pointer dereferencing error is considered a potential security issue, as a DoS condition impact.

  37. Spinning account refers to changing the password for an account, often because of compromise or to prevent a user from logging back into it while preserving the account.

  38. Pretexting is a social engineering technique where attacker use a reason that is intended to be believable to the target for what they are doing.

  39. Prepending information by inserting it to think about things the attacker wants them to.

  40. Refactoring a program by automated means can include adding additional text, comments, or nonfunctional opetations to make the program have a different signature without changing its operation.

  41. "Information Sharing and Analysis Centers (ISACs)" collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency.

  42. Piggybacking, Gaining physical unauthorized access to the data center by using another user's credentials.

  43. Hyperlink spoofing, which is also referred to as Web spoofing, is used by an attacker to persuade the Internet browser to connect to a fake server that appears as a valid session. The primary purpose of hyperlink spoofing is to gain access to confidential information, such as PIN numbers, credit card numbers, and bank details of users. This is also referred to as URL Spoofing.

  44. Tarpitting : intentionally slowing down the server conversation to mitigate spam.

  45. Request for Comments (RFC) standards are format for email. Block email which does not follow RFC standards to mitigate spam.

  46. Aggregation: the formation of a number of things into a cluster. Merging log of an organization n number of days.

  47. STIX and TAXII are tandards developed in an effort to improve the prevention and mitigation of cyber-attacks. STIX states the “what” of threat intelligence, while TAXII defines “how” that information is relayed. Unlike previous methods of sharing, STIX and TAXII are machine-readable and therefore easily automated.

  48. Tactics, Techniques, and Procedures (TTPs) is a key concept in cybersecurity and threat intelligence. The purpose is to identify patterns of behavior which can be used to defend against specific strategies and threat vectors used by malicious actors.

  49. Messaging spam, sometimes called SPIM, is a type of spam targeting users of instant messaging services (DMs).

  50. Obfuscation means to make something difficult to understand. Programming code is often obfuscated to protect intellectual property or trade secrets, and to prevent an attacker from reverse engineering a proprietary software program.

  51. Advantage of Eliptical Curve Cryptosystem over RSA-based Cryptosystem is that it can use smaller key length for the same resistance to be broken. ECC is faster.

  52. Transport Layer Security (TLS) is be

  53. Replication: to make exact copy of; at the block level or hardware level.

  54. Sender will use Public key of receiver to encrypt the data. Receiver will use its Private key to decrypt the data.

  55. US CERT Bulletin is a major threat feed used in the security world. Created and maintained by CISA, they use weekly bulletins to provide summaries of new

  56. A debugging or maintenance hook is software code that is intentionally embedded in the software during its development process to allow the developer to bypass the regular access and authentication mechanisms. These hooks can pose a threat to the security of the software and can be exploited if any maintenance hook is not removed before the software goes into production and an intruder is able to find the maintenance hook.

  57. Packet sniffers monitor the data passing through the network by using promiscuous mode. In a normal networking environment, the data travels in clear text, making it easier for anyone to discover confidential information by using packet sniffers. Promiscuous mode provides a statistical picture of the network activity. Promiscuous mode is a special mode in which a network adapter card captures and analyzes all frames, including those that are not addressed to that network adapter.

  58. A Web server stores persistent settings on a Web client in a text file called a cookie. In the case of cookie poisoning, a cookie is changed to modify persistent data on; the user that is associated with the cookie.

  59. A multipart virus can infect both executable files and boot sectors of hard disk drives. The multipart virus resides in the memory and then infects boot sectors and executable files of the computer system.

  60. A Request for Comments (RFC) is a numbered document, which includes appraisals, descriptions, and definitions of online protocols, concepts, methods, and programs.

  61. Automated Indicator Sharing (AIS) is a feed of threat indicators and defensive measures provided to the public by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Users can access it directly through CISA or indirectly through a third-party service.

  62. A smurf attack is a combination of Internet Protocol (IP) spoofing and the saturation of a network with Internet Control Message Protocol (ICMP) messages. To initiate a smurf attack, a hacker sends ICMP messages from a computer outside a network with a spoofed IP address of a computer inside the network. The ICMP message is broadcast on the network, and the hosts on the network attempt to reply to the spurious ICMP message. A smurf attack causes a denial of service (DoS) on a network because computers are busy responding to the ICMP messages. The IP spoofing part of a smurf attack can be countered by configuring a router to ensure that messages with IP addresses inside the network originate on the private network side of the router.

  63. A well-written program is the best method to prevent buffer overflow errors. Buffer overflow occurs when the length of the input data is longer than the length processor buffers can handle. Buffer overflow is caused when input data is not verified for appropriate length at the time of input. Buffer overflow and boundary condition errors are examples of input validation errors.

  64. The scenario of being redirected to a malicious website from a legitimate one is a man-in-the-browser attack. The man (or malware) in the browser redirects the user to a fake site rather than the intended site.

  65. Hyperjacking involves installing a rogue hypervisor that can take complete control of a server or workstation. Since cloud technologies heavily utilize virtual machines, hyperjacking is a major concern for cloud providers.

  66. Warchalking refers to drawing symbols in public spaces to denote an open Wi-Fi wireless network in a public space.

  67. Initialization Vector (IV): Used to randomize encryption scheme. More random → better.

  68. DHCP starvation: Attacker floods a network with IP requests. MAC address changes every time. DHCP eventually runs out of addresses.

  69. User and Entity Behavior Analytics (UEBA): Detect Insider threat. Catches what SEIM and DPL system might miss.

  70. A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or "morph," making it difficult to detect with antimalware programs.

PreviousContextNextArchitecture and Design

Last updated