click below
click below
Normal Size Small Size show me how
Security + CompTIA
Domain 1
Term | Definition |
---|---|
NTPsec | This is the secure network time protocol, and the effort to make this more secure started around June of 2015. The code base of NTP has been updated in NTPsec. |
SRTP | Secure Real-time Transport Protocol (VOIP) adds encryption using AES to make sure that all the video and audio is confidential. Includes authentication integrity and replay protection by including HMAC-SHA1 as a hashing function. |
Privilege Escalation | programming errors can result in system compromise, allowing someone to gain unauthorized privileges |
Viruses | infect systems and spread copies of themselves, don't execute on their own |
Worms | Similar to viruses, but do not require host to replicate or execute |
Trojans | disguised malicious code within apparently useful applicaitons |
logic bombs | Trigger a malware action at a particular time/at particular event |
Rootkit | can be installed and hidden on a computer mainly for the purpose of compromising the system |
Ransomware | Usually demands money in return for the release of data, which may have also been encrypted using crypto malware |
spyware | may monitor browser activity, log keystrokes and impact computer performance |
Adware & Spyware | often result in computer running slow and generating popups |
Armored viruses | kind of virus that seeks to make it difficult to analyze functions by creating a metaphorical layer of armor around the virus |
Phishing | social engineering attack commonly done through email across a large audience |
Spear phishing | social engineering attack commonly done through email that targets an individual or group |
Whaling | similar to phishing, but affects big targets, such as CEO |
Vishing | attacker uses a fake caller ID to appear as a trusted org & attempt individual to enter account details via phone |
Pharming | based on farming & phishing; does not require the user to be tricked into clicking on a link. Instead it redirects victims to a bogus website, even if they correctly entered the intended site |
Dos & DDoS | attacks that involve the disruption of normal network services and include attacks based on the ICMP echo reply called a smurf attack |
Spoofing | process of masking data to look as if it came from a truste or legitimate origin |
Man in the Middle | MiTM |
Replay Attack | involve reposting captured data |
Zero Day Vulnerabilities | vulnerabilities not yet detected by antimalware software |
DNS poisioning | attack that allows perpetrator to redirect traffic by changing the IP record for a specific domain (thus permitting attackers to send legit traffic anywhere they choose) |
ARP poisoning | attack deceives a device on network, poisoning its table associations of other devices |
XSS | Cross-Site Scripting, vulnerabiltites can be used to hijack the user's session |
NullPointerException | occurs when an application tries to use an object with reference to the null value |
Evil Twin | rogue access points, MiTM attacks |
Bluejacking | attackers generate messages that appear to come from the device itself, leading users to follow obvious prompts and establish an open bluetooth connection to attacker's device |
bluesnarfing | more aggressive than bluejacking, data on victim's device becomes available for unauthorized access, modification or access |
Threat Actor Attributes | Actor's relationship to organization , motive, intent and capability |
Kinds of threat actors | Script kiddies, insiders, hacktivists, organized crime, competitors, nation states etc... |
OSINT | open sourced intelligence describes information for collection from publicaly available sources |
Black Box Test | test conducted with assessor having no information or knowledge about the inner workings of the system |
Phase 1 of Pen Test | Planning |
Phase 2 of Pen test | discovery |
Phase 3 of Pen test | attack |
Phase 4 of pen test | reporting |
white box testing | test to see if programming constructs are placed correctly and carry out required actions, assessor has knowledge of the inner system workings & code |
Gray Box Testing | uses a combination of both white and black box techniques. Tester has some understanding of or limited knowledge of inner workings |
Attack phase of Pen Test steps | Initial exploitation, escalation of privilege, pivot, persistence. |
Vulnerability scan | identifies misconfigurations & lack of security controls |
Race Condition | results in system malfunction & unexpected results. Resulting errors can cause crashes and allow attackers to gain control of a system or remotely execute commands |
Salt in password | this prevents a rainbow attack on password hashes |