Question |
Answer |
start learning
|
|
Security Content Automation Protocol is an effort by the security community, led by the National Institute of Standardu and Technology to create a standarized sporach for communicating cyber security related information.
|
|
|
start learning
|
|
Secure Shell (SSH). Windows - uncommon, Linux - common
|
|
|
start learning
|
|
DNS. Windows - common (servers). Linux - common (servers)
|
|
|
start learning
|
|
HTTP. Windows - common (servers). Linux - common (servers)
|
|
|
start learning
|
|
NetBIOS. Windows - common. linux-occasional
|
|
|
start learning
|
|
LDAP. Windows - common (servers). Linux - common (servers)
|
|
|
start learning
|
|
Remote Desktop Protocol. Windows - Common. Linux - uncommon
|
|
|
start learning
|
|
Built-in management, automation and scripting language tool for Windows
|
|
|
start learning
|
|
An implementation of the TLS protocol and is often used to protect other services. if VPN or SSH arent a good much for protecting a trafić being sent through a network, OpenSSL is used
|
|
|
Real-time operating system (RTOS) start learning
|
|
A RTOS is an operating system that is used when priority needs to be placed on processing data as it comes in
|
|
|
start learning
|
|
A type of system architekture that combines data acquisition and Control devices, computers, communications capabilities, and an interface, to control and monitor the entire architecture.
|
|
|
start learning
|
|
Remote Telemetry Units (RTUs) collects data from sensors
|
|
|
start learning
|
|
Programmable Logic Controllers that controls and collects data from industrial devices like machines or robots
|
|
|
start learning
|
|
is a broad term that describes network-connected devices that are used for automation, sensors, security and similar tasks.
|
|
|
start learning
|
|
key that lasts long only to establish connection
|
|
|
start learning
|
|
built around multiple controls design to ensure that a failure in a single or event multiple controls is unlikely to cause a security breach
|
|
|
Open Systems Interconnection (OSI) start learning
|
|
this model is used to conceptually describe how devices and software operator together through networks
|
|
|
start learning
|
|
a capability that allows you to limit the bimber of MAC addresses that can be used on a single port
|
|
|
start learning
|
|
Fuzz testing or fuzzing is an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities.
|
|
|
start learning
|
|
is the process of applying security controls to reduce the probability and/or magnitudę of a risk
|
|
|
start learning
|
|
a packet analyzer that can be used to capture and analyse network traffic for forensics purposes
|
|
|
start learning
|
|
In summary, MDM primarily deals with managing mobile devices, UEM extends this management to various endpoint devices, and MAM focuses specifically on managing mobile applications and their associated data.
|
|
|
start learning
|
|
theft od information from bluetooth enabled device
|
|
|
start learning
|
|
when unwanted messages are sent to a device through bluetooth
|
|
|
start learning
|
|
evil maid attack are inperson attack where attacker Tales advantage of physical Access to hardware to acquire information or to insert malicious software on a device
|
|
|
start learning
|
|
Multithreading in IT refers to a programming technique where multiple threads within a single process execute independently, allowing tasks to run concurrently. It enables applications to perform multiple tasks simultaneously,
|
|
|
start learning
|
|
In information technology (IT), a variable is a symbolic name associated with a value or data storage location in computer memory. Variables are used to store and manipulate data within a program or a script
|
|
|
start learning
|
|
In information technology (IT), a nonce (which stands for "number used once") is a value that is used only once within a specific context or session. Nonces are commonly used in security protocols to prevent replay attacks
|
|
|
start learning
|
|
group Policy is the easiest way to restrict the Access to the OS components and resources by defining a set of rules that control the working environment of user account and computer accounts
|
|
|
start learning
|
|
Secure Electronic Transaction or SET is a system that ensures the security and integrity of electronic transactions done using credit cards in a scenario. SET is not some system that enables payment but it is a security protocol applied to those payments.
|
|
|
start learning
|
|
Failover is the process of automatically switching to a standby or backup system in case the primary system fails. This ensures continuity of service and minimizes downtime.
|
|
|
start learning
|
|
Redundancy involves having duplicate or backup components in a system to provide resilience against failures. Redundancy can be implemented at various levels, such as hardware redundancy
|
|
|
start learning
|
|
Cable locks typically consist of a flexible steel cable with a locking mechanism at one end. They are commonly used to secure items like bicycles, laptops, or luggage. Cable locks often have a combination or key-operated locking mechanism.
|
|
|
start learning
|
|
Keypad locks, also known as electronic or digital locks, utilize a keypad for entry instead of a traditional key. Users enter a pre-set code or PIN to unlock the device. Keypad locks are often found on doors, safes,
|
|
|
start learning
|
|
Padlocks are traditional locks that consist of a detachable locking mechanism (the shackle) and a body. The shackle is typically secured through a loop or hasp and can be locked in place using a key or combination.
|
|
|
start learning
|
|
In summary, STIX is a language for describing cyber threat information, while TAXII is a protocol for exchanging that information between organizations. They work together to enable standardized and automated sharing of threat intelligence cyber threats.
|
|
|
start learning
|
|
ar methods or tools that provide Access that bypass normal authenticstion and authorization procedures
|
|
|
start learning
|
|
Bots are remotely controlled Systems or devices that have a malware infection. Many botnet command and Control Systems operate in a client-server mode
|
|
|
start learning
|
|
TCB stands for Trusted Computing Base. It's the core components of a computer system responsible for enforcing security policies and maintaining system integrity. Security Kernel is the core of TCB and consist of hardware software and firmware
|
|
|
start learning
|
|
Messaging spam, sometimes called SPIM,[1][2][3] is a type of spam targeting users of instant messaging (IM) services, SMS, or private messages within websites
|
|
|
start learning
|
|
mathematical way of veryfing the authenticity of the document
|
|
|
start learning
|
|
is a domain name system(DNS) based evasion technique used by cyber criminals to hide phishing and malware delivery websites behind an ever-changing network of compromised hosts acting as reverse proxies to the backend botnet master
|
|
|
start learning
|
|
is the first line of defence for a networks security and is another name for a lock down system. A bastion Host is usually a highly exposed device because IT is a first line in a network security
|
|
|
start learning
|
|
Universal Endpoint management tool can manage desktops, laptops, mobile devices, primters and other devices
|
|
|
start learning
|
|
can be used to capture and analyse Session Initiation Protocol (SIP) traffic on a network.
|
|
|
start learning
|
|
Stateful inspection is a firewall technology that monitors the state of active connections and tracks the state of network connections in order to determine whether incoming packets are allowed or denied
|
|
|
Tools to search for rootkits start learning
|
|
|
|
|
How to get rid of rootkit? start learning
|
|
Rootkits are designed to hide from antimalware scanners and can often defeat locally run scans. 1. Mounting the drive in another system in read-only mode. 2. Booting from a USB drive and scanning using a trusted, known good operating system
|
|
|
start learning
|
|
A stealth virus is a type of virus that actively hides its presence from detection by antivirus software or other security measures. It achieves this by altering its code or behavior to evade detection.
|
|
|
start learning
|
|
is a virus that can change its appearance or signature each time it infects a new file or system. This makes it difficult for antivirus software to detect because the virus presents a different pattern or signature each time it infects a new file.
|
|
|
start learning
|
|
Pharming attacks redirect traffic away from legitimate websites to malicious versions. Pharming typically requires a successful technical attack that can changed DNS entries on a Local PC or on a trusted Local DNS server
|
|
|
start learning
|
|
Pretexting involves creating a fabricated scenario or false identity to deceive someone into providing information or taking action. prepending involves adding content or data at the beginning of something, adding text to the beginning of document
|
|
|
start learning
|
|
virus hoax is a false warning about a computer virus. Typically, the warning arrives in an email note or is distributed through a note in a company's internal network.
|
|
|
start learning
|
|
the use of a range of different methods to attack an enemy, combines active cyberwarfare, influence campaigns, and real world direct action. This makes hybrid warfare almost exclusively the domain of nation stare actors
|
|
|
brute force vs dictionary attack start learning
|
|
A brute force attack systematically tries every possible combination of characters until it finds the correct password. a dictionary attack uses a list of commonly used passwords or words from a dictionary to attempt to gain unauthorized access.
|
|
|
start learning
|
|
one way cryptographic function that takes an inout and generates a unique and repeatble output from that input. no two inputs should be same, it shouldnt be reversible
|
|
|
start learning
|
|
any storage device, not necessarily limited to USB drives, that has been altered or infected with malware. These devices can include SD cards, external hard drives, or any other type of removable storage.
|
|
|
start learning
|
|
is a type of cybercrime in which a malicious actor uses a device to steal sensitive information, typically payment card data, from unsuspecting individuals. This is often done at point-of-sale terminals, ATMs, or other payment processing systems.
|
|
|
start learning
|
|
pharming attacks use web pages that are designed to look like a legitimate site but that attemot to capture information like credential
|
|
|
what is safest protocol replacing Telnet? start learning
|
|
|
|
|
what is more secure solution instead of FTP? start learning
|
|
Secure File Transfer Protocol (SFTP) and FTP-Secure
|
|
|
start learning
|
|
Footprinting (also known as reconnaissance) is the technique used for gathering information about computer systems and the entities they belong to. To get this information, a hacker might use various tools and technologies.
|
|
|
start learning
|
|
when testers drive by facility in a car ewuipped with high-end antenas and attemot to eavesdrop on or connect to wireless network
|
|
|
start learning
|
|
|
|
|
start learning
|
|
such as Metasploit simplify the use od Vulnerabilities by providing a modular approach to configuring and deploying vulnerability exploits
|
|
|
start learning
|
|
1. Anomaly detection,2. Signature detection, 3. Target monitoring,4. Stealth probes
|
|
|
start learning
|
|
is an open standard for token based authenticstion and authorization on the internet that allows this party services that a user account information is used without sharing a password
|
|
|
start learning
|
|
also known as cache poisoning. Here a rough machine caches the DNS replies from a DNS server and uses the information fraudulently to redirect the victims browser to attacker site
|
|
|
start learning
|
|
Address Resolution Protocol (ARP) poisoning, convinces the network that the attacker's MAC address is the one Associated with the victims address IP. in the result the traffic sent to that IP address is wrongly sent to attacker machine
|
|
|
start learning
|
|
|
|
|
start learning
|
|
|
|
|
start learning
|
|
|
|
|
start learning
|
|
|
|
|
start learning
|
|
refers to the use of infrared (IR) cameras or sensors to capture images in the infrared spectrum. These cameras are capable of detecting thermal radiation emitted by objects, allowing them to produce images even in low light or complete darkness.
|
|
|
start learning
|
|
domain hijacking involves unauthorized changes to the registration information of a domain name, while DNS hijacking involves unauthorized modifications to the DNS records that map domain names to IP addresses.
|
|
|
start learning
|
|
1. Gather requirenents 2. Design 3. Implement 4. Test/Validate 5. Deploy 6. Maintain
|
|
|
start learning
|
|
1. Identification 2. Design 3. Build 4. Evaluation
|
|
|
start learning
|
|
colection of tools that improve coding, bulding and test, packaging, releass, Configuration and Configuration management and monitoring ekements of a software developement life cycle
|
|
|
start learning
|
|
Continuous Integration - a developemtn practice that checks code into a share repository on a comsistent ongoing basis. Continuous Deployment - rolls out tested changes inti production automatically as soon as they have been tested
|
|
|
start learning
|
|
Application Progrmaming interface interfaces between clients and servers or applications and operating systems that define how the client should ask for information from the server and how the server will respond. programs written in any language canuseit
|
|
|
Blind Time based SQL injection attack start learning
|
|
uses the amount of time required to process a query as a channel for retriving information from a database
|
|
|
what tools can be used for automated blind time based attacks? start learning
|
|
|
|
|
start learning
|
|
Once the attacker has the cookies, they may perform cookie manipulation to alter the details sent back to the website or simply use the cookie as the badge required to gain Access to the website
|
|
|
start learning
|
|
NTLM jest jednym z popularnych protokołów używanych przez komputery z systemem Windows do uwierzytelniania się w sieci. Jego wersja druga stworzona została przez Microsoft i wypuszczona na świat razem z premierą Windows 2000
|
|
|
how to protect against Session reply attack? start learning
|
|
by using secure cookies, that are never transmited over unencrypted HTTP connection
|
|
|
NTLM pash the hash attack start learning
|
|
form of reply attack that takes place against the operating system rather than web app. the attacker begins by gaining access to windows system and then harvest stored NTLM password hashes. they can try use hashes to gain user or admin Access to AD domain
|
|
|
Insecure Direct Object References start learning
|
|
if app is design to directly retrieve information from database based on argument provided by user on either query string or POST request, if the app doesnt perform authorization checks user may be permitted to view information that exeeds their authority
|
|
|
Directory traversal attacks start learning
|
|
when web server allow to navigate directory paths and filesystem access controls dont properly restrict acces to files stored elsewhere on the server jn the same directory
|
|
|
start learning
|
|
A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.
|
|
|
start learning
|
|
reflected cross site scripting attack occur when app allows reflected input, that allows to oerform HTML injection and insert attacker HTML code into webcpage
|
|
|
Stored/persistent XSS attack start learning
|
|
they remain on the server even when the attacker isn't actively waginf an attack
|
|
|
start learning
|
|
exploit trust relationships and attemot to have users unwittingly execute commands against a remote system. two forma: cross site rewuest forgery (CSRF/XSRF) and server side request forgery (SSRF)
|
|
|
difference between XSS and CSRF attacks start learning
|
|
In summary, XSS attacks focus on injecting malicious scripts into web pages to exploit other users' browsers, while CSRF attacks exploit the trust a website has in a user's authenticated session to perform unauthorized actions on behalf of the user.
|
|
|
difference between SSRF and CSRF attacks start learning
|
|
In essence, CSRF attacks manipulate user-initiated actions, while SSRF attacks manipulate the server's ability to make requests.
|
|
|
how to protect against CSRF/XSRF attacks? start learning
|
|
1) create web application that uses secure tokens 2) sites should chęck the refering URL in requests receivwd from end users and only accept requests originated from their own site
|
|
|
start learning
|
|
one technique that attackers have successfully used to defeat input validation controls it works by sending a web application more than one value for the same inout variable
|
|
|
start learning
|
|
Web Application Firewall - function similarly to network firewalla but they work at the application layer. WAF sits in front of web server and receives all network traffic headed to that server. It then scrutinizes the jnput headed to the application
|
|
|
start learning
|
|
set of design principles that database designers should follow when building and modifying databases. Advantages: 1. prevent data inconcistnecy 2. prevent update anomalies 3. reduce the need for restructuring existing DB 4. make DB schema more infomrative
|
|
|
start learning
|
|
protect applications against injection attack, the client doesnt directly send SQL code to DB server. instead the client sends argument to the server, which then inserts those arguments info a precompiled query template. example: stored procedures
|
|
|
start learning
|
|
provides developer with a way to confirm the authenticity of their code with their own private key and then browsers can use the developer's public key to verify that signature and ensure that the code is legitimate and was not modified by unauthorized
|
|
|
start learning
|
|
Software developement kits - collections of software libraries combined with documentation, examples and other resources designed to help programmers get up and running quickly in a developement environment.
|
|
|
Code integrity measurement start learning
|
|
use cryptographic hash functions to verify that the code being released into production matches the code that was previously approved
|
|
|
start learning
|
|
when an attacker manipulates a program into placing more data into an area of memory than is allocated for that programs use. The goal is to over-write other information in memory with instructuins that may be executed by a different proces running on it
|
|
|
start learning
|
|
variant of a buffer overflow where the result of an arithmetic operation attempts to store an integer that is top large to fir in the specific buffer
|
|
|
start learning
|
|
when the security of code segment depends upon the sequence of events occuring within the system. Time-of-check-to-time-of-use (TOCTTOU or TOC/TOU) is a race condition when a program checks Access permission too far in advance of a resources request
|
|
|
what is the protection against malicious drivers? start learning
|
|
|
|
|
start learning
|
|
serve as the software interface between hardware and the operating system. They require low-level Access to the operating system and run with administrator priviledges.
|
|
|
start learning
|
|
one of the driver manipulation attacks- attackers without the Access to the driver source code can use this technique, take a legitimate driver and wraps a malicious driver around the outside of it. Shim -malicious driver
|
|
|
start learning
|
|
SDN stands for Software Defined Network which is a networking architecture approach. It enables the control and management of the network using software applications
|
|
|
Space and time partitioning start learning
|
|
Space and time partitioning are techniques used in computer science and engineering to allocate resources (such as memory, processing time, or network bandwidth) among multiple users or applications.
|
|
|
start learning
|
|
Jamming refers to the intentional interference with wireless communications, such as radio signals, Wi-Fi networks, or cellular networks, to disrupt their normal operation
|
|
|