Ogolne

 0    111 flashcards    guest3230502
download mp3 print play test yourself
 
Question język polski Answer język polski
SCAP
start learning
Security Content Automation Protocol is an effort by the security community, led by the National Institute of Standardu and Technology to create a standarized sporach for communicating cyber security related information.
22/TCP
start learning
Secure Shell (SSH). Windows - uncommon, Linux - common
53/TCap and UDP
start learning
DNS. Windows - common (servers). Linux - common (servers)
80/TCP
start learning
HTTP. Windows - common (servers). Linux - common (servers)
125-139/TCP and UDP
start learning
NetBIOS. Windows - common. linux-occasional
38/TCP and UDP
start learning
LDAP. Windows - common (servers). Linux - common (servers)
3389/TCP and UDP
start learning
Remote Desktop Protocol. Windows - Common. Linux - uncommon
PowerShell
start learning
Built-in management, automation and scripting language tool for Windows
OpenSSL
start learning
An implementation of the TLS protocol and is often used to protect other services. if VPN or SSH arent a good much for protecting a trafić being sent through a network, OpenSSL is used
Real-time operating system (RTOS)
start learning
A RTOS is an operating system that is used when priority needs to be placed on processing data as it comes in
SCADA
start learning
A type of system architekture that combines data acquisition and Control devices, computers, communications capabilities, and an interface, to control and monitor the entire architecture.
RTU
start learning
Remote Telemetry Units (RTUs) collects data from sensors
PLC
start learning
Programmable Logic Controllers that controls and collects data from industrial devices like machines or robots
Internet of Things (IoT)
start learning
is a broad term that describes network-connected devices that are used for automation, sensors, security and similar tasks.
ephermal key
start learning
key that lasts long only to establish connection
Defense in depth
start learning
built around multiple controls design to ensure that a failure in a single or event multiple controls is unlikely to cause a security breach
Open Systems Interconnection (OSI)
start learning
this model is used to conceptually describe how devices and software operator together through networks
port security
start learning
a capability that allows you to limit the bimber of MAC addresses that can be used on a single port
fuzz testing
start learning
Fuzz testing or fuzzing is an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities.
Risk mitigation
start learning
is the process of applying security controls to reduce the probability and/or magnitudę of a risk
Wireshark
start learning
a packet analyzer that can be used to capture and analyse network traffic for forensics purposes
UEM, MDM, MAM
start learning
In summary, MDM primarily deals with managing mobile devices, UEM extends this management to various endpoint devices, and MAM focuses specifically on managing mobile applications and their associated data.
Bluesnarfing
start learning
theft od information from bluetooth enabled device
Bluejacking
start learning
when unwanted messages are sent to a device through bluetooth
evil maid
start learning
evil maid attack are inperson attack where attacker Tales advantage of physical Access to hardware to acquire information or to insert malicious software on a device
Multithread
start learning
Multithreading in IT refers to a programming technique where multiple threads within a single process execute independently, allowing tasks to run concurrently. It enables applications to perform multiple tasks simultaneously,
Variable
start learning
In information technology (IT), a variable is a symbolic name associated with a value or data storage location in computer memory. Variables are used to store and manipulate data within a program or a script
Nonce
start learning
In information technology (IT), a nonce (which stands for "number used once") is a value that is used only once within a specific context or session. Nonces are commonly used in security protocols to prevent replay attacks
Group Policy
start learning
group Policy is the easiest way to restrict the Access to the OS components and resources by defining a set of rules that control the working environment of user account and computer accounts
SET
start learning
Secure Electronic Transaction or SET is a system that ensures the security and integrity of electronic transactions done using credit cards in a scenario. SET is not some system that enables payment but it is a security protocol applied to those payments.
Failover
start learning
Failover is the process of automatically switching to a standby or backup system in case the primary system fails. This ensures continuity of service and minimizes downtime.
Redundancy
start learning
Redundancy involves having duplicate or backup components in a system to provide resilience against failures. Redundancy can be implemented at various levels, such as hardware redundancy
Cable lock
start learning
Cable locks typically consist of a flexible steel cable with a locking mechanism at one end. They are commonly used to secure items like bicycles, laptops, or luggage. Cable locks often have a combination or key-operated locking mechanism.
Keypad locks
start learning
Keypad locks, also known as electronic or digital locks, utilize a keypad for entry instead of a traditional key. Users enter a pre-set code or PIN to unlock the device. Keypad locks are often found on doors, safes,
Padlocks
start learning
Padlocks are traditional locks that consist of a detachable locking mechanism (the shackle) and a body. The shackle is typically secured through a loop or hasp and can be locked in place using a key or combination.
STIX vs TAXII
start learning
In summary, STIX is a language for describing cyber threat information, while TAXII is a protocol for exchanging that information between organizations. They work together to enable standardized and automated sharing of threat intelligence cyber threats.
backdoors
start learning
ar methods or tools that provide Access that bypass normal authenticstion and authorization procedures
Bots
start learning
Bots are remotely controlled Systems or devices that have a malware infection. Many botnet command and Control Systems operate in a client-server mode
TCB
start learning
TCB stands for Trusted Computing Base. It's the core components of a computer system responsible for enforcing security policies and maintaining system integrity. Security Kernel is the core of TCB and consist of hardware software and firmware
SPIM
start learning
Messaging spam, sometimes called SPIM,[1][2][3] is a type of spam targeting users of instant messaging (IM) services, SMS, or private messages within websites
Digital signature
start learning
mathematical way of veryfing the authenticity of the document
Fast flux
start learning
is a domain name system(DNS) based evasion technique used by cyber criminals to hide phishing and malware delivery websites behind an ever-changing network of compromised hosts acting as reverse proxies to the backend botnet master
Bastion Host
start learning
is the first line of defence for a networks security and is another name for a lock down system. A bastion Host is usually a highly exposed device because IT is a first line in a network security
UEM
start learning
Universal Endpoint management tool can manage desktops, laptops, mobile devices, primters and other devices
Wireshark
start learning
can be used to capture and analyse Session Initiation Protocol (SIP) traffic on a network.
Stateful inspection
start learning
Stateful inspection is a firewall technology that monitors the state of active connections and tracks the state of network connections in order to determine whether incoming packets are allowed or denied
Tools to search for rootkits
start learning
chkrootkit and rkhunter
How to get rid of rootkit?
start learning
Rootkits are designed to hide from antimalware scanners and can often defeat locally run scans. 1. Mounting the drive in another system in read-only mode. 2. Booting from a USB drive and scanning using a trusted, known good operating system
Stealth virus
start learning
A stealth virus is a type of virus that actively hides its presence from detection by antivirus software or other security measures. It achieves this by altering its code or behavior to evade detection.
Polymorphic virus
start learning
is a virus that can change its appearance or signature each time it infects a new file or system. This makes it difficult for antivirus software to detect because the virus presents a different pattern or signature each time it infects a new file.
Pharming
start learning
Pharming attacks redirect traffic away from legitimate websites to malicious versions. Pharming typically requires a successful technical attack that can changed DNS entries on a Local PC or on a trusted Local DNS server
Pretexting vs prepending
start learning
Pretexting involves creating a fabricated scenario or false identity to deceive someone into providing information or taking action. prepending involves adding content or data at the beginning of something, adding text to the beginning of document
Virus hoax
start learning
virus hoax is a false warning about a computer virus. Typically, the warning arrives in an email note or is distributed through a note in a company's internal network.
Hybrid warfare
start learning
the use of a range of different methods to attack an enemy, combines active cyberwarfare, influence campaigns, and real world direct action. This makes hybrid warfare almost exclusively the domain of nation stare actors
brute force vs dictionary attack
start learning
A brute force attack systematically tries every possible combination of characters until it finds the correct password. a dictionary attack uses a list of commonly used passwords or words from a dictionary to attempt to gain unauthorized access.
Hash
start learning
one way cryptographic function that takes an inout and generates a unique and repeatble output from that input. no two inputs should be same, it shouldnt be reversible
Malicious flash drive
start learning
any storage device, not necessarily limited to USB drives, that has been altered or infected with malware. These devices can include SD cards, external hard drives, or any other type of removable storage.
Skimming attack
start learning
is a type of cybercrime in which a malicious actor uses a device to steal sensitive information, typically payment card data, from unsuspecting individuals. This is often done at point-of-sale terminals, ATMs, or other payment processing systems.
Pharming
start learning
pharming attacks use web pages that are designed to look like a legitimate site but that attemot to capture information like credential
what is safest protocol replacing Telnet?
start learning
Secure Shell (SSH)
what is more secure solution instead of FTP?
start learning
Secure File Transfer Protocol (SFTP) and FTP-Secure
footprinting
start learning
Footprinting (also known as reconnaissance) is the technique used for gathering information about computer systems and the entities they belong to. To get this information, a hacker might use various tools and technologies.
war driving
start learning
when testers drive by facility in a car ewuipped with high-end antenas and attemot to eavesdrop on or connect to wireless network
UAV
start learning
unmanner aerial vehicle
Exploitation framework
start learning
such as Metasploit simplify the use od Vulnerabilities by providing a modular approach to configuring and deploying vulnerability exploits
Techniques used by IDS
start learning
1. Anomaly detection,2. Signature detection, 3. Target monitoring,4. Stealth probes
OAuth
start learning
is an open standard for token based authenticstion and authorization on the internet that allows this party services that a user account information is used without sharing a password
DNS poisoning
start learning
also known as cache poisoning. Here a rough machine caches the DNS replies from a DNS server and uses the information fraudulently to redirect the victims browser to attacker site
ARP poisoning
start learning
Address Resolution Protocol (ARP) poisoning, convinces the network that the attacker's MAC address is the one Associated with the victims address IP. in the result the traffic sent to that IP address is wrongly sent to attacker machine
88 port
start learning
Kerberos
SNMP
start learning
161
HTTPS
start learning
443 port
FTP
start learning
21 port
Infraded images
start learning
refers to the use of infrared (IR) cameras or sensors to capture images in the infrared spectrum. These cameras are capable of detecting thermal radiation emitted by objects, allowing them to produce images even in low light or complete darkness.
DNS vs domain hijacking
start learning
domain hijacking involves unauthorized changes to the registration information of a domain name, while DNS hijacking involves unauthorized modifications to the DNS records that map domain names to IP addresses.
SDLC
start learning
1. Gather requirenents 2. Design 3. Implement 4. Test/Validate 5. Deploy 6. Maintain
Spiral
start learning
1. Identification 2. Design 3. Build 4. Evaluation
toolchain
start learning
colection of tools that improve coding, bulding and test, packaging, releass, Configuration and Configuration management and monitoring ekements of a software developement life cycle
CI / CD
start learning
Continuous Integration - a developemtn practice that checks code into a share repository on a comsistent ongoing basis. Continuous Deployment - rolls out tested changes inti production automatically as soon as they have been tested
API
start learning
Application Progrmaming interface interfaces between clients and servers or applications and operating systems that define how the client should ask for information from the server and how the server will respond. programs written in any language canuseit
Blind Time based SQL injection attack
start learning
uses the amount of time required to process a query as a channel for retriving information from a database
what tools can be used for automated blind time based attacks?
start learning
SQLmap and Metasploit
Session reply attack
start learning
Once the attacker has the cookies, they may perform cookie manipulation to alter the details sent back to the website or simply use the cookie as the badge required to gain Access to the website
NTML
start learning
NTLM jest jednym z popularnych protokołów używanych przez komputery z systemem Windows do uwierzytelniania się w sieci. Jego wersja druga stworzona została przez Microsoft i wypuszczona na świat razem z premierą Windows 2000
how to protect against Session reply attack?
start learning
by using secure cookies, that are never transmited over unencrypted HTTP connection
NTLM pash the hash attack
start learning
form of reply attack that takes place against the operating system rather than web app. the attacker begins by gaining access to windows system and then harvest stored NTLM password hashes. they can try use hashes to gain user or admin Access to AD domain
Insecure Direct Object References
start learning
if app is design to directly retrieve information from database based on argument provided by user on either query string or POST request, if the app doesnt perform authorization checks user may be permitted to view information that exeeds their authority
Directory traversal attacks
start learning
when web server allow to navigate directory paths and filesystem access controls dont properly restrict acces to files stored elsewhere on the server jn the same directory
Shadow password
start learning
A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.
reflected XSS
start learning
reflected cross site scripting attack occur when app allows reflected input, that allows to oerform HTML injection and insert attacker HTML code into webcpage
Stored/persistent XSS attack
start learning
they remain on the server even when the attacker isn't actively waginf an attack
Request forgery attack
start learning
exploit trust relationships and attemot to have users unwittingly execute commands against a remote system. two forma: cross site rewuest forgery (CSRF/XSRF) and server side request forgery (SSRF)
difference between XSS and CSRF attacks
start learning
In summary, XSS attacks focus on injecting malicious scripts into web pages to exploit other users' browsers, while CSRF attacks exploit the trust a website has in a user's authenticated session to perform unauthorized actions on behalf of the user.
difference between SSRF and CSRF attacks
start learning
In essence, CSRF attacks manipulate user-initiated actions, while SSRF attacks manipulate the server's ability to make requests.
how to protect against CSRF/XSRF attacks?
start learning
1) create web application that uses secure tokens 2) sites should chęck the refering URL in requests receivwd from end users and only accept requests originated from their own site
Parameter pollution
start learning
one technique that attackers have successfully used to defeat input validation controls it works by sending a web application more than one value for the same inout variable
WAF
start learning
Web Application Firewall - function similarly to network firewalla but they work at the application layer. WAF sits in front of web server and receives all network traffic headed to that server. It then scrutinizes the jnput headed to the application
database normalization
start learning
set of design principles that database designers should follow when building and modifying databases. Advantages: 1. prevent data inconcistnecy 2. prevent update anomalies 3. reduce the need for restructuring existing DB 4. make DB schema more infomrative
Parameterized Queries
start learning
protect applications against injection attack, the client doesnt directly send SQL code to DB server. instead the client sends argument to the server, which then inserts those arguments info a precompiled query template. example: stored procedures
Code signing
start learning
provides developer with a way to confirm the authenticity of their code with their own private key and then browsers can use the developer's public key to verify that signature and ensure that the code is legitimate and was not modified by unauthorized
SDK
start learning
Software developement kits - collections of software libraries combined with documentation, examples and other resources designed to help programmers get up and running quickly in a developement environment.
Code integrity measurement
start learning
use cryptographic hash functions to verify that the code being released into production matches the code that was previously approved
Buffer overflow
start learning
when an attacker manipulates a program into placing more data into an area of memory than is allocated for that programs use. The goal is to over-write other information in memory with instructuins that may be executed by a different proces running on it
Integer overflow
start learning
variant of a buffer overflow where the result of an arithmetic operation attempts to store an integer that is top large to fir in the specific buffer
Race condition
start learning
when the security of code segment depends upon the sequence of events occuring within the system. Time-of-check-to-time-of-use (TOCTTOU or TOC/TOU) is a race condition when a program checks Access permission too far in advance of a resources request
what is the protection against malicious drivers?
start learning
code signing
Device drivers
start learning
serve as the software interface between hardware and the operating system. They require low-level Access to the operating system and run with administrator priviledges.
Shimming
start learning
one of the driver manipulation attacks- attackers without the Access to the driver source code can use this technique, take a legitimate driver and wraps a malicious driver around the outside of it. Shim -malicious driver
SDN
start learning
SDN stands for Software Defined Network which is a networking architecture approach. It enables the control and management of the network using software applications
Space and time partitioning
start learning
Space and time partitioning are techniques used in computer science and engineering to allocate resources (such as memory, processing time, or network bandwidth) among multiple users or applications.
Jamming
start learning
Jamming refers to the intentional interference with wireless communications, such as radio signals, Wi-Fi networks, or cellular networks, to disrupt their normal operation

You must sign in to write a comment