Security+ Notes
Social Engineering
Phishing, smishing, vishing, spear phishing, whaling
Pharming – web redirect by modifying dns
Spam/Spim (spam over instant messaging)
Identity theft
Invoice scams – bills sent for services that don’t exist
Credential harvesting – gathers credentials through phishing
Reconnaissance – learning about to target
Hoax – fraud
Watering hole attack – compromising a specific group of targets by infecting websites
they are known to visit
Typosquatting – URL hijacking, sting site, fake URL; rely on user typos
Pretexting – lying or creating a story to obtain information
Hybrid warfare – mix of political, cyber, and influence warfare with fake news
Indicators of Attack
RAT – remote access trojan
Fileless virus – malicious code that stays in RAM
Logic bomb – malware that has a logical detonation trigger
Spyware – malware that steals information usually undetected
Rootkit – malware that grants root privilege, usually hidden in OS
Backdoor – malware that’s gives access back into computer
Adversarial machine learning – hacking systems that are derived from machine learning,
to fool models by supplying deceptive input
o Evasion
o Poisoning
o Model stealing
Malicious USB cable – allows for remote commands
USB Rubber Ducky – USB allows you to steal info and install malware
Card skimmer/cloner – steals credit card info; attached to ATM
Supply chain attacks – attacking and bringing down a system in the supply chain model
o Target stores POC was attacked stealing customer info
o Stuxnet – worm targets systems that automate electromechanical processes
Keylogger – anything typed will be tracked, in order to capture credentials and other
sensitive information
o Software keylogger is installed onto computer
o Hardware keylogger is plugged into to computer or keyboard and transmits
keystrokes over IP
Computers store passwords as hashes, NOT plain text
o When passwords are entered, the computer compares the stored hash to the
one entered
� o Hashcat – used to compare a dictionary list to a hash list and return matches
o Rainbow tables – or lookup tables, contain passwords with their hashes
o Brute force – uses every combination of characters until a match
Analyze Indicators of Attack
Privilege escalation – going from low level access to admin level access
o Vertical – going from low level to higher level access
o Horizontal – normal user access other normal user privileges
SSL stripping – remove SSL from HTTPS by forwarding an [Link]
Cross site scripting – scripting code in website fields and applications
Injection – LDAP, DLL, SQL injections in webpage fields to access database
o Input validation – sanitize what can be input in fields
Pointer object dereference – access to manipulate data in memory by pointer*
Directory traversal – misconfigured webserver allows user to browse pages
Race conditions – time of check to time of use
Improper input handling – handle the expected and unexpected data inputs
Error handling – what to do when errors occur, proper feedback
Session replay attack – MITM to steal creds and use on server as the sender
Request forgeries
o Client side (CSRF) cross site request forgeries – sea surf or session riding, attacker
uses target’s creds through a request
o Sever side request forgeries (SSRF) – attack against the server through the
webpage URL
API – application programming interface, used to allow different applications to
communicate
o SOAP – simple object access protocol (xml based)
o REST – representational state transfer (http based)
o MITM, API Injection, DDOS
Driver manipulation – software allows the OS to use the hardware, digitally signed
o Shimming – malware wrapped around the driver, such as compatibility
o Refactoring – rewriting source code to drivers
Integer overflow – exceeding limit causes a wrap to the other limit; also buffer overflow
Resource exhaustion – denial of service and DDOS attack
Memory leaks – when an application does not deallocate memory, which can crash
program causing denial of service
Evil Twin – fake wireless access point to steal all clear text traffic
Rogue access point – access point without authorization
o Periodic access point scans to identify fake ones
