Content Till Posted through Blogs about IT IS NOT HACKING IT IS SOCIAL ENGINEERING

## Malware + **Virus** – replicates using port 1900 + **Polymorphic virus** – mutates, as does its hash value + **Ransomware** – asks for money; could be subtle + **Worm** – spreads using port 5000 + **Trojan** – could change .dll files + **Rootkit** – upon reinstalling the OS, it is still there; in Linux, look for the bash shell as a path + **Keylogger** – logs keystrokes + **Adware** – uses popups + **Bots** – infected machine used as an attack vector + **RAT** – sends back passwords to the hacker, who then logs in + **Logic bomb** – needs a trigger, such as time ## Attacks – Social Engineering + **Phishing**– uses email; targets one person + **Spear phishing** – attacks a group + **Whaling** – attacks CEO or high‐level executives + **Vishing** – uses a telephone or leaves a voicemail + **Tailgating** – follows someone through; does not use credentials + **Impersonating** – pretends to be from the help desk or IT team + **Dumpster diving** – pulls information from the trash bin + **Shoulder surfing** – someone looks over an employee's shoulder or uses a smartphone to video your bank transaction + **Watering hole** – infects a trusted website + **Authority** – email from CEO or HR; asks you to fill in a form + **Urgency** – letting a fireman into the server room ## Attacks – Application + **DoS** – one host taking out another + **DDoS** – multiple hosts taking out one host + **Man**‐in‐the middle – interception attack data in real time + **Replay** – interception attack data replayed at a later date + **Kerberos** – prevents replay and pass‐the‐hash attacks + **Buffer overflow** – too much data in a field + **Integer overflow** – too large a number in a data field + **XSS** – uses HTML tags/JavaScript; no authentication + **XSRF/CSRF** – asks you to click on an icon and provide authentication + **Privilege escalation** – tries to get admin rights + **ARP poisoning** – prevented by using static entries in the arp cache—for example, arp ‐s + **ARP** – local LAN attack + **DNS poisoning** – prevented by using DNSSEC that produces RRSIG records + **Man‐in‐the‐browser** – trojan already installed; after bank transactions; URL does not change + **Zero‐day virus** – cannot be detected other than baseline; takes more time to get antidote + **Pass‐the‐hash** – attacks NTLM authentication; prevented by disabling NTLM or using Kerberos + **Session hijacking** – steals your cookies ## Wireless Attacks + **Evil twin** – looks like a legitimate WAP + **Rogue AP** – free; steals information; prevented by using 802.1x + **Jamming** – interference attack + **WPS** – push the button; brute-force attacks underlying password + **Bluejacking** – hijacks Bluetooth phone; sends text messages + **Bluesnarfing** – steals contacts from Bluetooth phone + **RFID** – prevents theft of small devices + **NFC** – wireless payment; short range + **Disassociation attacks** – prevents access to the WAP ## Cryptographic Attacks + **Birthday** – hash-collision attack; digital signatures vulnerable + **Rainbow tables** – precomputed list of passwords and hashes; used for hash-collision attacks + **Dictionary** – password; prevented by using a random character in your password or misspelling your password + **Brute force** – every available combination; prevents account lockout low value or salt password + **Collison** – matches hashes + **Downgrade** – uses legacy SSL rather than TLS; POODLE is a classic example + **Weak implementation** – uses WEP; better to use WPA2‐CCMP as it is the strongest ## Threat Actors + **Script kiddie** – purchases scripts and programs, probably from the dark web + **Hacktivist** – politically motivated agent + **Organized crime** – profit-driven agent who will blackmail you + **Nation state/APT** – foreign government agent + **Insider** – known as a malicious insider; hardest to detect + **Competitors** – steals your trade secrets; beats you to market with your product ## Penetration Testing + **Intrusive** – can cause damage + **Black box** – knows nothing + **White box** – knows everything + **Gray box** – has at least one piece of information—for example, a password or diagram + **Fuzzing** – enters random characters into an application for spurious results; black-/white-box pen testers use it + **Pivot** – accesses a network through a vulnerable host, then attacks a secondary, more important host + **Initial exploitation** – where pen testing starts + **Escalation of privileges** – obtains admin rights + **Intrusive scan** – used in pen testing; can cause damage to your system ## Vulnerability Scanning + **Passive** – no damage + **Credentialed** – admin rights; more information; audit files; account and certificate information + **Non‐credentialed** – low level; finds missing patches + Identify lack of security controls or misconfiguration ## Vulnerability Impact + **Race condition** – two threads accessing data at the same time + **End‐of‐life systems** – lack of vendor support; no patches + **Error handling** – customer side makes error small; IT support error needs all information + **Default configuration** – changes username or passwords + **Resource exhaustion** – running CPU at 100% or running out of memory + **Untrained users** – not complying with policies + **Key management** – ensures keys signed in and out each day