CompTIA – Understanding Techniques, Threats, And Cybersecurity Defenses

Explore the essential concepts, techniques, and security challenges covered in the CompTIA Security+ certification

1.1 – Compare And Contrast Different Types Of Social Engineering Techniques

• Typosquatting – URL Hijacking eg: google.com vs g00gle.com
• Pretexting – Lying to get your info; actor and a story
• Pharming – Poisoned DNS server, redirects a legit website to a bogus site
• Vishing – Voice phishing, often spoofed numbers
• Smishing – SMS phishing, spoofing here too (text messages)
• Spear Phishing – Targeted phishing
• Whaling – Spear phishing the CEO or other “large catch” (C level)
• Eliciting Information – Extracting information from the victim, often used with vishing
• Computer Hoaxes – A threat that doesn’t exist
• Watering Hole Attack – It targets groups of users by infecting websites that they commonly visit
• Defense in Depth – Layered defense
• Spam – Unsolicited messages
• Spim – Spam over instant messaging
• Mail Gateway – On-site or cloud-based filter for unsolicited email
• Tarpitting – Slow down the server conversation intentionally
• Credential Harvesting – Attacker collects usernames and passwords

Social Engineering principles: Authority, Intimidation, Social proof/Consensus, Scarcity, Urgency, Familiarity/Liking, Trust

1.2 – Given a scenario, analyze potential indicators to determine the type of attack

• Malware – Malicious software, gathers information ie: keystrokes, controlled over a botnet, show advertisements, viruses or worms with malware, your computer must run a program, use links or pop-ups
• Virus – Malware that reproduces itself, needs a user to start the process, reproduces through file systems or the network, and may or may not cause problems.
• Virus types:
  • program viruses (part of an application)
  • boot sector viruses (starts in the boot sector of OS)
  • script viruses (operating system and browser-based)
  • macro viruses (common in Microsoft Office, similar to script virus)
  • fileless virus – a stealth attack, doesn’t install or save on the system, good for avoiding anti-virus detection, operates in the memory could be in the registry
• Worms – Malware that self-replicates, doesn’t need you to do anything, uses network as transmission medium, spreads quickly, signatures can be stopped at the IDS/IPS or Firewall
• Wannacry worm – 2017, installed crypto-malware, smbV1 used to infect vulnerable systems and installed double pulsar to encrypt user data
• Crypto-malware – A new generation of ransomware, malware encrypts the data files
• Protect against ransomware – Always have a backup, offline and not on the same system
• Trojan Horse – Software that pretends to be something else, doesn’t replicate, circumvents anti-virus
• PUP – Potentially Unwanted Program, undesired program often installed along with other software, can hijack your browser
• RAT – Remote Administration Tool or Remote Access Trojan, controls the device (ie: DarkComet RAT)
• Rootkit – Originally a Unix technique, modifies core system files in part of the kernel, invisible to antivirus software
• Zeus/Zbot malware – Kernel driver famous for cleaning out bank accounts, combined with Necurs rootkit, Necurs ensures Zbot can’t be deleted and denies any termination process
• Secure boot with UEFI – Protects against rootkits in the BIOS
• Adware – Pop-up ads everywhere, cause performance issues
• Spyware – Malware that spies on you; advertising, identity theft, and affiliate fraud; often a trojan, can capture browser surfing habits, keylogger
• Logic Bomb – Often used by someone with a grudge; time bombs, user event, difficult to identify, many logic bombs delete themselves
• Spraying Attack – Common passwords, used only a few times to prevent lockout before moving to the next account; hidden from alarms and detection
• Brute Force – Every possible password combination until the hash is matched, can take some time, a strong hash algorithm slows things down, most accounts will lockout, more common for an attacker to check for the hash offline
• Dictionary attack – Using common words, password crackers can substitute letters
• Rainbow tables – Pre-built set of hashes, contains pre-calculated hash chains, speed increased over previous password attacks, rainbow tables are application or OS-specific
• Salt – Random data added to a password before hashing takes place
• Birthday attack – 23 students have 50% of 2 students having the same birthday, for 30 there’s a 70% chance, hash collisions happen when different input gives an output that uses the same hash.
• MD5 hash – Has hashing collisions.
• Downgrade Attack – Force the system to use a weaker encryption method

1.3 – Given a scenario, analyze potential indicators associated with application attacks

• XSS (cross-site scripting) – Originally called cross-site because of browser security flaws, info from one site could be shared with another, very common; malware that uses javascript
• Non-persistent (reflected) XSS – Website allows javascript to run in user input fields,
• Persistent (stored) XSS – Stored permanently on the website via a post, no specific targets
• Code injection attack – Code added into a data stream, enabled because of bad programming;
• SQL injection – Uses SQL to access, add, or remove info from a DataBase
• XML injection – Modify XML requests
• LDAP attack – Manipulates LDAP databases
• DLL injection – Injects code into applications and uses the app to run the DLL inside a new process
• Buffer overflows – Overwriting a buffer of memory; developers should perform bounds checking, not easy to exploit
• Pass the Hash – A replay attack that lets the attacker intercept a hash and replay it back to the server to authenticate, use SSL/TLS to encrypt the hash and stop this attack

1.4 – Given a scenario, analyze potential indicators associated with network attacks

• Bluejacking – Sending unsolicited messages over Bluetooth
• Bluesnarfing – Access data on a mobile device over Bluetooth

For more information click here.