Explore the essential concepts, techniques, and security challenges covered in the CompTIA Security+ certification
1.1 – Compare And Contrast Different Types Of Social Engineering Techniques
- Typosquatting – URL Hijacking eg: google.com vs g00gle.com
- Pretexting – Lying to get your info; actor and a story
- Pharming – Poisoned DNS server, redirects a legit website to a bogus site
- Vishing – Voice phishing, often spoofed numbers
- Smishing – SMS phishing, spoofing here too (text messages)
- Spear Phishing – Targeted phishing
- Whaling – Spear phishing the CEO or other “large catch” (C level)
- Eliciting Information – Extracting information from the victim, often used with vishing
- Computer Hoaxes – A threat that doesn’t exist
- Watering Hole Attack – It targets groups of users by infecting websites that they commonly visit
- Defense in Depth – Layered defense
- Spam – Unsolicited messages
- Spim – Spam over instant messaging
- Mail Gateway – On-site or cloud-based filter for unsolicited email
- Tarpitting – Slow down the server conversation intentionally
- Credential Harvesting – Attacker collects usernames and passwords
Social Engineering principles: Authority, Intimidation, Social proof/Consensus, Scarcity, Urgency, Familiarity/Liking, Trust
1.2 – Given a scenario, analyze potential indicators to determine the type of attack
- Malware – Malicious software, gathers information ie: keystrokes, controlled over a botnet, show advertisements, viruses or worms with malware, your computer must run a program, use links or pop-ups
- Virus – Malware that reproduces itself, needs a user to start the process, reproduces through file systems or the network, and may or may not cause problems.
- Virus types:
- program viruses (part of an application)
- boot sector viruses (starts in the boot sector of OS)
- script viruses (operating system and browser-based)
- macro viruses (common in Microsoft Office, similar to script virus)
- fileless virus – a stealth attack, doesn’t install or save on the system, good for avoiding anti-virus detection, operates in the memory could be in the registry
- Worms – Malware that self-replicates, doesn’t need you to do anything, uses network as transmission medium, spreads quickly, signatures can be stopped at the IDS/IPS or Firewall
- Wannacry worm – 2017, installed crypto-malware, smbV1 used to infect vulnerable systems and installed double pulsar to encrypt user data
- Crypto-malware – A new generation of ransomware, malware encrypts the data files
- Protect against ransomware – Always have a backup, offline and not on the same system
- Trojan Horse – Software that pretends to be something else, doesn’t replicate, circumvents anti-virus
- PUP – Potentially Unwanted Program, undesired program often installed along with other software, can hijack your browser
- RAT – Remote Administration Tool or Remote Access Trojan, controls the device (ie: DarkComet RAT)
- Rootkit – Originally a Unix technique, modifies core system files in part of the kernel, invisible to antivirus software
- Zeus/Zbot malware – Kernel driver famous for cleaning out bank accounts, combined with Necurs rootkit, Necurs ensures Zbot can’t be deleted and denies any termination process
- Secure boot with UEFI – Protects against rootkits in the BIOS
- Adware – Pop-up ads everywhere, cause performance issues
- Spyware – Malware that spies on you; advertising, identity theft, and affiliate fraud; often a trojan, can capture browser surfing habits, keylogger
- Logic Bomb – Often used by someone with a grudge; time bombs, user event, difficult to identify, many logic bombs delete themselves
- Spraying Attack – Common passwords, used only a few times to prevent lockout before moving to the next account; hidden from alarms and detection
- Brute Force – Every possible password combination until the hash is matched, can take some time, a strong hash algorithm slows things down, most accounts will lockout, more common for an attacker to check for the hash offline
- Dictionary attack – Using common words, password crackers can substitute letters
- Rainbow tables – Pre-built set of hashes, contains pre-calculated hash chains, speed increased over previous password attacks, rainbow tables are application or OS-specific
- Salt – Random data added to a password before hashing takes place
- Birthday attack – 23 students have 50% of 2 students having the same birthday, for 30 there’s a 70% chance, hash collisions happen when different input gives an output that uses the same hash.
- MD5 hash – Has hashing collisions.
- Downgrade Attack – Force the system to use a weaker encryption method
1.3 – Given a scenario, analyze potential indicators associated with application attacks
- XSS (cross-site scripting) – Originally called cross-site because of browser security flaws, info from one site could be shared with another, very common; malware that uses javascript
- Non-persistent (reflected) XSS – Website allows javascript to run in user input fields,
- Persistent (stored) XSS – Stored permanently on the website via a post, no specific targets
- Code injection attack – Code added into a data stream, enabled because of bad programming;
- SQL injection – Uses SQL to access, add, or remove info from a DataBase
- XML injection – Modify XML requests
- LDAP attack – Manipulates LDAP databases
- DLL injection – Injects code into applications and uses the app to run the DLL inside a new process
- Buffer overflows – Overwriting a buffer of memory; developers should perform bounds checking, not easy to exploit
- Pass the Hash – A replay attack that lets the attacker intercept a hash and replay it back to the server to authenticate, use SSL/TLS to encrypt the hash and stop this attack
1.4 – Given a scenario, analyze potential indicators associated with network attacks
- Bluejacking – Sending unsolicited messages over Bluetooth
- Bluesnarfing – Access data on a mobile device over Bluetooth
For more information click here.