ciekawe
0 111 fiszek patrykdastych
Pytanie  |
Odpowiedź |
|||
|---|---|---|---|---|
|
NIST
|
 |
National Institute of Standards and Technology
|
||
|
RAID
|
Redundant Array of Independent Disks zwiekszenie niezawodnosci, redundancy, zwiekszenie wydajnosci jest to sposób na polaczenie kilka dyskow fizycznych ktore sa widziane przez system jako jeden dysk logiczny
|
|||
|
SSO
|
Single Sing-On np oauth, logujesz sie raz i masz dostep do wielu usług
|
|||
|
ITIL
|
Information Technology Infrastructure Library zbiór najlepszych praktyk zarządzania usługami informatycznymi
|
|||
|
SOC
|
Security Operations Center
|
|||
|
AAA
|
Authentication Authorization Accounting to identify, to give permission, to log an audit trail
|
|||
|
NTFS
|
New Technology File System System plików czyli metoda przechowywania plików, zarządzania plikami
|
|||
|
FAT
|
File Allocation Table System plików
|
|||
|
show desktop shortcut
|
Win+D
|
|||
|
rename shortcut
|
F2
|
|||
|
hidden menu
|
Win+X
|
|||
|
DR/BC
|
Disaster Recovery/Business Continuity
|
|||
|
DAM
|
Database Activity Monitoring
|
|||
|
EDR
|
Endpoint Detection and Response pozwala usunac proces, usunac plik EDR monitoruje: tworzenie procesów, modyfikacje rejestrów
|
|||
|
LDAP
|
Lightweight Directory Access Protocol
|
|||
|
squid
|
proxy software tcp hit to jest cache tcp miss nie ma cache np przechowuje cache, odciaza serwery http, usprawnia dzialanie
|
|||
|
AD
|
Active Directory Usługa katalogowa czyli hierarchiczna baza danych zawierająca użytkownikow, aplikacje, urzadzenia sieciowe
|
|||
|
PUP
|
Potentially Unwanted Programs
|
|||
|
RAT
|
Remote Access Trojan
|
|||
|
frame
|
layer 2
|
|||
|
packet
|
layer 3
|
|||
|
segment
|
layer 4
|
|||
|
hierarchia w systemie
|
hardware->kernel->Shell/GNOME/KDE->User
|
|||
|
SOAR
|
Security Orchestration, Automation and Response
|
|||
|
PTES
|
Penetration Testing Execution Standard
|
|||
|
DLP
|
Data Loss Prevention set of tools and processes to ensure that no sensitive dara is lost
|
|||
|
IR process
|
preparation, detection&analysis, containment eradication & recovery, post-incident activity
|
|||
|
ATP
|
Advance Threat Protection
|
|||
|
IOC
|
Indicators Of Compromise
|
|||
|
IOA
|
Indicators Of Attack
|
|||
|
EFS
|
Encrypting File System
|
|||
|
WFH
|
Work From Home
|
|||
|
TTP
|
Technics Tactics and Procedures
|
|||
|
CVSS
|
Common Vulnerability Scoring System
|
|||
|
SAST DAST IAST
|
(Static, Dynamic, Interactive) Application Security Testing
|
|||
|
CI/CD
|
Continuous Integration/Continuous Deployment
|
|||
|
WAF
|
Web Application Firewall
|
|||
|
XML
|
Extensible Markup Language <quiz>xd</quiz>
|
|||
|
csv, xls
|
csv - comma-separated values, plain text separated by commas, xls - microsoft excel, holds info about worksheets, xlsx > 2007
|
|||
|
DevSecOps
|
DevOps Dev-ma byc szybko Ops-ensures quality, sec-integrated, automated, continuous security
|
|||
|
OSS
|
Open Source Software
|
|||
|
MDM
|
Mobile Device Managment Allows to control the content allowed, redtrict access to smth, lock device if stolen
|
|||
|
NAC
|
Network Access Control Restriciting unauthorized users
|
|||
|
SIEM
|
Securitt Information and Event Managment makes data "human accessible" Data aggregator, search and reporting system, rules, makes alerts
|
|||
|
normalization
|
turning raw data into strict format
|
|||
|
UBA(UEBA)
|
User(and Entity) Behavior Analytics comparing historical user behavior to identify a compromise
|
|||
|
PoS
|
Point of Sale
|
|||
|
birthday attack
|
polega na znalezieniu kolizji funkcji hashujacej(md5 np mialo z tym problem)
|
|||
|
skimming attack
|
skimmer to to gowno w bankomacie co kradnie dane, skimming attack polega na kradziezy danych z karty
|
|||
|
buffer overflow
|
put more data in variable than variable can hold
|
|||
|
memory leak
|
memory that is no longer needed is not deleted,(free up memory) nie zwalniamy zarezerwowanej pamieci, moze prowadzi do ataku DoS
|
|||
|
IT/OT
|
Information Technology/Operational Technology OT to np SCADA, PLC, ICS(Industrial Control Systems)
|
|||
|
logic bomb
|
trigger malicious code while specific conditons met np time bomb sie wlacza w piatek 13
|
|||
|
NFC
|
Near Field Communication
|
|||
|
wardriving, warflying, warwalking
|
idziesz, jedzeisz przez miasto i szukasz wifi
|
|||
|
pivot/pivoting
|
utilizing compromised network/system to perform attacks on other systems in the same network
|
|||
|
DAD triad
|
Disclosure, Alternation, Denial
|
|||
|
HSTS
|
Http Strict Transport Security its just a header strict-transport-security: preload is a list of safe websites informs browsers that the site should only be acceses using HTTPS
|
|||
|
IEEE 802.1X
|
standard kontroli dostepu w sieciach przewodowych i bezprzewodowych
|
|||
|
IAAS, PAAS, SAAS
|
(Infrastructure, Platform, Software) as a service I - virtualization and you got whole machine to manage(os included) P - you onlyanage application and datagt
|
|||
|
typosquatting/cybersquatting
|
okupowanie domain name jakiejs firmy, okupowanie domain name podobnego do nazwy glownej domeny firmy
|
|||
|
apt update vs upgrade
|
update gets information about latest version of packages, upgrade installs them
|
|||
|
. so file in unix
|
so -share object, dynamic libraries
|
|||
|
x86
|
32bit
|
|||
|
dll vs static
|
dll to te pliki dll, a biblioteka statyczna jest embed into exe file
|
|||
|
vishing
|
voice phishing
|
|||
|
http status codes
|
1xx info 2xx success 3xx redirect 4xx client error 5xx server error
|
|||
|
dwa najpopularniejsze silniki przegladarki internetowej
|
gecko - mozilla, blink - google/czesc projektu chromium
|
|||
|
multiplexing
|
multiple signals combined into one signal over shared medium
|
|||
|
hol blocking
|
head of line blocking happens when a line of packets is held in queue by a first packet(to maintain order)
|
|||
|
quic
|
quick udp internet connections quic ensures reliability it remoces tcp-based head of line blocking, it makes tls handshake faster
|
|||
|
race conditions
|
when two processes/threads attempts to access same resource at thr same time common issue for multithreaded applications
|
|||
|
path do logow linuxowych/windowsowych web servers
|
np /var/log/apache2 /var/log/nginx/access. log np error. log/access. log np Program Files/Apache/logs/access. log
|
|||
|
sysmon
|
system monitor - usługa systemowa rejestrujaca eventy
|
|||
|
tcp/udp nazwa ramed layer 4
|
tcp - segment udp - datagram
|
|||
|
tcp/ip layers
|
app/transport/internet/network interface
|
|||
|
rainbow table
|
precomputed table of hashes
|
|||
|
netbios, porty windows file share
|
windows file share 135-139,445 netbios to protokol umozliwiajacy laczenie sie aplikacji w sieci
|
|||
|
kerberos/ldap in ad
|
kerberos os default authentication and authorization protocol, ldap also is auth protocol if you want to havre linux/mac in ad you use ldap or samba
|
|||
|
web server/application server
|
web server handles httl requests, app server holds business logic apache - web server, apache tomcat - app server
|
|||
|
post/put/patch
|
post tworzy nowy obiekt, put aktualizuje lub tworzy nowy obiekt(wymaga kompletu danych, podobnie jak post) patch akutalizuje obiekt, obiekt musi istniec, przesyla tylko dane ktore maja byc zaktualizowane post - gdy chcemy stworzyc, put gdy chcemy zaktualizowac(czesto blokuje sie tworzenie nowych obiektow), patch gdy obiekt ma ogromne ilosci danych, wtedy chcemy tylko przesylac te dane ktore chcemy zaktualizowac a nie komplet danych jak w przypadku PUT
|
|||
|
noc vs soc
|
noc analysis performance, wants system to respond network(security) operation center soc investigates
|
|||
|
reverse proxy vs load balancer
|
load balancer is spreading the load among servers load balancer is specific thing reverse proxy can be a load balancer but also is caching, can provide security, ssl acceleration(removing ssl)
|
|||
|
linux remove file/directory
|
rm file. txt / rm -r dir -r usuwa caly directory z innymi rzeczami w srodku razem z subdirectory
|
|||
|
/etc/passwd vs /usr/bin/passwd
|
kontener na hasla vs komenda
|
|||
|
rwx vs rws
|
rws wtedy s to suid(set user id) czyli uruchamiajac ten plik uruchamiamy go z uprawnieniami tego kto stworzyl plik a nie ze swoimi uprawnieniami
|
|||
|
exploit/payload/vulnerability
|
exploit takes advantage of vulnerability, vulnerability is a flaw in a design, coding, logic, that can be exploited payload is a code that will run on the target system
|
|||
|
vpr
|
vulnerability priority ranking made by tanable it is a vulnerability scoring system
|
|||
|
firmware
|
oprogramowanie wbudowane, zainstalowane na stale w urzadzenii zapewniajace podstawowe procedury jego obslugi np firmware w oscyloskopie, no raczej go nie zmieniasz masz wbudowane oprogramowanie na stale i jest git
|
|||
|
pgp
|
pretty good privacy, software that implementa ecnryption
|
|||
|
cyber kill chain
|
recon, weaponization, delivery, exploitation, installation, c2, accomplishing goals
|
|||
|
threat intelligence
|
data collected and analyzed is used to provide information about current and potenital attacks against organization
|
|||
|
firmware/driver/os
|
firmware is built in into ROM, it is fixed code e. x BIOS or firmware for gpu, driver tells OS how to communicate with the device os can be updated obviously firmware low level tasks, os high level tasks
|
|||
|
serial vs pararell transmission
|
serial oznacza ze bity sa przesylane w ustalonej kolejnosci a pararell ze kilka bitow jest przesylanych rownolegle za pomoca kilku roznych kanalow pararell jest szybsze ale mniej reliable
|
|||
|
watering hole attack
|
zwierzeta na sawannie podchodza do wody zeby sie napic i krokodyl atakuje czyli stawiasz stronke i czekasz az ktos na nia wejdzie, wtedy jakis drive by download czy cos
|
|||
|
ISO/OSI
|
Internation Standards Organization Open Systems Interconnection
|
|||
|
RTO, RPO
|
Recovery Time Objective - how quickly after disaster you must be back i production RPO - Recovery Point Objective - how much you can afford to lose
|
|||
|
. run files in linux
|
its like exe, executable file in linux
|
|||
|
horizontal/verical/box scan
|
horizontal - one port many ip, vertical - many ports one ip box is combination of both
|
|||
|
RPC
|
Remote Procedure Call, client server protocol, klient wysyla dane w ustalonym formacie a serwer realizuje usluge
|
|||
|
adapter vs interface
|
adapter - piece of hardware(works on datalink level), network interface is software construct(works on ip level)
|
|||
|
promisc vs monitor mode
|
promisc is getting all the traffic(without promisc you would analyze only packets sources or destined to you, so you can still sniff but you won't get packets that are not destined to you) monitor mode it is on wlan and it allows to sniff all traffic on channel(even encrypted ones with WPA)
|
|||
|
dpkg -l
|
lists all of installed packages on system
|
|||
|
find command
|
syntax: find where what; if not specified where, it will look recursively(current driectory and subdirectories) inne przydatne: -type (f lub d) -perm, find -name "text. txt"; find -name "*. py"; find /home/kali/Desktop -name "*xdd*"
|
|||
|
ws-discovery
|
web services discovery, multicast discovery protocol that locates services on local network
|
|||
|
rx tx
|
rx - received bytes, tx - transmited bytes
|
|||
|
FIPS
|
Federal Information Processing Standard
|
|||
|
ENS
|
Endpoint Security
|
|||
|
symlink
|
dowiazanie symboliczne, mozemy sprawic ze plik znajdzie sie w danym miejscu, mimo ze bedzie w innym
|
|||
|
NEWS
|
Notable Event Weather Sport
|
|||
|
. tar. gz
|
tar is archive stored many files in single file,. tar is not compressing . gz is compressing
|
|||
