Pytanie |
Odpowiedź |
rozpocznij naukę
|
|
Security Content Automation Protocol is an effort by the security community, led by the National Institute of Standardu and Technology to create a standarized sporach for communicating cyber security related information.
|
|
|
rozpocznij naukę
|
|
Secure Shell (SSH). Windows - uncommon, Linux - common
|
|
|
rozpocznij naukę
|
|
DNS. Windows - common (servers). Linux - common (servers)
|
|
|
rozpocznij naukę
|
|
HTTP. Windows - common (servers). Linux - common (servers)
|
|
|
rozpocznij naukę
|
|
NetBIOS. Windows - common. linux-occasional
|
|
|
rozpocznij naukę
|
|
LDAP. Windows - common (servers). Linux - common (servers)
|
|
|
rozpocznij naukę
|
|
Remote Desktop Protocol. Windows - Common. Linux - uncommon
|
|
|
rozpocznij naukę
|
|
Built-in management, automation and scripting language tool for Windows
|
|
|
rozpocznij naukę
|
|
An implementation of the TLS protocol and is often used to protect other services. if VPN or SSH arent a good much for protecting a trafić being sent through a network, OpenSSL is used
|
|
|
Real-time operating system (RTOS) rozpocznij naukę
|
|
A RTOS is an operating system that is used when priority needs to be placed on processing data as it comes in
|
|
|
rozpocznij naukę
|
|
A type of system architekture that combines data acquisition and Control devices, computers, communications capabilities, and an interface, to control and monitor the entire architecture.
|
|
|
rozpocznij naukę
|
|
Remote Telemetry Units (RTUs) collects data from sensors
|
|
|
rozpocznij naukę
|
|
Programmable Logic Controllers that controls and collects data from industrial devices like machines or robots
|
|
|
rozpocznij naukę
|
|
is a broad term that describes network-connected devices that are used for automation, sensors, security and similar tasks.
|
|
|
rozpocznij naukę
|
|
key that lasts long only to establish connection
|
|
|
rozpocznij naukę
|
|
built around multiple controls design to ensure that a failure in a single or event multiple controls is unlikely to cause a security breach
|
|
|
Open Systems Interconnection (OSI) rozpocznij naukę
|
|
this model is used to conceptually describe how devices and software operator together through networks
|
|
|
rozpocznij naukę
|
|
a capability that allows you to limit the bimber of MAC addresses that can be used on a single port
|
|
|
rozpocznij naukę
|
|
Fuzz testing or fuzzing is an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities.
|
|
|
rozpocznij naukę
|
|
is the process of applying security controls to reduce the probability and/or magnitudę of a risk
|
|
|
rozpocznij naukę
|
|
a packet analyzer that can be used to capture and analyse network traffic for forensics purposes
|
|
|
rozpocznij naukę
|
|
In summary, MDM primarily deals with managing mobile devices, UEM extends this management to various endpoint devices, and MAM focuses specifically on managing mobile applications and their associated data.
|
|
|
rozpocznij naukę
|
|
theft od information from bluetooth enabled device
|
|
|
rozpocznij naukę
|
|
when unwanted messages are sent to a device through bluetooth
|
|
|
rozpocznij naukę
|
|
evil maid attack are inperson attack where attacker Tales advantage of physical Access to hardware to acquire information or to insert malicious software on a device
|
|
|
rozpocznij naukę
|
|
Multithreading in IT refers to a programming technique where multiple threads within a single process execute independently, allowing tasks to run concurrently. It enables applications to perform multiple tasks simultaneously,
|
|
|
rozpocznij naukę
|
|
In information technology (IT), a variable is a symbolic name associated with a value or data storage location in computer memory. Variables are used to store and manipulate data within a program or a script
|
|
|
rozpocznij naukę
|
|
In information technology (IT), a nonce (which stands for "number used once") is a value that is used only once within a specific context or session. Nonces are commonly used in security protocols to prevent replay attacks
|
|
|
rozpocznij naukę
|
|
group Policy is the easiest way to restrict the Access to the OS components and resources by defining a set of rules that control the working environment of user account and computer accounts
|
|
|
rozpocznij naukę
|
|
Secure Electronic Transaction or SET is a system that ensures the security and integrity of electronic transactions done using credit cards in a scenario. SET is not some system that enables payment but it is a security protocol applied to those payments.
|
|
|
rozpocznij naukę
|
|
Failover is the process of automatically switching to a standby or backup system in case the primary system fails. This ensures continuity of service and minimizes downtime.
|
|
|
rozpocznij naukę
|
|
Redundancy involves having duplicate or backup components in a system to provide resilience against failures. Redundancy can be implemented at various levels, such as hardware redundancy
|
|
|
rozpocznij naukę
|
|
Cable locks typically consist of a flexible steel cable with a locking mechanism at one end. They are commonly used to secure items like bicycles, laptops, or luggage. Cable locks often have a combination or key-operated locking mechanism.
|
|
|
rozpocznij naukę
|
|
Keypad locks, also known as electronic or digital locks, utilize a keypad for entry instead of a traditional key. Users enter a pre-set code or PIN to unlock the device. Keypad locks are often found on doors, safes,
|
|
|
rozpocznij naukę
|
|
Padlocks are traditional locks that consist of a detachable locking mechanism (the shackle) and a body. The shackle is typically secured through a loop or hasp and can be locked in place using a key or combination.
|
|
|
rozpocznij naukę
|
|
In summary, STIX is a language for describing cyber threat information, while TAXII is a protocol for exchanging that information between organizations. They work together to enable standardized and automated sharing of threat intelligence cyber threats.
|
|
|
rozpocznij naukę
|
|
ar methods or tools that provide Access that bypass normal authenticstion and authorization procedures
|
|
|
rozpocznij naukę
|
|
Bots are remotely controlled Systems or devices that have a malware infection. Many botnet command and Control Systems operate in a client-server mode
|
|
|
rozpocznij naukę
|
|
TCB stands for Trusted Computing Base. It's the core components of a computer system responsible for enforcing security policies and maintaining system integrity. Security Kernel is the core of TCB and consist of hardware software and firmware
|
|
|
rozpocznij naukę
|
|
Messaging spam, sometimes called SPIM,[1][2][3] is a type of spam targeting users of instant messaging (IM) services, SMS, or private messages within websites
|
|
|
rozpocznij naukę
|
|
mathematical way of veryfing the authenticity of the document
|
|
|
rozpocznij naukę
|
|
is a domain name system(DNS) based evasion technique used by cyber criminals to hide phishing and malware delivery websites behind an ever-changing network of compromised hosts acting as reverse proxies to the backend botnet master
|
|
|
rozpocznij naukę
|
|
is the first line of defence for a networks security and is another name for a lock down system. A bastion Host is usually a highly exposed device because IT is a first line in a network security
|
|
|
rozpocznij naukę
|
|
Universal Endpoint management tool can manage desktops, laptops, mobile devices, primters and other devices
|
|
|
rozpocznij naukę
|
|
can be used to capture and analyse Session Initiation Protocol (SIP) traffic on a network.
|
|
|
rozpocznij naukę
|
|
Stateful inspection is a firewall technology that monitors the state of active connections and tracks the state of network connections in order to determine whether incoming packets are allowed or denied
|
|
|
Tools to search for rootkits rozpocznij naukę
|
|
|
|
|
How to get rid of rootkit? rozpocznij naukę
|
|
Rootkits are designed to hide from antimalware scanners and can often defeat locally run scans. 1. Mounting the drive in another system in read-only mode. 2. Booting from a USB drive and scanning using a trusted, known good operating system
|
|
|
rozpocznij naukę
|
|
A stealth virus is a type of virus that actively hides its presence from detection by antivirus software or other security measures. It achieves this by altering its code or behavior to evade detection.
|
|
|
rozpocznij naukę
|
|
is a virus that can change its appearance or signature each time it infects a new file or system. This makes it difficult for antivirus software to detect because the virus presents a different pattern or signature each time it infects a new file.
|
|
|
rozpocznij naukę
|
|
Pharming attacks redirect traffic away from legitimate websites to malicious versions. Pharming typically requires a successful technical attack that can changed DNS entries on a Local PC or on a trusted Local DNS server
|
|
|
rozpocznij naukę
|
|
Pretexting involves creating a fabricated scenario or false identity to deceive someone into providing information or taking action. prepending involves adding content or data at the beginning of something, adding text to the beginning of document
|
|
|
rozpocznij naukę
|
|
virus hoax is a false warning about a computer virus. Typically, the warning arrives in an email note or is distributed through a note in a company's internal network.
|
|
|
rozpocznij naukę
|
|
the use of a range of different methods to attack an enemy, combines active cyberwarfare, influence campaigns, and real world direct action. This makes hybrid warfare almost exclusively the domain of nation stare actors
|
|
|
brute force vs dictionary attack rozpocznij naukę
|
|
A brute force attack systematically tries every possible combination of characters until it finds the correct password. a dictionary attack uses a list of commonly used passwords or words from a dictionary to attempt to gain unauthorized access.
|
|
|
rozpocznij naukę
|
|
one way cryptographic function that takes an inout and generates a unique and repeatble output from that input. no two inputs should be same, it shouldnt be reversible
|
|
|
rozpocznij naukę
|
|
any storage device, not necessarily limited to USB drives, that has been altered or infected with malware. These devices can include SD cards, external hard drives, or any other type of removable storage.
|
|
|
rozpocznij naukę
|
|
is a type of cybercrime in which a malicious actor uses a device to steal sensitive information, typically payment card data, from unsuspecting individuals. This is often done at point-of-sale terminals, ATMs, or other payment processing systems.
|
|
|
rozpocznij naukę
|
|
pharming attacks use web pages that are designed to look like a legitimate site but that attemot to capture information like credential
|
|
|
what is safest protocol replacing Telnet? rozpocznij naukę
|
|
|
|
|
what is more secure solution instead of FTP? rozpocznij naukę
|
|
Secure File Transfer Protocol (SFTP) and FTP-Secure
|
|
|
rozpocznij naukę
|
|
Footprinting (also known as reconnaissance) is the technique used for gathering information about computer systems and the entities they belong to. To get this information, a hacker might use various tools and technologies.
|
|
|
rozpocznij naukę
|
|
when testers drive by facility in a car ewuipped with high-end antenas and attemot to eavesdrop on or connect to wireless network
|
|
|
rozpocznij naukę
|
|
|
|
|
rozpocznij naukę
|
|
such as Metasploit simplify the use od Vulnerabilities by providing a modular approach to configuring and deploying vulnerability exploits
|
|
|
rozpocznij naukę
|
|
1. Anomaly detection,2. Signature detection, 3. Target monitoring,4. Stealth probes
|
|
|
rozpocznij naukę
|
|
is an open standard for token based authenticstion and authorization on the internet that allows this party services that a user account information is used without sharing a password
|
|
|
rozpocznij naukę
|
|
also known as cache poisoning. Here a rough machine caches the DNS replies from a DNS server and uses the information fraudulently to redirect the victims browser to attacker site
|
|
|
rozpocznij naukę
|
|
Address Resolution Protocol (ARP) poisoning, convinces the network that the attacker's MAC address is the one Associated with the victims address IP. in the result the traffic sent to that IP address is wrongly sent to attacker machine
|
|
|
rozpocznij naukę
|
|
|
|
|
rozpocznij naukę
|
|
|
|
|
rozpocznij naukę
|
|
|
|
|
rozpocznij naukę
|
|
|
|
|
rozpocznij naukę
|
|
refers to the use of infrared (IR) cameras or sensors to capture images in the infrared spectrum. These cameras are capable of detecting thermal radiation emitted by objects, allowing them to produce images even in low light or complete darkness.
|
|
|
rozpocznij naukę
|
|
domain hijacking involves unauthorized changes to the registration information of a domain name, while DNS hijacking involves unauthorized modifications to the DNS records that map domain names to IP addresses.
|
|
|
rozpocznij naukę
|
|
1. Gather requirenents 2. Design 3. Implement 4. Test/Validate 5. Deploy 6. Maintain
|
|
|
rozpocznij naukę
|
|
1. Identification 2. Design 3. Build 4. Evaluation
|
|
|
rozpocznij naukę
|
|
colection of tools that improve coding, bulding and test, packaging, releass, Configuration and Configuration management and monitoring ekements of a software developement life cycle
|
|
|
rozpocznij naukę
|
|
Continuous Integration - a developemtn practice that checks code into a share repository on a comsistent ongoing basis. Continuous Deployment - rolls out tested changes inti production automatically as soon as they have been tested
|
|
|
rozpocznij naukę
|
|
Application Progrmaming interface interfaces between clients and servers or applications and operating systems that define how the client should ask for information from the server and how the server will respond. programs written in any language canuseit
|
|
|
Blind Time based SQL injection attack rozpocznij naukę
|
|
uses the amount of time required to process a query as a channel for retriving information from a database
|
|
|
what tools can be used for automated blind time based attacks? rozpocznij naukę
|
|
|
|
|
rozpocznij naukę
|
|
Once the attacker has the cookies, they may perform cookie manipulation to alter the details sent back to the website or simply use the cookie as the badge required to gain Access to the website
|
|
|
rozpocznij naukę
|
|
NTLM jest jednym z popularnych protokołów używanych przez komputery z systemem Windows do uwierzytelniania się w sieci. Jego wersja druga stworzona została przez Microsoft i wypuszczona na świat razem z premierą Windows 2000
|
|
|
how to protect against Session reply attack? rozpocznij naukę
|
|
by using secure cookies, that are never transmited over unencrypted HTTP connection
|
|
|
NTLM pash the hash attack rozpocznij naukę
|
|
form of reply attack that takes place against the operating system rather than web app. the attacker begins by gaining access to windows system and then harvest stored NTLM password hashes. they can try use hashes to gain user or admin Access to AD domain
|
|
|
Insecure Direct Object References rozpocznij naukę
|
|
if app is design to directly retrieve information from database based on argument provided by user on either query string or POST request, if the app doesnt perform authorization checks user may be permitted to view information that exeeds their authority
|
|
|
Directory traversal attacks rozpocznij naukę
|
|
when web server allow to navigate directory paths and filesystem access controls dont properly restrict acces to files stored elsewhere on the server jn the same directory
|
|
|
rozpocznij naukę
|
|
A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.
|
|
|
rozpocznij naukę
|
|
reflected cross site scripting attack occur when app allows reflected input, that allows to oerform HTML injection and insert attacker HTML code into webcpage
|
|
|
Stored/persistent XSS attack rozpocznij naukę
|
|
they remain on the server even when the attacker isn't actively waginf an attack
|
|
|
rozpocznij naukę
|
|
exploit trust relationships and attemot to have users unwittingly execute commands against a remote system. two forma: cross site rewuest forgery (CSRF/XSRF) and server side request forgery (SSRF)
|
|
|
difference between XSS and CSRF attacks rozpocznij naukę
|
|
In summary, XSS attacks focus on injecting malicious scripts into web pages to exploit other users' browsers, while CSRF attacks exploit the trust a website has in a user's authenticated session to perform unauthorized actions on behalf of the user.
|
|
|
difference between SSRF and CSRF attacks rozpocznij naukę
|
|
In essence, CSRF attacks manipulate user-initiated actions, while SSRF attacks manipulate the server's ability to make requests.
|
|
|
how to protect against CSRF/XSRF attacks? rozpocznij naukę
|
|
1) create web application that uses secure tokens 2) sites should chęck the refering URL in requests receivwd from end users and only accept requests originated from their own site
|
|
|
rozpocznij naukę
|
|
one technique that attackers have successfully used to defeat input validation controls it works by sending a web application more than one value for the same inout variable
|
|
|
rozpocznij naukę
|
|
Web Application Firewall - function similarly to network firewalla but they work at the application layer. WAF sits in front of web server and receives all network traffic headed to that server. It then scrutinizes the jnput headed to the application
|
|
|
rozpocznij naukę
|
|
set of design principles that database designers should follow when building and modifying databases. Advantages: 1. prevent data inconcistnecy 2. prevent update anomalies 3. reduce the need for restructuring existing DB 4. make DB schema more infomrative
|
|
|
rozpocznij naukę
|
|
protect applications against injection attack, the client doesnt directly send SQL code to DB server. instead the client sends argument to the server, which then inserts those arguments info a precompiled query template. example: stored procedures
|
|
|
rozpocznij naukę
|
|
provides developer with a way to confirm the authenticity of their code with their own private key and then browsers can use the developer's public key to verify that signature and ensure that the code is legitimate and was not modified by unauthorized
|
|
|
rozpocznij naukę
|
|
Software developement kits - collections of software libraries combined with documentation, examples and other resources designed to help programmers get up and running quickly in a developement environment.
|
|
|
Code integrity measurement rozpocznij naukę
|
|
use cryptographic hash functions to verify that the code being released into production matches the code that was previously approved
|
|
|
rozpocznij naukę
|
|
when an attacker manipulates a program into placing more data into an area of memory than is allocated for that programs use. The goal is to over-write other information in memory with instructuins that may be executed by a different proces running on it
|
|
|
rozpocznij naukę
|
|
variant of a buffer overflow where the result of an arithmetic operation attempts to store an integer that is top large to fir in the specific buffer
|
|
|
rozpocznij naukę
|
|
when the security of code segment depends upon the sequence of events occuring within the system. Time-of-check-to-time-of-use (TOCTTOU or TOC/TOU) is a race condition when a program checks Access permission too far in advance of a resources request
|
|
|
what is the protection against malicious drivers? rozpocznij naukę
|
|
|
|
|
rozpocznij naukę
|
|
serve as the software interface between hardware and the operating system. They require low-level Access to the operating system and run with administrator priviledges.
|
|
|
rozpocznij naukę
|
|
one of the driver manipulation attacks- attackers without the Access to the driver source code can use this technique, take a legitimate driver and wraps a malicious driver around the outside of it. Shim -malicious driver
|
|
|
rozpocznij naukę
|
|
SDN stands for Software Defined Network which is a networking architecture approach. It enables the control and management of the network using software applications
|
|
|
Space and time partitioning rozpocznij naukę
|
|
Space and time partitioning are techniques used in computer science and engineering to allocate resources (such as memory, processing time, or network bandwidth) among multiple users or applications.
|
|
|
rozpocznij naukę
|
|
Jamming refers to the intentional interference with wireless communications, such as radio signals, Wi-Fi networks, or cellular networks, to disrupt their normal operation
|
|
|