Professional Documents
Culture Documents
Sy0 601
Sy0 601
Sy0 601
1.1.1: Principles
1.1.2: Spam
1.1.4: Phishing
1.1.5: Smishing
Remember PayPal issue where you typed in real username and password.
1.1.6: Vishing
Subcategory of Phishing.
Voice + Phishing = Vishing
Examples: 1) Call saying you owe IRS money.
2) Amazon account purchase
1.1.7: Spear Phishing
Individuals/specific groups are targeted compared to Phishing where it is sent out as bulk.
1.1.8: Whaling
1.1.9: Impersonation
Faking to be a friend and asking for money on social media. Like what happened to Shawn chettan and asking for money.
1.1.12: Pharming
Pharming Phishing
Typing correct website, but getting directed to a wrong Attacking is taking you to a different URL/website
website due to DNS record alteration by the attacker.
1.1.13: Tailgating
1.1.15: Prepending
1.1.19: Reconnaissance
1.1.20: Hoax
Displaying or explaining threats that doesn’t exist. Like the “Your computer is infected” banners on websites.
Defenses: Spam filters for phone and email.
1.1.21: Watering Hole Attack
1.2.1: Malware
1.2.2: Virus
1.2.4: Backdoor
On a previously infected computer, an attacker leaves a “backdoor”, even after patching it, for accessing it some other
time.
Major issue with Ransomware attacks.
Backdoors are not malicious and can be created by developers.
Backdoors can be reverse engineered.
Bad security practices.
Malware that pretends to be harmless, but takes over control of devices. Meaning they are “door openers”.
Can have the Trojan horse look like an image file, or video file.
Uses of Trojan Horse: 1) Used to steal information (ie: harvest credentials)
2) Monitor what gets typed.
3) Take control of peripherals.
4) Install additional malware.
Trojans are not Virus. They do not self-replicate, unlike Virus.
Real like examples: 1) Qbot – banking trojan.
2) Have Command & Control (C2 or C&C) feature.
3) Execute Ransomware.
Spread via Phishing.
Locker-Ransomware: infects PCs and locks the user’s files, preventing access to data and files located on the PC until a
ransom or fines are paid.
Scareware: cyberattack tactic that scares people into visiting spoofed or infected websites or downloading malicious
software (malware). Examples are: pop-up ads that appear on a user's computer.
PUPs are also referred to as Junkware, Bundleware, Potentially Unwanted Applications (PUAs)
Comes with software you download. (Ex – McAfee being download with other programs)
PUPs are not called Malware, because the user had to agree with installing it, without knowledge.
Effects on PUPs: 1) Slow computer
2) Ads Adware
3) Add toolbars browser Browser Hijackers
4) Collect and sell information Spyware
5) Mine Cryptocurrency using computers resource
Adware – displays high amount of ads
Browser Hijackers – PUPs that install additional extensions
Spyware – PUPs that collect and sell private information.
1.2.10: Spyware
1.2.12: Keyloggers
Lives in memory, and does not rely on executables files. This makes it stealthy.
Process: 1) User open attachment
2) Loads malware directly in memory
3) Downloads additional payload/collect info/escalate privileges/move through networks.
Technique used by Fileless Malware/Virus is called Living-off-the land. This means, it uses trusted, legitimate processes
running on the OS.
Programs used by Fileless Malware is PowerShell, Macros, .NET
Command & Control (C&C/C2) = used to establish control over the targeted device. Need to have backdoor setup already
with phishing or other forms of attacks.
Uses: 1) Receive stolen information
2) Push additional malicious files to the target
3) Issue commands remotely
Block unwanted traffic: 1) Use firewall
2) IDS
3) Use Security Groups & Network Access Control List (NACL) if using cloud resources.
Plaintext Password: does not use encryption or hashing to mask the information.
Encrypted Password: Transforms plaintext data into Ciphertext. Ciphertext is unencrypted by a secret key.
a) Symmetric Encryption: Uses secret key for encrypting data & decrypting data. Faster
b) Asymmetric Encryption: Uses public key to encrypt and private key to decrypt
c) Hashing: functions that convert an input into an encrypted, fixed-length output. Once hashed, its can be called
a “Message Digest” or “Fingerprint”. Hashes cannot be reversed.
Hashes Encryption
1) Protect the integrity of information 1) Secure confidentiality of data
2) Produces a fixed length function 2) Different length
Encryption is used to securely send info from users’ devices to a web server for processing.
Uses Hashing to store those data in a database.
Trying as many combinations to try and guess what the correct username and password combination is.
Limitations: 1) Rate Limiting: Limits number of requests in a given period of time.
2) Account Lockouts
These attacks use lists that contain common words/phrases used in passwords.
Form of Brute Force attacks. Difference is, Dictionary Attacks will only use password from a list.
Faster than Brute Force Attacks
Does not work against complex passwords.
Hash functions are one-way functions meaning it cannot be decrypted, but can only be cracked.
Hash Tables: Stored a list of computed hash values of commonly used password/or from a dictionary list.
Rainbow Tables: Stores a list of computed hash values, and organized similar has values in a way to reduce storage space
requirements.
Pros Cons
Common Hash attacks can be done much faster than Brute Force. * Large storage requirements
* Need tables for each hashing
algorithm
Rainbow Table Faster lookup than hash tables * More computing time required
Hash Table Less computationally intensive * More storage space required
* Slower lookup than rainbow tables
Using stolen usernames and passwords from one organization (obtained in a breach or purchased off of the dark web) to
access user accounts at another organization.
Defenses: 1) Enforce MFA
2) Add a PIN, 2nd-ary password, or security question
3) Check user passwords against known leaked passwords
Defense in Depth: Layering of defenses.
Once plugged into a target computer, USB cables can inject keystrokes to download payloads (Trojan).
Once the USB cable is plugged in, OS will recognize the USB as HID (Human Interface Device)
Once plugged into a target computer, Flash drives can inject keystrokes to download payloads (Trojan).
Once Flash drive is plugged in, OS will recognize the Flash drive as HID (Human Interface Device).
Flash drives can also be used as boot devices. After a reboot, system will boot from the flash drive.
Flash drives can act as a wireless gateway/ethernet adapters.
Chips used in credit cards, instead of magnetic strips is to prevent cloning attacks.
Duplicate of a real credit card.
1.2.29: Skimming
AI & ML requires needs a lot of data for learning is called “Training Data”.
Poisoning Data: Sending modified data to mess up Machine Learning.
Data Poisoning Defense: 1) Data Validation
2) Verifying results/Constant Re-training
3) Resilience to poisoning
Shared Responsibility Model: The Shared Responsibility Model is a security and compliance framework that outlines the
responsibilities of cloud service providers (CSPs) and customers for securing every aspect of the cloud environment,
including hardware, infrastructure, endpoints, data, configurations, settings, operating system (OS).
Basically – Customer is responsible for security “IN” the cloud. Customer is responsible for security “OF” the cloud.
1.2.33: Cryptography Concepts
Cryptography is used to encrypt data to maintain its Confidentiality, Integrity, & Authenticity.
Encrypting data that is sitting in storage is called “Encrypting data at REST”.
Encrypting data that is being transferred is called “Encrypting data IN TRANSIT”.
Encrypting data that is being used is called “Encrypting data IN USE”.
Data at Rest needs: 1) Disk Encryption
2) File Encryption
3) Data Encryption
Data in transit needs: 1) Data is encrypted before being sent over the wire to the recipient (https://)
Data in Use needs: 1) Hash of the passwords
2) File Encryption
Cyphertext: Encryption converts plaintext into cipher text. Once it reaches destination cipher text is converted back to
plaintext using a key.
Key that is used is:
Types of attacks:
a) Known Plaintext Attacks (KPAs) – Attacks knows both plaintext & Cyphertext (encrypted version), attacker
figures out Secret Key.
b) Downgrade Attacks – Downgrading security by forcing communications to use a weak encryption algorithm.
Example is using an older browser which doesn’t support the latest TLS version.
c) Weak Implementations – Never, ever design your own encryption algorithms.
d) Replay Attacks – Malicious attacker intercept/eavesdrop a communication & either repeat or delay transmission.
e) Birthday Attacks – Birthday paradox can be used to reduce the complexity of cracking hash functions. Attackers
aim to create hash collisions.
f) Collision Attacks – Collisions happen when two different inputs result in the same hash value output. This is
because hash values have infinite input length, but a pre-defined output length, there is a possibility that two
different inputs can produce the same output.