Security+ 2024

Cards (489)

  • Social Engineering: Using emotions and circumstances against people so that they let down their guard and give up information that would normally be private.
  • Pretexting : making up a story
  • Eliciting Information : extracting information from victim
  • Types of Phishing:
    . Vishing
    . Smishing
    . Pharming
    . Spear Phishing
    . Whaling
    . Typosquatting
    . Prepending
  • Vishing - (voice phishing) over the phone
  • Smishing - (SMS phishing) via text message
  • Pharming - large-scale credential harvesting
  • Spear Phishing - targeting phishing with inside information
  • Whaling - spear phishing the CEO or CFO
  • Typosquatting - URL hijacking
  • Prepending - adding on extra letters to URL ex: https://ggoogle.com
  • You should burn sensitive information in order to prevent dumpster diving
  • Shoulder surfing : viewing another person’s screen over their shoulder
  • You can prevent shoulder surfing by using privacy filters
  • Hoaxes : A threat that doesn’t actually exist
    (Often are emails)
  • Watering Hole Attack : Instead of worrying about getting into the system, the attacker sits where all the traffic goes
  • How do watering hole attacks work?
    infect third-party sites, which infect all visitors
  • How do you prevent watering hole attacks?
    Firewall and IPS, Antivirus / Antimalware
  • Tailgating : Using an authorized person to gain unauthorized access to a building
    Often includes impersonation of someone meant to be there but who would not have everyday access (plumber, electrician, etc.)
  • How do you prevent tailgating?
    Having one scan per person, implementing mantraps ; ask if they are supposed to be there
  • Invoice Scams : send false invoice to the person who pays the bills
  • Credential Harvesting : attacker sends email with malicious Microsoft Word doc, opening the doc runs a macro, macro downloads credential-harvesting malware, user has no idea because this is happening in the background.
  • Name the Social Engineering Principles:
    A: Authority
    C: Consensus
    F: Familiarity
    I: Intimidation
    S: Scarcity
    T: Trust
    U: Urgency
  • Authority : In charge, CEO, help desk, police
  • Intimidation : Bad things will happen if you don’t help
  • Consensus : What’s normally expected, Jimmy did this for me last week
  • Scarcity : Click now before the deal expires
  • Urgency : Works alongside scarcity, act quickly, don’t think
  • Familiarity : Someone you know, common friends
  • Trust : Someone who is safe, Dave from IT here to help
  • Virus : Malware that reproduces itself after you interact with it
  • Types of viruses :
    Boot Sector Virus
    Fileless Virus
    Macro Virus
    Program Virus
    Script Virus
  • Worm
    • Malware that self-replicates without any user action
    • Uses the network as a transmission medium
    • Difficult to prevent/mitigate
  • Ransomware
    • Attackers want your money
    • May avoid paying with help of a professional
  • Crypto-malware
    • attackers encrypt your data until you pay for the key
    • Public key cryptography
  • How do you prevent Ransomware and / or Crypto-malware?
    Always have a backup
  • Trojans : Software that pretends to be something else
  • PUP : Potentially Unwanted Program
  • Backdoor : Often placed by malware, which other malware can take advantage of
  • RAT
    • Remote Access Trojan
    • The ultimate backdoor, Admin control of a device
    • Key logging, screen recording, copy files, embed more malware