Cyber 101

avatar
Created by
Dylan Tappenden

Cards (44)

  • Security champions engage with fellow employees to support any security queries and encourage positive, secure behavior from their colleagues.
  • Do security champions have to be technical?
    No
  • Technical security championsA technical security champion helps to amplify security priorities to other members in a dedicated team, which are usually technical-focused ones such as IT support or engineering. It is their job to ensure security.
  • Security champions communicate their security concerns to their teams
  • The cyber kill chain is a step-by-step cybersecurity model that outlines the stages followed by malicious actors to conduct cyberattacks.
  • 7 steps of cyber kill chain initials and there word
    R - Reconaissance
    W - Weaponisation
    D - Delivery
    E - Exploitation
    I - Installation
    C - Control
    A - Action
  • Cyberkill model was made by lockheed martin
  • Cyber kill - Reconaissance:
    Observing and harvesting information to identify targets and attack methods.
  • Cyber kill - Weaponisation:
    Preparing for the attack, such as payload (e.g. malware)
  • CyberKill - Delivery:
    Execute attack, often by delivering a payload(e.g. malware)
  • Cyber kill - Execution:
    Using payload (e.g. running malware) to gain unauthorised access
  • Cyber kill - Installation:
    Installing software to keep control of device
  • Cyber kill - Command and control:
    Gain control of a system and exfiltrate data
  • Cyber kill - Action:
    Achieve original goals through actions while in control
  • Talktalk hack in 2015 was for fun
  • 4 types of cookie and if they have 2 names include other after hyphen?
    Session - transient
    Authentication
    Third-party
    Persistent - tracking
  • What is the EU law dictating the three rules of cookies?
    Cookie law
  • What are the three rules of cookies?
    All cookies must be consented to
    Give info on what cookies are for
    Give users ability to opt out as easily as opt in
  • Session cookies are cookies that last as long as the browser remains open. They hold session data such as a shopping cart when not logged in. They can be used to open up your session with a different device
  • Authentication cookies are cookies that store that you have permission to access data - you are authorised.
  • Third-party cookies are not collected by the first-party and are instead collected by third-parties primarily to advertise to you.
  • Persistent cookies only last until a specific date or for a length of time, as otherwise the data may not be held for a reasonable amount of time
  • Persistent cookies transmit data when requested for it, often by websites to consider your browsing habits on their website over time
  • Geolocation is finding a devices geological location
  • Geolocation 3 main types:
    Device-based
    WPS
    Server-based
  • VPNs reroute your traffic through their servers first, as your request is sent as if it came from their network. This reduces the ability of hackers to intercept traffic
  • Device based geolocation is primarily from hardware on a device such as GPS and celluar network
  • WPS is wifi positioning system which locate a device based on where that wifi is coming from according to large databases
  • Server-based geolocation locates a device based on it's IP address. It locates the corresponding location from large databases
  • After a data breach threat actors may have large amounts of personal data. They can use this personal data to create large botnets to share misinformation, and target reader biases
  • Clickbait articles have false titles and content to increase attention from visitors and thus increase interaction with content.
  • Propaganda
    Propaganda refers to content and news that is deliberately intended to sway the reader's perspective.
  • Satire/parody
    These types of articles are written humorously; typically fake stories making fun of fake news or absurd, true stories. Intended to entertain and not for malicious purposes
  • Biased news
    Many people are drawn to stories that confirm their own beliefs or biases; fake news can prey on these. 
  • It is not illegal to access darknets
  • Users benefit from darknets as they offer anonymity, untraceable services, and a middleman for illegal actions
  • Tor is used by criminals to conduct illicit activities online because it provides them with anonymity and makes it harder for law enforcement agencies to track down perpetrators.
  • The Dark Web is a collection of websites that use encryption protocols like Tor (the Onion Router) to hide IP addresses and make it difficult to trace activity back to its source.
  • Another darknet tool is I2P, is like tor however it doesn’t have a central point of control
  • Keystroke injection attacks are where software is used to enter keystrokes, it can be done through USB aswell