Social Engineering
A spear phishing attempt targeted towards upper management (CEO, CIO, etc.)
What is Whaling?
What is a white hat hacker?
A computer program that allows users to store, generate, and manage their passwords for local applications and online services
What is a password manager?
This type of attack consists of the insertion or “injection” of a ____ query via the input data from the client to the application.
What is SQL Injection?
An information security standard for organizations that handle branded credit cards from the major card schemes.
What is PCI-DSS? (Payment Card Industry Data Security Standard)
Following someone inside an areas without their permission.
What is tailgating?
What is black hat hacker?
A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.
What is a Brute-force Attack?
Any type of physical, application, or network attack that affects the availability of a managed resource.
What is a Denial of Service (DoS)?
A regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
What is GDPR? (General Data Protection Regulation)
An attacker registers a domain name similar to a legit one in hopes of users mistyping it or not noticing.
What is typosquatting?
Someone who is semi-authorized to hack a system. They might try to find vulnerabilities but not exploit them (Ex. Bug Bounty programs)
What is a Gray hat hacker?
An attack where an attacker exploits unencrypted password storage or a network authentication protocol that does not use encryption.
What is a Plaintext/Unencrypted Password Attack?
A general term for when a perpetrator positions themselves in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.
What is Man-in-the-Middle?
Enacted in 1996, this is a federal privacy protection law that safeguards individuals’ medical information.
What is HIPAA? (Health Insurance Portability and Accountability Act)
A compromised/corrupt name resolution process redirects user from legit site to not legit site.
What is pharming?
They use cyber weapons to promote a political agenda.
What is a Hacktivist?
An attacker chooses one or more common passwords (for example, password or 123456) and tries them in conjunction with multiple usernames
What is Password Spraying?
An attack in which an attacker falsifies the factory-assigned MAC address of a device's network interface.
What is MAC spoofing/cloning?
Enacted in 1998 to protect the online privacy of minors under the age of 13.
What is COPPA? (Children's Online Privacy Protection Act)
An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites. Ex. Company A uses Company B's website often, so an attacker compromises Company B's website to get into Company A.
What is a watering hole attack?
Someone who uses hacker tools w/out necessarily understanding how they work or having the ability to create new attacks
What is a Script Kiddie?
An attacker uses a precomputed lookup table of all possible passwords and their matching hashes.
What is a Rainbow Table attack?
A type of brute force attack where the goal is to exploit collisions in hash functions.
Hint: A collision is when two different inputs end up being the same hash.
What is a Birthday Attack?
United States legislation that defines a framework of guidelines and security standards to protect government information and operations. It governs the security of data processed by federal government agencies.
What is FISMA? (Federal Information Security Management Act)