Password Security
What are some common requirements for passwords when making them?
Minimum Length, Special Characters, Numbers , Capital Letters
This type of software helps detect and remove malicious programs from your computer.
Antivirus Software
What type of information should you not give out online. (Give an example)
PII - (Anything relating to the user basically, address, name, security questions)
What type of data might you find in a breach/leak? (Name One)
Name, phone, email, password, etc
This type of software is designed to harm, exploit, or otherwise compromise a computer system.
Malware
This risky practice involves using the same password across multiple accounts or systems, making it easier for attackers to compromise multiple services after a single breach.
Password Reuse
This security feature acts as a barrier between your device and the internet, filtering incoming and outgoing traffic based on predefined rules.
A Firewall
This type of scam tricks people into clicking fake links or giving away personal info, often through email.
Phishing
This practice involves converting data such as a message into an unreadable form (cipher text) to protect it during storage or transmission.
Encryption (Not Encoding)
This type of malicious software can replicate itself and spread across systems without user interaction.
A worm
Name one of the three primary authentication factors used to verify identity.
Something you know, something you have, something you are.
This principle ensures users and applications only have the minimum access necessary to perform their tasks.
Least Privilege
This term describes the collection of data you leave behind through online activity, which can be used to track or profile you.
Digital Footprint
This type of breach occurs when sensitive data is exposed due to misconfigured cloud storage or publicly accessible databases.
(Accidental) Data Exposure
This type of malware gives attackers remote control over an infected device, often used in botnets.
Remote Access Trojan (RAT)
This authentication protocol, commonly used in enterprise environments, can be vulnerable to ticket replay attacks if not properly secured.
Kerberos
This security feature isolates applications from the rest of the system, preventing potentially harmful malware from spreading beyond its container.
This type of phishing attack uses a fake login page on a website that looks similar to an official one, but isn't.
(Example: gogle.com instead of google.com)
Website spoofing or watering hole
This type of threat exists when someone, such as an employee, intentionally or unintentionally exposes sensitive data.
Insider Threat
This problem occurs when an attacker already gained access to your device, but wants to move to devices beside it in an organization.
Lateral Movement
This hash format, used by Windows to store passwords, relies on MD4 and lacks salting.
NTLM/LM
This hardware-based security feature stores cryptographic keys and ensures platform integrity by verifying the boot process.
Trusted-Platform-Module (TPM)
This attack places a hidden layer over website buttons or forms to trick users into clicking something malicious.
Clickjacking
This attack involves moving data slowly over time to avoid detection, often using encrypted channels or covert protocols.
Data Exfiltration Attack.
This type of malware constantly changes its code structure to evade signature-based detection tools.
Polymorphic malware