virus
a program that appears to be harmless but contains malicious code that can be used to take control of a system or steal data.
What is a Trojan horse?
a type of attack in which an attacker sends more data to a program than it can handle.
What is a buffer overflow attack?
snort -v : This command starts Snort in verbose mode, which displays detailed output to the console.
snort -c snort.conf : This command specifies the path to the Snort configuration file (snort.conf) and starts Snort with the specified configuration.
snort -r packet.pcap : This command reads a packet capture file (in this case, packet.pcap) and analyzes it for signs of network-based attacks.
snort -A console -i eth0 : This command starts Snort in console mode and specifies the network interface (eth0) to monitor for network traffic.
snort -T -c snort.conf : This command performs a configuration check on the Snort configuration file (snort.conf) to verify that it is valid and can be used by Snort.
what is snort IDS
is a tool that is used to identify which ports are open and available on a device or network
What is the purpose of a port scanner?
a type of encryption that uses the same key for both encryption and decryption. This means that both the sender and receiver must have access to the same key in order to communicate securely. Asymmetric encryption, also known as public-key cryptography, uses two different keys: a public key and a private key. The public key can be freely shared, while the private key must be kept secret. Messages encrypted with the public key can only be decrypted with the private key, and vice versa
difference between symmetric and asymmetric encryption?
infects the boot sector of a hard drive or other storage device. This type of virus can cause a computer to become unbootable or may overwrite critical system files, resulting in data loss and system instability.
Boot Sector Virus
a type of attack in which an attacker exploits a vulnerability in a web application that allows them to inject malicious SQL code into a database query
What is a SQL injection attack?
omp : This command opens the OpenVAS Management Protocol (OMP) command line interface, which allows users to manage OpenVAS scans, targets, and configurations.
omp -u <username> -w <password> -h <host> -p <port> : This command connects to the OpenVAS server using the specified credentials and host/port information.
omp -G : This command lists all available scan targets that have been configured in OpenVAS.
omp -g <target-id> : This command displays detailed information about a specific scan target identified by its target ID.
omp -S : This command starts a new vulnerability scan on all configured targets.
omp -s <scan-id> : This command displays detailed information about a specific scan identified by its scan ID.
vulnerability scanner is OpenVAS (Open Vulnerability Assessment System).
, also known as a network analyzer, is a tool used to capture and analyze network traffic.
What is a packet sniffer?
a type of malware that is designed to hide its presence on a system by modifying the operating system or other core system files
What is a rootkit?
a type of virus that infects executable files, typically by attaching itself to the executable code. When the infected program is executed, the virus is activated, and it may spread to other files on the system.
File Infector Virus:
a technique used by attackers to manipulate individuals into divulging sensitive information or performing actions that compromise the security of a system or network.
What is social engineering?
gpg --gen-key : This command generates a new encryption key pair.
gpg --list-keys : This command lists all available public keys.
gpg --list-secret-keys : This command lists all available secret keys.
gpg --import <filename> : This command imports a public key from a file.
gpg --export -a <username> : This command exports a user's public key in ASCII format.
gpg --encrypt -r <recipient> <filename> : This command encrypts a file using the specified recipient's public key.
encryption software is GnuPG (GNU Privacy Guard).
a network security device that monitors and controls incoming and outgoing network traffic.
What is a firewall?
One is self-propagating whereas the other has to have human interaction to initiate some sort of malicious action
difference between a virus and a worm?
a type of malware that spreads across networks or the internet by replicating itself onto other computers
A worm
a type of attack in which an attacker attempts to make a network or system unavailable to legitimate users by overwhelming it with traffic or other types of requests.
What is a denial-of-service (DoS) attack?
splunk start : This command starts the Splunk service.
splunk stop : This command stops the Splunk service.
splunk restart : This command restarts the Splunk service.
splunk status : This command displays the current status of the Splunk service.
splunk add index <index-name> : This command creates a new index in Splunk.
SIEM (Security Information and Event Management) system is Splunk.
is a decoy system or network that is designed to lure attackers and gather information about their tactics and techniques.
What is the purpose of a honeypot?
process of identifying potential security vulnerabilities in a system or network. and the other is an attempt to exploit those vulnerabilities in order to gain unauthorized access to the system or network.
difference between a vulnerability assessment and a penetration test?
a type of virus that is written in Microsoft Office macro language. this type of virus is typically spread through infected documents or spreadsheets and can perform a variety of malicious actions, such as deleting files or stealing data.
a macro virus
attack that involves multiple sources of traffic targeting a single system or network. This can include traffic generated by a botnet or other type of compromised system.
distributed denial-of-service (DDoS) attack?
nmap <target> : This command performs a basic scan of the specified target (e.g. an IP address or hostname).
nmap -F <target> : This command performs a "fast" scan of the specified target, which includes only the most commonly used ports.
nmap -sS <target> : This command performs a "stealth" scan of the specified target, which attempts to avoid detection by using low-level TCP SYN packets.
nmap -O <target> : This command attempts to determine the operating system of the specified target by analyzing various network characteristics.
network mapping tool is Nmap (Network Mapper).
a secure connection between two devices or networks over the internet
virtual private network (VPN)?
A highly sophisticated worm that targeted industrial control systems, specifically those used in Iran's nuclear program. It caused physical damage to centrifuges, disrupting the country's nuclear enrichment capabilities.
Stuxnet: