< All CompTIA Security+ Notes

technobaba | CompTIA Security+ | Module 3

By: Clouds | Related Course: CompTIA Security+ | Published: August 25, 2016 | Modified: August 29, 2016
Join Cybrary

NotepadApplication Attacks.

XSS: attacker is able to convince the user to run a script within their web browser session.

SQL(Structured Query Language) attack: Injecting a malicious code into the organization database through established web session.

 


NotepadAssessment Techniques:

Baseline reporting

Code Review

Determine attack surface

Review Architecture

Review Designs


NotepadCookies

Cookies: Text file pushed to the system to monitor the preference.  


NotepadExtra

hoax attack

Smurf Attack


NotepadINterpret results of security assessment tools.

TOOLS:

ProtocolAnalyser

Vulnerability Scanner

HoneyPot

HoneyNet – Different honeypots put together.

PortScanner

BAnner Grabbing

 

TYPES:

Risk

Threat

Vulnerability


NotepadLDAP and

LDAP injection: Similar to SQL.

XML Injection:

Directory traveresal/Command injection:

Buffer overflow:


Notepadmalware

Malware; Virus, Worms, Trojans.

Adware

Spyware

Rootkits: gaining the root or administrative access of the system.

Backdoors: creation of doors in a software to do back end testing and login to the system without any login. means if a backdoor is enabled i a software then the developer can any time log into the software and do what he want. so before making  a software out he needs to disable the backdoor.

logic bombs: as name suggestes they are triggered to be activate at certain time or when certain event occur.

polymorphic malware: changes form when it’s been transfered from one place to other place one medium to other.

armoured virus: encrypted virus. which helps the virus to get undettected.


NotepadPhishing

Vishing: Via telephone/VOIP

Spear Phishing:

XMAS Attack:

Pharming Attack: – Change host file.

DNS Poisoning: – Corrupt DNS.

ARP Poisoning: – Corrupt ARP cache.

Malicious insider threat:

Client side attack: flaws in the client side operating system.

Transitive access attack: It exploits the trust relationship between the different machines have between them. Like A trusts B and B trust C so we attack C and can attack A. But noewadays the OS, Firewall dont trust anybody.

Birthday Attack: Exploits the weakness in the mathematical algorithm that generates hashes.

URL hijacking/Typo squatting:

 


NotepadTypes of Wireless attack

Rouge access point. any access point put on the network without the administrator for stealing crdentials is known as the rouge access point.{i.e router} 802.1x – remedy.

Evil twin- Fake access point allowing to login the user to login and use inenternet. {Created a hotspot and then the user join and get affected.}

Interference/jamming: To intercept the signals and interfering with signal transmission.

Bluetooth attack: Bluesnarfing, BlueJacking.


< All CompTIA Security+ Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel