Menu Search Sign up

Threats and vulnerabilities

This area covers the following topics:

Malware
• Adware
• Virus
• Spyware
• Trojan
• Rootkits
• Backdoors
• Logic bomb
• Botnets
• Ransomware
• Polymorphic malware
• Armored virus

Attacks
• Man-in-the-middle
• DDoS
• DoS
• Replay
• Smurf attack
• Spoofing
• Spam
• Phishing
• Spim
• Vishing
• Spear phishing
• Xmas attack
• Pharming
• Privilege escalation
• Malicious insider threat
• DNS poisoning and ARP poisoning
• Transitive access
• Client-side attacks
• Password attacks (including brute force, dictionary attacks, hybrid, birthday attacks, rainbow tables, etc.)
• Typo squatting/URL hijacking
• Watering hole attack

Social Engineering Attacks
• Shoulder surfing
• Dumpster diving
• Tailgating
• Impersonation
• Hoaxes
• Whaling
• Vishing
• Principles (reasons for effectiveness, including authority, intimidation, consensus/social proof, scarcity, urgency, familiarity/liking, trust, etc.)

Wireless Attacks
• Rogue access points
• Jamming/Interference
• Evil twin
• War driving
• Bluejacking
• Bluesnarfing
• War chalking
• IV attack
• Packet sniffing
• Near field communication
• Replay attacks
• WEP/WPA attacks
• WPS attacks

Application Attacks
• Cross-site scripting
• SQL injection
• LDAP injection
• XML injection
• Directory traversal/command injection
• Buffer overflow
• Integer overflow
• Zero-day
• Cookies and attachments
• LSO (Locally Shared Objects)
• Flash Cookies
• Malicious add-ons
• Session hijacking
• Header manipulation
• Arbitrary code execution / remote code execution

Mitigation and Deterrent Techniques
• Monitoring system logs including event, audit, security, and access logs
• Disabling unnecessary services
• Protecting management interfaces and applications
• Password protection
• Disabling unnecessary accounts
• MAC limiting and filtering
• 802.1x
• Disabling unused interfaces and unused application service ports
• Rogue machine detection
• Initial baseline configuration
• Continuous security monitoring
• Remediation
• Reporting of alarms, alerts, and trends
• Detection controls vs. prevention controls
• IDS vs. IPS
• Camera vs. guard

Tools and Techniques to Discover Security Threats and Vulnerabilities
• Protocol analyzer
• Vulnerability scanner
• Honeypots
• Honeynets
• Port scanner
• Passive vs. active tools
• Banner grabbing
• Risk
• Threat
• Vulnerability
• Threat vs. likelihood
• Baseline reporting
• Code review
• Determine attack surface
• Review architecture
• Review designs

Penetration Testing versus Vulnerability Scanning
• Penetration testing
• Vulnerability scanning
• Verify a threat exists
• Bypass security controls
• Actively test security controls
• Exploiting vulnerabilities
• Passively testing security controls
• Identify vulnerability
• Identify lack of security controls
• Identify common misconfigurations
• Intrusive vs. non-intrusive
• Credentialed vs. non-credentialed
• False positive
• Black box
• White box
• Gray box