Hacking Basics and Terminology

Questions and Answers

Public Wi-Fi networks are generally considered safe for accessing sensitive data due to the large amount of data passing through them.

False (B)

Which of the following is NOT a type of hacker?

• Grey Hat
• Black Hat
• White Hat
• Red Hat (correct)

What is a DoS attack? Briefly explain its purpose.

A Denial of Service (DoS) attack is a cyberattack that aims to overwhelm a server or network with traffic, making it unavailable to legitimate users. The goal is to disrupt services or make them unusable.

A ______ is a cyberattack that utilizes multiple devices to overwhelm a server with requests.

DDoS (Distributed Denial of Service) attack

Which of the following is often used to mask your true IP address while browsing the internet?

All of the above (D)

Match the following cybersecurity concepts with their descriptions:

Phishing Attack = A type of social engineering where a malicious actor disguises themselves as a trusted entity to gain access to information. Key Logger = A type of malware that records every keystroke on a compromised device. Rootkit = A type of malware that hides its presence and provides an attacker with persistent control over a system.

What is the primary danger associated with downloading and running uncompiled binary files?

Downloading and running uncompiled binary files from untrusted sources can result in malware infection, as the content of the file is unknown and could contain harmful code.

SQL injection attacks exploit vulnerabilities in web application code to modify or access sensitive data.

True (A)

A ______ is a software program that allows an attacker to control a compromised device remotely.

Remote Administration Tool (RAT)

Which of the following is a free and open-source service that provides anonymity and access to the dark web?

Tor (D)

Flashcards

Public Wi-Fi Security

Public Wi-Fi is often unsafe, allowing hackers to stay anonymous while accessing data.

Types of Hackers

Hackers are categorized into three types: white, grey, and black, based on their intent.

DoS Attack

Denial of Service attack overwhelms a server, making it inaccessible by flooding requests.

DDoS Attack

Distributed Denial of Service attack involves multiple devices making simultaneous requests to overload a server.

Phishing Attack

Phishing involves tricking users into providing sensitive information via deceptive links.

SQL Injections

SQL injections exploit improperly formatted requests to gain unauthorized access or manipulate databases.

VPN

A Virtual Private Network anonymizes online activity by masking the user's IP address.

Proxies

Proxies serve as intermediaries for internet requests but are less reliable for anonymity.

Key Loggers

Key loggers record keystrokes to steal credentials and sensitive information.

Rootkits

Rootkits are tools designed to hide the existence of certain processes or programs from normal methods of detection.

Study Notes

Hacking

• Most hacking attacks utilize public Wi-Fi to stay anonymous.
• Hackers exploit the ease of accessing public Wi-Fi networks to gain unauthorized access to data.
• Public Wi-Fi networks are often unsecured, making it easy for hackers to steal information.

Basic Terminology

• Hackers are categorized into white, gray, and black hat types.
• Denial-of-Service (DoS) attacks overwhelm a server with requests, making it inaccessible.
• Distributed Denial-of-Service (DDoS) attacks originate from multiple sources, making them harder to defend against.
• DDoS attacks require multiple devices/connections to flood a specific target server, making them harder to prevent as compared to DoS attacks. To launch a DDoS attack, perpetrators need sophisticated tools & preparation, and multiple infected devices for making simultaneous attacking requests to a given server.
• Tools like RATs (Remote Administration Tools) are used for controlling infected devices for launching attacks

Phishing Attacks

• Phishing involves creating fake websites and emails that mimic legitimate ones.
• Victims are tricked into entering their login credentials, providing hackers with sensitive data.
• The phishing attack is often used to target sensitive/personal information, including credentials & money transfers.

SQL Injections

• SQL injection attacks target vulnerabilities in web applications to execute malicious SQL commands.
• This technique enables hackers to gain access to an organization's databases.
• This method is also often used for targeting sensitive information through vulnerabilities like data breaching.

Virtual Private Networks (VPNs)

• VPNs create a secure connection to conceal a user's IP address.
• VPNs encrypt data to ensure privacy and security when surfing the internet.

Proxies

• Proxies act as intermediaries to mask a user's IP address.
• They offer a level of anonymity, though not impenetrable.
• Using a proxy can make it harder to track users online.

Tor

• Tor is a free and open-source network that hides a user's location.
• Tor users' IP addresses are difficult to trace, which protects their anonymity.

VPS (Virtual Private Servers) and Keyloggers

• Virtual Private Servers (VPS) can be used to create a secure layer for sensitive online tasks or for accessing confidential data.
• Keyloggers can be used to extract login credentials and other sensitive information.
• Keyloggers are used by hackers to steal personal information and login details from various online sources/accounts.

Precautions

• Be cautious about where you download tools.
• Never download uncompiled binaries.
• Never run suspicious tools or programs on your computer.
• Always use verified tools.
• Use virtual machines for testing suspicious tools.