16 Questions
What is the primary goal of the reconnaissance phase in an attack?
To gather information about the target
What type of attack involves modifying the source address of packets to bypass firewall rules?
Spoof attack
What is the term for the ability to influence the behavior of a group of people?
Social engineering
What type of attack involves sending more data to an application than is expected?
Buffer overflow attack
Which type of attack involves creating a fake web page to persuade users to enter sensitive information?
Phishing attack
What type of attack involves taking over a session between two individuals?
HiJack attack
Who is typically involved in an insider attack?
A disgruntled employee
What is the goal of the maintaining access phase in an attack?
To retain ownership of the system
What is the goal of a password attack?
To gain administrative access to the system
What is a Trojan Horse?
A program with hidden side-effects, allowing indirect access
What is the primary goal of a ransomware attack?
To lock or encrypt data, demanding a ransom in return
What is a zombie in the context of cyber security?
A program that secretly takes over another networked computer
What is the primary difference between a virus and a worm?
A virus requires user interaction, while a worm does not
What is the goal of a denial of service (DoS) attack?
To crash the system and consume resources
What is a common use of zombie computers?
To launch a distributed denial of service attack
What is a major issue with permanently connected systems?
Lack of security against denial of service attacks
Study Notes
Reconnaissance and Scanning
- Attacker gathers information about a target to launch an attack
- Scan for open ports, operating systems, applications, and services
Gaining Access
- Hacker exploits the system to gain unauthorized access
- Hacker may use social engineering tactics to trick users
Maintaining Access and Covering Tracks
- Hacker tries to retain access to the system
- May harden the system against other hackers
- Hacker covers tracks to remain undetected for a long time
Social Engineering Attacks
- Phishing: fake web page to steal sensitive information (username, password, credit cards)
- Hijack attack: hacker takes over a session and disconnects the other individual
- Insider attack: involves a disgruntled employee attacking the network
- Spoof attack: hacker modifies source address to bypass firewall rules
Types of Attacks
- Buffer overflow attack: sends more data than expected, gaining administrative access
- Password attack: tries to crack passwords stored in a network account database
- Dictionary attack: uses a list of words to crack passwords
- Brute-force attack: tries all possible combinations to crack passwords
- Hybrid attack: combination of dictionary and brute-force attacks
Malware and Viruses
- Backdoor or trapdoor: secret entry point into a program, often used by developers
- Trojan horse: program with hidden side-effects, allows attackers to indirectly gain access
- Virus: malicious software attached to another program, propagates itself and carries a payload
- Worms: replicating malware that spreads over a network, often used to create zombie PCs
- Zombie: program that secretly takes over another networked computer, used to launch distributed denial of service (DDoS) attacks
Ransomware and Denial of Service Attacks
- Ransomware: malware that locks a computer or encrypts data, demands a ransom to restore access
- DoS attack: denies service to users by consuming host resources (memory, processor cycles) and network resources (bandwidth)
Learn about the different phases of hacking, including reconnaissance, scanning, gaining access, maintaining access, and covering tracks. Understand the tactics and techniques used by hackers to compromise a system.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
