CompTIA Security+ (SY0-601): Weak Points #2

A cognitive password is a form of knowledge-based authentication that requires a user to answer a question, presumably something they intrinsically know, to verify their identity.

Use a single quote:
The single quote character (‘) is the character limiter in SQL. With a single quote,’ you delimit strings, and therefore you can test whether the programmer has properly escaped the strings in the targeted application.

If not escaped directly, you can end any string supplied to the application and add other SQL code after it. This is a common technique for SQL injections.

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple-A) management for users who connect and use a network service.

The RADIUS protocol utilizes an obfuscated password created from the shared secret and creates an MD5 hash of the authentication request to protect the communications.

Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques.

Clearing involves overwriting data once (and seldom more than three times) with repetitive data (such as all zeros) or resetting a device to factory settings.

A type of virus that use various techniques to protect it from being reverse engineered. This includes changing its code during execution and encrypting its payloads.

Corporate Owned, Personally Enabled:
A business model in which an organization provides its employees with mobile computing devices and allows the employees to use them as if they were personally owned

Can facilitate MDM/MAM

When a cookie has the Secure attribute, the user agent includes the cookie in an HTTP request only if transmitted over a secure channel (typically HTTPS).

Although seemingly useful for protecting cookies from active network attackers, the Secure attribute protects only the cookie’s confidentiality.

Using a tool like nmap, an attacker can create an SYN scan across every port in the range against the desired target. A port scan or SYN scan may trigger an alert in your IDS.

While scanners support more stealthy scans, default scans may connect to each port sequentially.

Used in data URL phishing

Adding code to the beginning of a presumably safe file

Activates when the file is opened

Exploits the trust a user’s web browser has in a website

A malicious script is injected into a trusted website

User’s browser executes attacker’s script

A unique identifier assigned by the website to a specific user

A piece of data that can be stored in a cookie, or embedded as a URL parameter

Stored in a visitor’s web browser

An attempt to read a variable value from an invalid memory address

A programming error where an application tries to store a numeric value in a variable that is too small to hold it

Server-Side Request Forgery:

Allows an attacker to take control over a server and use it as a proxy for unauthorized actions

Exploits the trust a website has in the user’s web browser

A user is tricked by an attacker into submitting unauthorized web requests

Website executes attacker’s request

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than required

Downgrade attack

On-path attack

Alters the external behavior of an application and at the same time does not introduce any changes to the application’s code

The practice of modifying an application’s code without changing its external behavior

IV

Salting

Distribution of spam

Threat actors that engage in illegal activities to get the know-how and gain market advantage

CVE (Common Vulnerabilities & Exposures)

NVD (National Vulnerability Database)

Tactics, Techniques, & Procedures:
A key concept in cybersecurity and threat intelligence.

The purpose is to identify patterns of behavior which can be used to defend against specific strategies and threat vectors used by malicious actors.

Common Vulnerability Scoring System:

| An industry standard for assessing the severity of computer system security vulnerabilities

An example of fake telemetry

A DNS server that has been configured to hand out non-routable addresses for a certain set of domain names

Computers that use the sinkhole fail to access the real site

Independent and self-contained code components that can be put together to form an application

Sandboxing

| Patch management

Stored procedures

| Input validation

Valid for only one login session

Based on a cryptographic hash function & secret cryptographic key

Not vulnerable to replay attacks

The process of combining multiple physical network adapters into a single logical interface for increased throughput and redundancy

All copies of incremental backups made since last full backup
Copy of last full backup

Magnetic tapes

Last known-good configuration
Live boot media
Known state reversion

A method that ignores the load balancing algorithm by consistently passing requests from a given client to the same server

Doesn’t require client-side configuration

Redirects client’s requests & responses without modifying them

Clients might be unaware of the proxy service

Modifies client’s requests & responses

| Requires client-side configuration

The isolation of corporate applications and data from other parts of the mobile device

Unified Endpoint Management:

| A software tool that provides a single management interface for mobile devices, PCs, printers, IoT devices and wearables

Primarily used for network access

Combines authentication & authorization

Encrypts only the password in the access-request packet

Encrypts the entire payload of the access-request packet

Primarily used for device administration

Separates authentication & authorization