{"id":55,"date":"2023-01-15T22:26:43","date_gmt":"2023-01-15T22:26:43","guid":{"rendered":"https:\/\/justatrainingblog.co.uk\/?p=55"},"modified":"2023-01-16T20:30:35","modified_gmt":"2023-01-16T20:30:35","slug":"module-1-2-compare-and-contrast-different-types-of-social-engineering-techniques","status":"publish","type":"post","link":"https:\/\/justatrainingblog.co.uk\/?p=55","title":{"rendered":"Module 1.2 \u2013 Given a scenario, analyse potential indicators to determine the type of attack."},"content":{"rendered":"\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Malware<\/td><td>A blanker term for software that is specifically designed to\u00a0disrupt, damage, or gain unauthorized access to a computer system.<\/td><\/tr><tr><td>Virus<\/td><td>Software that can reproduce itself<\/td><\/tr><tr><td>Programme Virus<\/td><td>Virus which is bundled with an application<\/td><\/tr><tr><td>Boot Sector Virus<\/td><td>Virus that installs in the boot sector so it executes with the OS<\/td><\/tr><tr><td>Script Virus<\/td><td>Script based virus which runs as an OS script or a Macros<\/td><\/tr><tr><td>Fileless Virus<\/td><td>Virus which doesn&#8217;t install or save as a file and instead operates in the memory<\/td><\/tr><tr><td>Worm<\/td><td>Malware which utilises exploits to self-replicate<\/td><\/tr><tr><td>Ransomware<\/td><td>Malware which holds a system captive until a ransom is paid<\/td><\/tr><tr><td>Crypto-Malware<\/td><td>Ransomware but uses cryptography to encrypt files. The decryption key is provided once the ransom is paid. <br><\/td><\/tr><tr><td>Trojan Horse<\/td><td>Software which injects by convincing the user and anti-viruses that its something else<\/td><\/tr><tr><td>PUP<\/td><td>Potentially Unwanted Programme<\/td><\/tr><tr><td>RAT<\/td><td>Remote Administration Tool &#8211; provides the attacker administrative rights to the device<\/td><\/tr><tr><td>Rootkit<\/td><td>Malware which modifies kernel<\/td><\/tr><tr><td>Adware<\/td><td>Malware which shows adverts<\/td><\/tr><tr><td>Spyware<\/td><td>Malware which spys on you (e.g. keyloggers, browser monitoring)<\/td><\/tr><tr><td>Bot<\/td><td>Infected host which reports to a C&amp;C for instructions<\/td><\/tr><tr><td>Botnet<\/td><td>Large collection of bots which executes instructions provided by C&amp;C. <\/td><\/tr><tr><td>Logic Bomb<\/td><td>Malware which only executes once a logical condition is met<\/td><\/tr><tr><td>Time Bomb<\/td><td>Type of Logic Bomb which executes once a certain date or time is met<\/td><\/tr><tr><td>Tripwire<\/td><td>Monitoring system which monitors and alters if certain changes are madePlai<\/td><\/tr><tr><td>Plaintext Password<\/td><td>Un-encrypted password (plain text)<\/td><\/tr><tr><td>Hashing<\/td><td>A method of password protection where via an algorithm a password is represented as a fixed-length string of text<\/td><\/tr><tr><td>Spraying Attack<\/td><td>When attacker uses common passwords to attempt password to an account then moves from to avoid account lockout<\/td><\/tr><tr><td>Brute Force Attack<\/td><td>Attack attempting every single password combination until a match is made. <\/td><\/tr><tr><td>Online Brute Force<\/td><td>Brute force to log into a website using every combination<\/td><\/tr><tr><td>Offline Brute Force<\/td><td>Brute force to log in but compares against stolen hashes<\/td><\/tr><tr><td>Dictionary Attack<\/td><td>Access access attack using a dictionary of common words<\/td><\/tr><tr><td>Rainbow Table Attack<\/td><td>Pre-built optimised set of hashes<\/td><\/tr><tr><td>Salting<\/td><td>A bit of random additional data added to a password before hashing. <\/td><\/tr><tr><td>Malicious USB Cable<\/td><td>USB cable with additional electronics that is identified by Windows as a HID. Can perform inputs as a HID. <\/td><\/tr><tr><td>Malicious flash drive<\/td><td>Flash Drive with additional electronics that is identified by Windows as a HID. Can perform inputs as a HID and often holds hidden files which are executed.<\/td><\/tr><tr><td>Skimming<\/td><td>Stealing credit card information during a normal transaction<\/td><\/tr><tr><td>Card Cloning<\/td><td>Cloning a card with magnetic stripe<\/td><\/tr><tr><td>Poisoned AI<\/td><td>Artificial intelligence which has been poisoned with bad input (e.g. twitter training AI)<\/td><\/tr><tr><td>Evasion attack<\/td><td>Evading AI by knowing and therefore predicting it&#8217;s behaviours<\/td><\/tr><tr><td>Supply Chain Attack<\/td><td>Attack which originates from the supply chain<\/td><\/tr><tr><td>Cryptographic Attack<\/td><td>Decrypting encrypted data <\/td><\/tr><tr><td>Birthday Attack<\/td><td>Allows Brute Force if hash collision is found<\/td><\/tr><tr><td>Hash Collision<\/td><td>When two different plaintext passwords equal the same hash<\/td><\/tr><tr><td><\/td><td><\/td><\/tr><tr><td>Downgrade Attack<\/td><td>&#8211; Most computers agree an encryption method when communicating<br>&#8211; Downgrade attack happens when the victim system is forced to downgrade security<\/td><\/tr><\/tbody><\/table><figcaption class=\"wp-element-caption\">Module Questions<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>What are the 9 types of Malware?<\/td><td>1. Virus<br>2. Crypto-Malware<br>3. Ransomware<\/td><\/tr><tr><td>Difference between Virus and Worm<\/td><td>Viruses use a programme to execute where a Virus exploits vulnerabilities<\/td><\/tr><tr><td>What&#8217;s a key characteristic of a Worm?<\/td><td>Spreads very fast<\/td><\/tr><tr><td>What are the two common types of Data?<\/td><td>1. Personal Data<br>2. Organisational Data<\/td><\/tr><tr><td>How do you protect against ransomware? (4)<\/td><td>1. Backups<br>2. Keep OS up to date<br>3. Keep Anti-virus up to date<br>4. Keep apps up to date<\/td><\/tr><tr><td>What type of malware is installed via Trojan Horse?<\/td><td>1. Potentially Unwanted Programme (PUP)<br>2. Backdoor<br>3. RAT<\/td><\/tr><tr><td>What can a RAT do?<\/td><td>As it has administrative privileges pretty much anything<\/td><\/tr><tr><td>What is the key advantage of a rootkit?<\/td><td>Very difficult to detect<\/td><\/tr><tr><td>How can you prevent and remove rootkits?<\/td><td>1. Look for unusual anti-malware results<br>2. Remover tool specific for rootkits<br>3. Secure boot with UEFI to secure BIOS<\/td><\/tr><tr><td>What are the two common ways adware is installed?<\/td><td>1. Packaged with other downloads<br>2. Funnily enough with adware removers<\/td><\/tr><tr><td>How do you protect against adware\/spyware?<\/td><td>1. Maintain anti-virus definitions<br>2. Backups<br>3. Always know what your installing<br>4. Anti-malware removal tools<\/td><\/tr><tr><td>What can botnets do?<\/td><td>1. DDoS<br>2. Replay Spam<br>3. Proxy Traffic<\/td><\/tr><tr><td>Why are Logic bombs difficult to deal with?<\/td><td>1. Difficult to identify pre-activation<br>2. Difficult to recover from once activated<\/td><\/tr><tr><td>Who is usually responsible for deploying a logic bomb?<\/td><td>Disgruntled employee<\/td><\/tr><tr><td>What usually happens to a logic bomb post activation?<\/td><td>It deletes itself<\/td><\/tr><tr><td>How can you secure passwords?<\/td><td>Hashing<\/td><\/tr><tr><td>What is the key advantage of hashing?<\/td><td>Cannot be reversed<\/td><\/tr><tr><td>Why do you salt passwords?<\/td><td>To protect against has comparison attacks (e.g. rainbow table)<\/td><\/tr><tr><td>How can you protect against supplier attacks?<\/td><td>1. Use reputable companies<br>2. Maintain small supplier base<br>3. Strict controls over policies\/procedures<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Malware A blanker term for software that is specifically designed to\u00a0disrupt, damage, or gain unauthorized access to a computer system&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[2,4],"tags":[],"class_list":["post-55","post","type-post","status-publish","format-standard","hentry","category-learning","category-security"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/55","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=55"}],"version-history":[{"count":2,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/55\/revisions"}],"predecessor-version":[{"id":59,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/55\/revisions\/59"}],"wp:attachment":[{"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=55"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=55"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=55"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}