0% found this document useful (0 votes)

8 views5 pages

ch8 Short

The document provides an overview of various cybersecurity threats and defense mechanisms, including malware inspection using sandboxes, network attacks targeting organizations and households, and specific attack types like DDoS and DNS attacks. It highlights the importance of recognizing malicious code and indicators of attack (IoAs) to mitigate risks. Additionally, it discusses wireless attacks and credential replay methods, emphasizing the need for robust security practices.

Uploaded by

amansharma2318

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

8 views5 pages

ch8 Short

Uploaded by

amansharma2318

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 5

Cybersecurity CH-8 Revision Notes

Malware Inspection
● Cybersecurity teams investigate malware and viruses using a
sandbox, an isolated virtual machine.

● Tools like Cuckoo (open-source sandbox) help analyze

malicious applications safely.

● Malicious applications can be tested without harming network

users.

● Sandboxing is useful for patching, testing, and managing

dangerous applications.

Network Attacks
● Malicious, unauthorized attempts to disrupt, compromise, or
gain access to networks and data.

● Target both organizations and households.

● Typically server-side attacks, targeting:

○ Domain controllers (manage user accounts)

○ SQL servers (hold confidential data, credit card info)

● Common attack types:

○ Pivoting

○ Distributed Denial-of-Service (DDoS)

○ ARP Poisoning

○ DNS Attacks

DDoS Attacks
● DoS: One host disrupts victim services.

● DDoS: Multiple hosts (e.g., botnets, IoT devices) overwhelm

the target.

● Examples:

○ SYN flood attacks: Overload system resources.

○ Amplifying attacks: Small request triggers large

response (e.g., ICMP, Smurf attack).

○ Reflected attacks: Send requests using victim’s IP, often

seen in smart cities.

● Motivations: Financial extortion, hacktivism, geopolitical gain.

● Defenses: Traffic filtering, network upgrades, adaptive

response mechanisms.

DNS Attacks
● DNS translates domain names (e.g., www.packtpub.com) into
IP addresses.

● DNS resolution order:

○ DNS cache (view with ipconfig /displaydns)

○ HOSTS file (C:\Windows\System32\drivers\etc)

○ Root hints (query other DNS servers)

● Attacks:

○ DNS sinkhole: Redirects malicious traffic or traps

attackers in honeypots.

○ DNS cache poisoning/DNS spoofing: Alters cache or

HOSTS file to redirect users to fake sites.

Wireless Attacks
● Wireless networks offer convenience but are vulnerable.

● Attack methods:

○ Rogue APs: Fake access points (e.g., via Raspberry Pi)

deceive users.

○ Evil twin: Mimics real network to intercept data.

○ Deauthentication/Jamming: Disrupts connections;

jamming is illegal.

○ MAC spoofing/Device impersonation: Fake MAC

addresses impersonate devices.

○ Wi-Fi analyzer: Identifies signal strength, interference,

and nearby networks.

On-Path Attacks (Man-in-the-Middle)

● Attackers intercept communications to manipulate or steal
data.

● Types:
○ Session replay: Captures session tokens via XSS, MITM,
or man-in-the-browser.

○ Replay attacks: Reuses intercepted data; Kerberos

prevents this using timestamps and sequence numbers.

Credential Replay
● Use of tools like keyloggers, Wireshark, tcpdump, or malware
to steal credentials.

● Attack types:

○ Credential replay: Use stolen credentials from valid

logins. Avoid Telnet; use SSH. Discourage NTLM.

○ Credential stuffing: Reuses credentials across

platforms. Defenses: password managers, security
awareness, unique passwords, monitor login spikes.

Malicious Code
● Code intended to steal data, disrupt systems, or cause
damage.

● Warning signs: Unusual traffic, unexpected behavior,

unknown files/software.

● Examples:

○ Bash shell: Runs unauthorized commands.

○ Python: Used for keylogging, data theft, especially via

phishing.

○ JavaScript: Used in client-side attacks such as XSS.

Indicators of Attack (IoAs)
● Warning signs of suspicious behavior indicating cyber
threats.

● Examples:

○ Account lockouts (especially admin accounts)

○ Concurrent session usage

○ Blocked content alerts (via ACL, DLP)

○ Impossible travel (logins from distant places in short

time)

○ High resource consumption (CPU/memory)

○ Unavailable resources (e.g., DDoS impact)

○ Out-of-cycle logging

○ Missing logs (may indicate tampering)

○ Known vulnerabilities/configurations being exploited

Chapter 1 Module1 15CS61 NH
100% (1)
Chapter 1 Module1 15CS61 NH
170 pages
Chapter 1
No ratings yet
Chapter 1
64 pages
CYBERSECURITY
No ratings yet
CYBERSECURITY
41 pages
CheatSheet - SAL1
No ratings yet
CheatSheet - SAL1
3 pages
Network Security FUndamentals
No ratings yet
Network Security FUndamentals
22 pages
Certainly
No ratings yet
Certainly
16 pages
CEH Study Notes
No ratings yet
CEH Study Notes
56 pages
Summary
100% (1)
Summary
44 pages
Week 7-Technical Aspects
No ratings yet
Week 7-Technical Aspects
17 pages
Information Security 2
No ratings yet
Information Security 2
49 pages
Cybersecurity Interview Questions
No ratings yet
Cybersecurity Interview Questions
8 pages
Unit - 3
No ratings yet
Unit - 3
29 pages
Ethical Hacking PDF
No ratings yet
Ethical Hacking PDF
19 pages
Unit 3 Network Anomaly Detection & Attack Classification
No ratings yet
Unit 3 Network Anomaly Detection & Attack Classification
14 pages
Network Security and Cyber Law
No ratings yet
Network Security and Cyber Law
32 pages
Cyber Security
No ratings yet
Cyber Security
61 pages
It - Is Security and Control
No ratings yet
It - Is Security and Control
26 pages
PitchTech Interview+Questions+on+Cyber+Attacks 3
No ratings yet
PitchTech Interview+Questions+on+Cyber+Attacks 3
32 pages
CYberSEcurity REvision
No ratings yet
CYberSEcurity REvision
17 pages
Week 11
No ratings yet
Week 11
61 pages
Network Security Notes
No ratings yet
Network Security Notes
9 pages
3.1 Cyber-Attacks and Detection
No ratings yet
3.1 Cyber-Attacks and Detection
29 pages
Open Modbus TCP For NCM - CP Redundant English
No ratings yet
Open Modbus TCP For NCM - CP Redundant English
71 pages
06 Network Security and Fundamentals
No ratings yet
06 Network Security and Fundamentals
28 pages
Lecture 2 - Fourth Year - Network Secuirty
No ratings yet
Lecture 2 - Fourth Year - Network Secuirty
30 pages
A+ Technicians On-the-Job Guide To Networking
100% (1)
A+ Technicians On-the-Job Guide To Networking
466 pages
Security Threat Landscape
No ratings yet
Security Threat Landscape
17 pages
Palo DNS Security
No ratings yet
Palo DNS Security
6 pages
CYS - Week 4,5,6,7
No ratings yet
CYS - Week 4,5,6,7
7 pages
Cybersecurity Incidents
No ratings yet
Cybersecurity Incidents
47 pages
Microsoft - Actualtests.ms 700.v2020!05!28.by .Wangqiang.41q
No ratings yet
Microsoft - Actualtests.ms 700.v2020!05!28.by .Wangqiang.41q
37 pages
Rapport Projet
No ratings yet
Rapport Projet
46 pages
06 Network Security and Fundamentals
No ratings yet
06 Network Security and Fundamentals
30 pages
Information Security Cybersecurity Answers
No ratings yet
Information Security Cybersecurity Answers
7 pages
Africa Telecom
No ratings yet
Africa Telecom
26 pages
Access Mikrotik Menara Citicon Jl. Letjen S Parman Kav 72 Jakarta No Lokasi Provider Bandwidth
No ratings yet
Access Mikrotik Menara Citicon Jl. Letjen S Parman Kav 72 Jakarta No Lokasi Provider Bandwidth
22 pages
Chapter Four
No ratings yet
Chapter Four
19 pages
ZTE RRU R8882 Product Description
100% (1)
ZTE RRU R8882 Product Description
3 pages
1 Isp Network Design PDF
No ratings yet
1 Isp Network Design PDF
97 pages
Cybersecurity Questions Answers
No ratings yet
Cybersecurity Questions Answers
6 pages
Brksec 3455 PDF
No ratings yet
Brksec 3455 PDF
173 pages
3GPP TS 29.274: Technical Specification
No ratings yet
3GPP TS 29.274: Technical Specification
183 pages
To Do
No ratings yet
To Do
4 pages
CH 2
No ratings yet
CH 2
36 pages
CCNA Sec 01
No ratings yet
CCNA Sec 01
11 pages
NOJA-5002-20 OSM 300 310 With RC-10 Controller User Manual EN
No ratings yet
NOJA-5002-20 OSM 300 310 With RC-10 Controller User Manual EN
242 pages
ITNSA2-44 - Week 1 Slide Deck 1 1
No ratings yet
ITNSA2-44 - Week 1 Slide Deck 1 1
72 pages
Security Lammle 12
No ratings yet
Security Lammle 12
41 pages
Sit 403
No ratings yet
Sit 403
29 pages
الأسئلة المتوقعة لمقابلات الأمن السيبراني
No ratings yet
الأسئلة المتوقعة لمقابلات الأمن السيبراني
8 pages
U1-T7 Protecting Against Malware Attacks. - Intruder Attacks - Addressing Physical Security
No ratings yet
U1-T7 Protecting Against Malware Attacks. - Intruder Attacks - Addressing Physical Security
18 pages
Network Security Threats and Mitigation Strategies
No ratings yet
Network Security Threats and Mitigation Strategies
36 pages
Quanta FM9B Dell Studio 1558
No ratings yet
Quanta FM9B Dell Studio 1558
60 pages
Interview Questions
No ratings yet
Interview Questions
12 pages
Security Practices Answer
No ratings yet
Security Practices Answer
17 pages
Domain 4
No ratings yet
Domain 4
3 pages
Network Security Fundamentals
No ratings yet
Network Security Fundamentals
23 pages
EPC Dimensioning
No ratings yet
EPC Dimensioning
34 pages
OpenWRTDocumentation 2005 10 18
No ratings yet
OpenWRTDocumentation 2005 10 18
74 pages
TVE10 ComputerServicingSystem Q2 Weeks1to4 Binded Ver1.0
No ratings yet
TVE10 ComputerServicingSystem Q2 Weeks1to4 Binded Ver1.0
41 pages
CySA Study Guide - 1550521655
No ratings yet
CySA Study Guide - 1550521655
49 pages
E2 PTAct 9 7 1 Directions
No ratings yet
E2 PTAct 9 7 1 Directions
4 pages
Introduction To Network Security Basics Report 1738737712
No ratings yet
Introduction To Network Security Basics Report 1738737712
14 pages
UMTS Fundamentals
No ratings yet
UMTS Fundamentals
75 pages
Cyber Exam Prep
No ratings yet
Cyber Exam Prep
11 pages
Sic QB Ans
No ratings yet
Sic QB Ans
38 pages
TOR-Datasheet VIGI C540-W
No ratings yet
TOR-Datasheet VIGI C540-W
8 pages
Configurar s7 Conection
No ratings yet
Configurar s7 Conection
35 pages
iSCPC User Guide
No ratings yet
iSCPC User Guide
63 pages
Cyber Security
No ratings yet
Cyber Security
5 pages
Chapter One
No ratings yet
Chapter One
25 pages
ENISA Report - Encrypted Traffic Analysis
No ratings yet
ENISA Report - Encrypted Traffic Analysis
55 pages
2022 08 CySA
No ratings yet
2022 08 CySA
15 pages
Cyber Security - Network Intrusion Case Study
No ratings yet
Cyber Security - Network Intrusion Case Study
9 pages
BDIXFTP
No ratings yet
BDIXFTP
3 pages
Cran Vs Dran
No ratings yet
Cran Vs Dran
8 pages
RED Optimise Connectivity Options Quick Guide
No ratings yet
RED Optimise Connectivity Options Quick Guide
15 pages
5G - ShareTechnote
No ratings yet
5G - ShareTechnote
12 pages
Computer Architecture
No ratings yet
Computer Architecture
6 pages
CCNA Security
No ratings yet
CCNA Security
14 pages
Ethical Hacking and Prevention: Course Contents
No ratings yet
Ethical Hacking and Prevention: Course Contents
4 pages
Unit V-Trust and Reputation
No ratings yet
Unit V-Trust and Reputation
17 pages
WAPacLTEkit 240522
No ratings yet
WAPacLTEkit 240522
4 pages
About Gordon Stresser
No ratings yet
About Gordon Stresser
11 pages
Cissp Over All Domains Concept
No ratings yet
Cissp Over All Domains Concept
4 pages
Ethical Hacking and Prevention Course Details in PDF
No ratings yet
Ethical Hacking and Prevention Course Details in PDF
24 pages
Ethical: Hacking and
No ratings yet
Ethical: Hacking and
4 pages
NetScalerCheatSheet v07
No ratings yet
NetScalerCheatSheet v07
2 pages
Semantic Analysis 4
No ratings yet
Semantic Analysis 4
12 pages
Semantic Analysis 2
No ratings yet
Semantic Analysis 2
15 pages
Semantic Analysis 3
No ratings yet
Semantic Analysis 3
15 pages
ch7 Short
No ratings yet
ch7 Short
2 pages
Chapter 11 Security Cheatsheet
No ratings yet
Chapter 11 Security Cheatsheet
1 page
Btech Cs 6 Sem Computer Networks Btcoc602 Aug 2022
No ratings yet
Btech Cs 6 Sem Computer Networks Btcoc602 Aug 2022
2 pages
A Deep Dive into Malicious Activities
From Everand
A Deep Dive into Malicious Activities
AS Snipes
No ratings yet

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

ch8 Short

Uploaded by

ch8 Short

Uploaded by

Cybersecurity CH-8 Revision Notes

●​ Tools like Cuckoo (open-source sandbox) help analyze

●​ Malicious applications can be tested without harming network

●​ Sandboxing is useful for patching, testing, and managing

●​ Target both organizations and households.​

●​ Typically server-side attacks, targeting:​

○​ Domain controllers (manage user accounts)​

○​ SQL servers (hold confidential data, credit card info)​

●​ Common attack types:​

○​ Distributed Denial-of-Service (DDoS)​

●​ DDoS: Multiple hosts (e.g., botnets, IoT devices) overwhelm

○​ SYN flood attacks: Overload system resources.​

○​ Amplifying attacks: Small request triggers large

○​ Reflected attacks: Send requests using victim’s IP, often

●​ Motivations: Financial extortion, hacktivism, geopolitical gain.​

●​ Defenses: Traffic filtering, network upgrades, adaptive

●​ DNS resolution order:​

○​ DNS cache (view with ipconfig /displaydns)​

○​ HOSTS file (C:\Windows\System32\drivers\etc)​

○​ DNS sinkhole: Redirects malicious traffic or traps

○​ DNS cache poisoning/DNS spoofing: Alters cache or

○​ Rogue APs: Fake access points (e.g., via Raspberry Pi)

○​ Evil twin: Mimics real network to intercept data.​

○​ Deauthentication/Jamming: Disrupts connections;

○​ MAC spoofing/Device impersonation: Fake MAC

○​ Wi-Fi analyzer: Identifies signal strength, interference,

On-Path Attacks (Man-in-the-Middle)

○​ Replay attacks: Reuses intercepted data; Kerberos

○​ Credential replay: Use stolen credentials from valid

○​ Credential stuffing: Reuses credentials across

●​ Warning signs: Unusual traffic, unexpected behavior,

○​ Bash shell: Runs unauthorized commands.​

○​ Python: Used for keylogging, data theft, especially via

○​ JavaScript: Used in client-side attacks such as XSS.​

○​ Account lockouts (especially admin accounts)​

○​ Concurrent session usage​

○​ Blocked content alerts (via ACL, DLP)​

○​ Impossible travel (logins from distant places in short

○​ High resource consumption (CPU/memory)​

○​ Unavailable resources (e.g., DDoS impact)​

○​ Missing logs (may indicate tampering)​

○​ Known vulnerabilities/configurations being exploited​

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

● Tools like Cuckoo (open-source sandbox) help analyze

● Malicious applications can be tested without harming network

● Sandboxing is useful for patching, testing, and managing

● Target both organizations and households.

● Typically server-side attacks, targeting:

○ Domain controllers (manage user accounts)

○ SQL servers (hold confidential data, credit card info)

● Common attack types:

○ Distributed Denial-of-Service (DDoS)

● DDoS: Multiple hosts (e.g., botnets, IoT devices) overwhelm

○ SYN flood attacks: Overload system resources.

○ Amplifying attacks: Small request triggers large

○ Reflected attacks: Send requests using victim’s IP, often

● Motivations: Financial extortion, hacktivism, geopolitical gain.

● Defenses: Traffic filtering, network upgrades, adaptive

● DNS resolution order:

○ DNS cache (view with ipconfig /displaydns)

○ HOSTS file (C:\Windows\System32\drivers\etc)

○ DNS sinkhole: Redirects malicious traffic or traps

○ DNS cache poisoning/DNS spoofing: Alters cache or

○ Rogue APs: Fake access points (e.g., via Raspberry Pi)

○ Evil twin: Mimics real network to intercept data.

○ Deauthentication/Jamming: Disrupts connections;

○ MAC spoofing/Device impersonation: Fake MAC

○ Wi-Fi analyzer: Identifies signal strength, interference,

○ Replay attacks: Reuses intercepted data; Kerberos

○ Credential replay: Use stolen credentials from valid

○ Credential stuffing: Reuses credentials across

● Warning signs: Unusual traffic, unexpected behavior,

○ Bash shell: Runs unauthorized commands.

○ Python: Used for keylogging, data theft, especially via

○ JavaScript: Used in client-side attacks such as XSS.

○ Account lockouts (especially admin accounts)

○ Concurrent session usage

○ Blocked content alerts (via ACL, DLP)

○ Impossible travel (logins from distant places in short

○ High resource consumption (CPU/memory)

○ Unavailable resources (e.g., DDoS impact)

○ Missing logs (may indicate tampering)

○ Known vulnerabilities/configurations being exploited