Skip to content
Shadow Cipher

Understanding Security Threads

Course Introduction

  • Gian Spicuzza(Program Manager, Android Security)

The CIA Triad

  • Confidentiality
    Keeping things hidden
  • Integrity
    Keeping our data accurate and untampared with
  • Availability
    The transformation we have is readily accessible to those people that should have it

Essential Security Terms

  • Risk
    The possibility of suffering a loss in the event of an attack on the system

  • Vulnerability
    a flaw in a system that could be exploited to compromise the system

  • 0-day vunerability(zero day)
    A vulnerability that is not known to the software developer or vendor, but is known to an attacker.

  • Exploit
    Software that is used nto take advantange of a security bug or vulnerability

  • Threat
    The possibility of danger that could exploit a vulnerability

  • Hacker
    Someone who attempts to break into or exploit a system

  • Attack
    An actual attempt at causing harm to a system

  • Virus, Worn, adware, spyware, trogen, rootkit, backdoor, botnet

Malicious Software

  • malware
    A type of malicious software that can be used to obtian your sensitive information, or delete or modify files

  • Viruses

  • Worms

  • Adware
    software that displays advertisements and collects data

  • Trojan
    Malware that disguises itself as one thing but does something else

  • Spyware
    A type of malware that’s meant to spy on you

  • Keylogger
    A common type of spyware that’s used to record every keystroke you make

  • Ransomware
    a type of attack that holds your data or system hostage until you pay some sort of ransom

Malware Continued

  • Major type of malware

  • Malwares, virsues, Worms, Adware, Spyware, Ransomware

  • Botnets
    Designed to utilize the power of the internet-connected machines to perform some distributed function

  • Backdoor
    A way to get into a system if the other methods to get in the system aaren’t allowed

  • Rootkit
    A collection of software or tools that an admin would use

  • Logic bomb
    A type of malware that’s intentionally installed

Network Attacks

  • DNS Cache Poisoning attack

  • Man-in-the-middle attack

  • Rogue AP
    An access point that is installed on the network without the netwrok administrator’s knowledge

  • Evil twin

  • Denial-of-service(DoS) attack
    An attack that tries to prevent access to a service for legitimate users by overwhelming the network or server

  • Ping of death (POD)

  • Ping flood

  • SYN flood

  • Half-open attacks

  • Diestributed denial-of-service attack(DDoS)
    A DoS attack using multiple systems

Client side Attacks

  • Injection attacks

  • Cross-site scripting(XSS) attacks
    A type of injection attack where the attacker can insert malicious code and target the user of the service

  • SQL Injection attack

Passowrd Attacks

Utilize software like password-crackers that try and guess your password

  • Brute force attack

  • Dictionary Attack

  • Sandwich -> s@nDwh1ch

Deceptive Attacks

  • Social engineering
    An attack method that relies heavily on interactions with humans instead of computers

  • Phising attack

  • Spear phising

  • Spoofing
    A source masquerading around as somethig else

  • Baiting

  • Tailgating
    Gaining access into a restricted area or building by following a real employee in