Home Computing – Dr John's Tech Talk

Types of Cyberattacks and other terms from the world of cyber security

Intro

It’s convenient to name drop different types of cyber attacks at a party. I often struggle to name more than a few. I will try to maintain a running list of them.

But I find you cannot speak about cybersecurity unless you also have a basic understanding of information technology so I am including some of those terms as well.

As I write this I am painfully aware that you could simply ask ChatGPT to generate a list of all relevant terms in cybersecurity along with their definitions – at least I think you could – and come up with a much better and more complete list. But I refuse to go that route. These are terms I have personally come across so they have special significance for me personally. In other words, this list has been organically grown. For instance I plowed through a report by a major vendor specializing in reviewing other vendor’s offerings and it’s just incredible just how dense with jargon and acronyms each paragragh is: a mother lode of state-of-the-art tech jargon.

Credential Stuffing Attack

I.e., password re-use. Takes advantage of users re-using passwords for different applications. Nearly three of four consumers re-use password this way. Source: F5. Date: 3/2024

Password spraying

A type of attack in which the threat actor tries the same password with multiple accounts, until one combination works.

Supply Chain attack

Social Engineering

Hacking

Living off the land

Data Breach

Keylogger

Darknet

Captcha

Click farms

Jackpotting

This is one of my favorite terms. Imagine crooks implanted malware into an ATM and were able to convince it to dispense all its available cash to them on the spot! something like this actually happened. Scary.

Skimmer

bot

Anti-bot, bot defense

Spoofing

Mitigation

SOC

Selenium (Se) or headless browser

WAF

Obfuscation

PII, Personally Identifiable Information

api service

Reverse proxy

Inline

endpoint, e.g., login, checkout

scraping

Layer 7

DDOS

DOS

Visibility

Automation

Token

Post

JavaScript

Replay

Browser Fingerprint

OS

Browser

GDPR

PCI DSS

AICPA Trust Services

GUI

(JavaScript) Injection

Command Injection

Hotfix

SDK

URL

GET|POST Request

Method

RegEx

Virtual Server

TLS

Clear text

MTTR

RCA

SD-WAN

PoV

PoC

X-Forwarded-For

JSON

Client/server

Threat Intelligence

Use case

Carding attack

WebHook

Source code

CEO Fraud

Phishing

Vishing

(Voice Phishing) A form of cyber-attack where scammers use phone calls to trick individuals into revealing sensitive information or performing certain actions.

Business email compromise (BEC)

Deepfakes

Threat Intelligence

Social engineering

Cybercriminal

SIM box

Command and control (C2)

Typo squatting

Voice squatting

A technique similar to typo squatting, where Alexa and Google Home devices can be tricked into opening attacker-owned apps instead of legitimate ones.

North-South

East-West

Exfiltrate

Malware

Infostealer

Obfuscation

Antivirus

Payload

Sandbox

Control flow obfuscation

Indicators of Compromise

AMSI (Windows Antimalware Scan Interface)

Polymorphic behavior

WebDAV

Protocol handler

Firewall

Security Service Edge (SSE)

Secure Access Service Edge (SASE)

Zero Trust

Zero Trust is a security model that assumes that all users, devices, and applications are inherently untrustworthy and must be verified before being granted access to any resources or data.

Zero Trust Network Access (ZTNA)

Zero Trust Edge (ZTE)

Secure Web Gateway (SWG)

Cloud Access Security Broker (CASB)

Remote Browser Isolation (RBI)

Content Disarm and Reconstruction (CDR)

Firewall as a service

Egress address

Data residency

Data Loss Prevention (DLP)

Magic Quadrant

Managed Service Provider (MSP)

0-day or Zero day

User Experience (UX)

Watermark

DevOps

Multitenant

MSSP

Remote Access Trojan (RAT)

Object Linking and Embedding

(Powershell) dropper

Backdoor

TTP (Tactics, Techniques and Procedures)

Infostealer

Shoulder surfing

Ransomware

Pig butchering

This is particularly disturbing to me because there is a human element, a foreign component, crypto currency, probably a type of slave trade, etc. See the Bloomberg Businessweek story about this.

Forensic analysis

Attack vector

Attack surface

Economic espionage

Gap analysis

AAL (Authentication Assurance Level)

IAL (Identity Assurance Level)

CSPM (Cloud Security Posture Management)

Trust level

Remediation

Network perimeter

DMZ (Demilitarized zone)

Defense in depth

Lateral movement

Access policy

Micro segmentation

Least privilege

Elevated privileges

Breach

Intrusion

Insider threat

Cache poisoning

I know it as DNS cache poisoning. If an attacker manages to fill the DNS resolver’s cache with records that have been altered or “poisoned.”

Verify explicitly

Network-based attack

Adaptive response

Telemetry

Analytics

Identity Provider (IDP)

Consuming entity

Behavior analysis

Authentication

Authorization

Real-time

Lifecycle management

Flat network

Inherent trust

Cloud native

Integrity

Confidentiality

Data encryption

EDR

BSI

German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik)

Reverse shell

A text-based interfaces that allow for remote server control.

A RCE (Remote Code Execution)

Threat Actor

APT (Advanced Persistent Threat)

Compromise

Vulnerability

Bug

Worm

Remote Access VPN (RAVPN)

Famous named attacks

Agent Tesla

Heartbleed

log4j

Morris Worm

Famous attackers

APT29 (Cozy Bear)

A Russia-nexus threat actor often in the news

IT terminology

Active Directory

Browser

Data at rest

Data in motion

DLL

Domain

Link

.NET

Patch

Portable Executable (PE)

Private Cloud

Ray

An open-source unified compute framework used by the likes of OpenAI, Uber, and Amazon which simplifies the scaling of AI and Python workloads, including everything from reinforcement learning and deep learning to tuning and model serving.

Redirect

Retrieval-Augmented Generation (RAG)

SMTP

URL

Website

DVD to Mpeg drama – solved

Intro
My trusty and now old Sony Handycam is still a darn capable recoding device. But how to get one of its videos onto YouTube? Everything’s changed since I bought it. Still, you’d think this would be dead easy, right? It really wasn’t.

The details
I also happen to have a Sony DVDirect to create DVDs from my recorded tapes. That works quite well in fact. But the DVDs it creates, which play just great on a standard DVD player, have strange files when examined on the computer. a couple huge VOB files plus some smaller ones.

I tried DVDx.. Failed miserably. It started up OK but it just refused to do anything with my DVD.

Then I saw some forums with those DVDx problems mentioning using good old AutoGK. They kindly provided a link. That, in turn, led to the kind of installation experience I have learned to dread.It proposed to install some spyware and change my search engine – all very bad signs. When I selected Advance options I could turn all that off, so I continued. Then it proposed to install more spyware. Turn off. Then some more. Finally there was what I think was a spyware installation offer which only provided two choices: agree to continue or disagree and exit the installation. I exited the installation.

A friend suggested Camtasia, but to buy is $300 and I just couldn’t see it. And I hate to get comfortable with something for a 30 day trial period and then not be able to re-use it later.

I wondered if my DVD player software, PowerDVD, might be able to do it, at least in the purchased version – the free version doesn’t seem to be able to. I never did figure that out – it wasn’t obvious from the documentation.

In the past I had streamed directly from the Camcorder to my old computer using Sony’s supplied USB cable. But there is no default driver for Windows 7 that can capture that stream. In the past I had used Sony’s suggested program, Imagemixer. I’ve long since lost the CD, if it would even work on Windows 7. Imagemixer was long ago replaced by Pixela. Sony’s site kindly informs that neither is supported and they don’t offer a download any longer. Instead they have some other software, Picture Motion Browser, which wasn’t clearly going to work anyways. But when you try to download it it asks for a CD key. Huh?

So by now I felt like this simple chore was quite the quest, you see.

Frustrated, I decided to look at Microsoft MovieMaker. I actually didn’t think it was going to be able to read my DVD at first since it doesn’t even have those file types in its default search. But switching to browse all files I clicked on one of my VOB files and it read it in!

I was quickly able to cut some from the beginning and some form the end and save it to my computer. I tihnk technically it thereby converted it from an essentially MPEG-2 format to MPEG-4 format. There was a built-in YouTube button, so you think, Cool, I can directly upload it to YouTube. But that required a Microsoft account. Huh? I don’t need yet another account lying around the Internet for no good reason. So I didn’t bother with that.

So we just logged on to YouTube and uploaded it. It’s kind of large-ish (140 MB) so the upload is of course slow on a DSL line. But at least it did work.

I looked again and found a real company that I trust and recognize that has an economical media converter just like I was looking. Arcsoft has its Media Converter for about $27. I’ll probably try that one next time. I don’t mind paying a modest amount for software that does what I want it to.

Conclusion
I’ve documented a simple requirement that turned into a quest. Of course this kind of thing happens frequently. Maybe my quest will help someone else. But even if not, I think this will serve as a nice journalled account which will help me next time I want to post from my Camcorder to YouTube.