CCNA CyberOps SECFND Objective 6.5

Describe these endpoint-based attacks

Implementing Cisco Cybersecurity Operations (210-255)

Buffer Overflows

Buffer overflow attacks occur when an attacker sends more data that the application expects. If the input is unchecked, an attacker can force a program to execute code in memory sections it shouldn’t have access to.

Command and Control (C2)

Command and control traffic is used by attackers to control compromised machines. Often it is used to exfiltrate data from compromised machines or to use them as part of a botnet.


Any application used to attack a system. It could be a virus, worm, trojan or other malicious software.


Rootkits are a specialized set of malware that embeds itself into the system. It allows the attacker to have full access to the system and installs itself in a manner that is hard to detect and hard to remove.

Port Scanning

Port scans are used by attackers to determine what services are available on a host.

Host profiling

Host profiling is used by attackers to determine the OS and versions of software that are on a host. This information is used to find vulnerabilities and attack vectors.