1.2
Shoulder surfing
occurs when someone is able to watch your keyboard or view your display. This may allow them to learn your password or see information that is confidential, private, or simply not for their eyes.
Domain hijacking
or domain theft is the malicious action of changing the registration of a domain name without the authorization of the valid owner. This may be accomplished by stealing the owner's logon credentials, using XSRF, hijacking sessions, using MitM, or exploiting a flaw in the domain registrar's systems
directory traversal
is an attack that enables an attacker to jump out of the web root directory structure and into any other part of the filesystem hosted by the web server's host OS.
Pass the hash
is an authentication attack that potentially can be used to gain access as an authorized user without actually knowing or possessing the plain text of the victim's credentials. This attack is mostly aimed at Windows systems.
injection attack
is any exploitation that allows an attacker to submit code to a target system in order to modify its operations and/or poison and corrupt its data set. Examples include SQL injection, LDAP injection, XML injection, command injection, HTML injection, code injection, and file injection.
brute force attack
is designed to try every valid combination of characters to construct possible passwords, starting with single characters and adding characters as it churns through the process, in an attempt to discover the specific passwords used by user accounts.
replay attack
is one in which an attacker captures network packets and then retransmits or replays them back onto the network.
Disassociation
is one of the many types of wireless management frames. A _____ can be used in several forms of wireless attacks, including discovering hidden SSIDs, causing a DoS, hijacking sessions, and using MitM.
amplification attack
is one where the amount of work or traffic generated by an attacker is multiplied in order to cause a significant volume of traffic to be delivered to the primary victim. Also be known as a reflective or bound attack.
offline attack
is one where the attacker is not working against a live target system, but instead is working on their own independent computers to compromise a password hash.
Vishing
is phishing done over VoIP services.
Arbitrary code execution
is the ability to run any software on a target system.
Dumpster diving
is the act of digging through trash in order to obtain information about a target organization or individual. It can provide an attacker with information that could make social engineering attacks easier or more effective.
dictionary attack
performs password guessing by using a preexisting list of possible passwords.
Buffer overflows
occur due to a lack of secure defensive programming. The exploitation of a _____ can result in a system crash or arbitrary code execution. A buffer overflow occurs when a program receives input that is larger than it was designed to accept or process. The extra data received by the program is shunted over to the CPU without any security restrictions; it's then allowed to execute. Results of buffer overflows can include crashing a program, freezing or crashing the system, opening a port, disabling a service, creating a user account, elevating the privileges of an existing user account, accessing a website, or executing a utility.
online password attack
occurs against a live logon prompt
Driver manipulation
occurs when a malicious programmer crafts a system or device driver so that it behaves differently based on certain conditions.
Privilege escalation
occurs when a user account is able to obtain unauthorized access to higher levels of privileges, such as a normal user account that can perform administrative functions. ______ can occur through the use of a hacker tool or when an environment is incorrectly configured.
Piggybacking
occurs when an unauthorized entity gains access to a facility under the authorization of a valid worker but with their knowledge and consent.
Tailgating
occurs when an unauthorized entity gains access to a facility under the authorization of a valid worker but without their knowledge.
rogue access point
may be planted by an employee for convenience or it may be operated externally by an attacker. _____ should be discovered and removed in order to eliminate an unregulated access path into your otherwise secured network.
Wireless replay attacks
may focus on initial authentication abuse. They may be used to simulate numerous new clients or cause a DoS.
Rainbow tables
take advantage of a concept known as a hash chain. It offers relatively fast password cracking, but at the expense of spending the time and effort beforehand to craft the rainbow table hash chain database.
man-in-the-browser (MitB, MiTB, MiB, MIB)
(MitB, MiTB, MiB, MIB) attack is effectively a MitM attack. The only real distinction is that the middle-man malware is operating on the victim's system, where it is able to intercept and manipulate communications immediately after they leave the browser and before they exit the network interface.
principles of social engineering
Many techniques are involved in social engineering attacks. These often involve one or more common principles such as authority, intimidation, consensus/social proof, scarcity, familiarity/liking, trust, and urgency
weak implementations
Most failures of modern cryptography systems are due to poor or weak implementations rather than a true failure of the algorithm itself.
session hijacking
TCP/IP hijacking, or _______, is a form of attack in which the attacker takes over an existing communication session. The attacker can assume the role of the client or the server, depending on the purpose of the attack.
IP spoofing
There are three main types of _______: crafting IP packets for an attack but setting the source IP address to that of an innocent, uninvolved third party; via DoS, disconnecting the owner/user of an IP address, then temporary taking on that IP address on the attack system; or using an IP address from the subnet that is not currently assigned to a valid authorized system.
known plain text and known cipher text attacks
The cryptographic attacks of ______ are focused on encryption systems that use the same key repeatedly or that select keys in a sequential or otherwise predictable manner. The goal is to discover the key or a key of the series, and then use that key to determine other keys and thus be able to decrypt most or all of the data protected by the flawed encryption system.
cross-site scripting (XSS) prevention
The most effective ways to prevent XSS on a resource host are implemented by the programmer by validating input, coding defensively, escaping metacharacters, and rejecting all script-like input.
password attacks
The strength of a password is generally measured in the amount of time and effort involved in breaking the password through various forms of cryptographic attacks. These attacks are collectively known as password cracking or password guessing. Forms of password attacks include brute force (also known as a birthday attack), dictionary, hybrid, and rainbow tables.
Smurf attack
This form of DRDoS uses ICMP echo reply packets (ping packets).
WPS attacks
WPS is a security standard for wireless networks that was found to be flawed. The standard called for a code that could be sent to the base station remotely in order to trigger WPS negotiation. This led to a brute force guessing attack that could enable a hacker to guess the WPS code in just hours.
hoax
_____ is a form of social engineering designed to convince targets to perform an action that will cause problems or reduce their IT security. _____ is often an email that proclaims some imminent threat is spreading across the Internet and that you must perform certain tasks in order to protect yourself.
cross-site request forgery (XSRF) prevention
______ measures include adding a randomization string (called a nonce) to each URL request and session establishment and checking the client HTTP request header referrer for spoofing.
evil twin attacks
a hacker configures their system as a twin of a valid wireless access point. Victims are tricked into connecting to the fake twin instead of the valid original wireless network.
SQL injection attacks
allow a malicious individual to perform SQL transactions directly against the underlying database through a website front end.
replay attack
an attacker captures network traffic and then replays the captured traffic in an attempt to gain unauthorized access to a system.
Zero-day attacks
are newly discovered attacks for which there is no specific defense. A zero-day exploit aims at exploiting flaws or vulnerabilities in targeted systems that are unknown or undisclosed to the world in general. Zero day also implies that a direct or specific defense to the attack does not yet exist; thus most systems with the targeted vulnerable asset are at risk.
Hijacking attacks
are those where an attacker takes over control of a session from a valid user. Some forms of hijacking disconnect the client, whereas others grant the attacker a parallel connection into the system or service.
downgrade attack
attempts to prevent a client from successfully negotiating robust high-grade encryption with a server. This attack may be performed using a real-time traffic manipulation technique or through a man-in-the-middle attack (a false proxy) in order to forcibly downgrade the attempted negotiation to a lower quality level of algorithms and key exchange/generation.
Distributed denial-of-service (DDoS)
employs an amplification or bounce network that is an unwilling or unknowing participant that is unfortunately able to receive broadcast messages and create message responses, echoes, or bounces. In effect, the attacker sends spoofed message packets to the amplification network's broadcast address.
birthday attack
exploits a mathematical property that if the same mathematical function is performed on two values and the result is the same, then the original values are the same. This concept is often represented with the syntax f(M)=f(M') therefore M=M'.
Social engineering
is a form of attack that exploits human nature and human behavior. _____ attacks take two primary forms: convincing someone to perform an unauthorized operation or convincing them to reveal confidential information.
Denial of service (DoS)
is a form of attack that has the primary goal of preventing the victimized system from performing legitimate activity or responding to legitimate traffic. One form exploits a weakness, an error, or a standard feature of software to cause a system to hang, freeze, consume all system resources, and so on. The end result is that the victimized computer is unable to process any legitimate tasks. Another form floods the victim's communication pipeline with garbage network traffic. The end result is that the victimized computer is unable to send or receive legitimate network communications.
man-in-the-middle attack
is a form of communications eavesdropping attack. Attackers position themselves in the communication stream between a client and server (or any two communicating entities). The client and server believe they're communicating directly with each other.
Cross-site scripting (XSS)
is a form of malicious code injection attack in which an attacker is able to compromise a web server and inject their own malicious code into the content sent to other visitors.
Whaling
is a form of phishing that targets specific high-value individuals.
Watering Hole Attack
is a form of targeted attack against a region, a group, or an organization. It's waged by poisoning a commonly accessed resource.
initialization vector (IV)
is a mathematical and cryptographic term for a random number. Most modern crypto functions use IVs in order to increase their security by reducing predictability and repeatability
Shimming
is a means of injecting alternate or compensation code into a system in order to alter its operations without changing the original or existing code
Spear phishing
is a more targeted form of phishing where the message is crafted and directed specifically to an individual or group of individuals. The hope of the attack is that someone who already has an online/digital relationship with an organization is more likely to fall for the false communication.
typo squatting/URL hijacking
is a practice employed to capture traffic when a user mistypes the domain name or IP address of an intended resource.
Refactoring
is a restricting or reorganizing of software code without changing its externally perceived behavior or produced results. It focuses on improving software's nonfunctional elements, such as quality attributes, non-behavioral requirements, service requirements, and constraints.
Near field communication (NFC)
is a standard to establish radio communications between devices in close proximity. It lets you perform a type of automatic synchronization and association between devices by touching them together or bringing them within inches of each other.
password cracker
is a tool used to reverse-engineer the secured storage of passwords in order to gain (or regain) access to an unknown or forgotten password. There are four well-known types of password-cracking techniques: dictionary, brute force, hybrid, and precomputed hash.
Cookies
is a tracking mechanism developed for web servers to monitor and respond to a user's serial viewing of multiple web pages. It may allow identity theft.
RFID (radio frequency identification)
is a tracking technology based on the ability to power a radio transmitter using current generated in an antenna when placed in a magnetic field. ____ can be triggered/powered and read from up to hundreds of meters away
Clickjacking
is a web page-based attack that causes a user to click on something other than what the user intended to click. This is often accomplished by using hidden or invisible layovers, frame sets, or image maps.
Xmas attack
is actually an Xmas scan. It's a form of port scanning that can be performed by a wide number of common port scanners, including Nmap, Xprobe, and hping2. The Xmas scan sends a TCP packet to a target port with the flags URG, PSH, and FIN all turned on.
Password guessing
is an attack aimed at discovering the passwords employed by user accounts. It's often called password cracking. There are two primary categories of password-guessing tools based on the method used to select possible passwords for a direct logon prompt or birthday attack procedure: brute force and dictionary
Cross-site request forgery (XSRF)
is an attack focused on the visiting user's web browser more than on the website being visited. The main purpose of _____ is to trick the user or the user's browser into performing actions they had not intended or would not have authorized.
Spoofing
is the act of falsifying data. Usually the falsification involves changing the source addresses of network packets. Because the source address is changed, victims are unable to locate the true attackers or initiators of a communication. Also, by spoofing the source address, attackers redirect responses, replies, and echoes of packets to some other system
DNS poisoning
is the act of falsifying the DNS information used by a client to reach a desired system. This can be accomplished by deploying a rogue DNS server (also known as DNS spoofing and DNS pharming), using _____, altering the HOSTS file, corrupting IP configuration, and using proxy falsification.
ARP poisoning
is the act of falsifying the IP-to-MAC address resolution system employed by TCP/IP.
impersonation
is the act of taking on the identity of someone else. The purpose of impersonation is to trick someone into believing you're the claimed identity so you can use the power or authority of that identity. ______ is also known as masquerading or spoofing.
War driving
is the act of using a detection tool to look for wireless networking signals. Often, _____ is the process of someone looking for a wireless network they aren't authorized to access.
Pharming
is the malicious redirection of a valid website's URL or IP address to a fake website that hosts a false version of the original valid site
Phishing
is the process of attempting to obtain sensitive information such as usernames, passwords, credit card details, or other personally identifiable information (PII) by masquerading as a trustworthy entity (a bank, a service provider, or a merchant, for example) in electronic communication (usually email).
Bluejacking
is the sending of messages to Bluetooth-capable devices without the permission of the owner/user. Just about any Bluetooth-enabled device, such as a smartphone or notebook computer, can receive a bluejacked message.
Jamming
is the transmission of radio signals to prevent reliable communications by decreasing the effective signal-to-noise ratio.
Bluesnarfing
is the unauthorized accessing of data via a Bluetooth connection. Successful attacks against smartphones and notebooks have been able to extract calendars, contact lists, text messages, emails, pictures, videos, and more.
MAC spoofing
is used to impersonate another system, often a valid or authorized network device in order to bypass port security or MAC filtering limitations.
collision
is when the output of two cryptography operations produces the same result. ____ occur in relation to encryption operations as well as hashing operations.