COMPTIA Security+ SYO:601

Black Box

Black box testing is a testing technique where the internal workings of the item being tested are not known by the tester. You are working "in the dark".

Grey Box

Grey box testing is the combination of black box and white box testing.

Near Field Communication(NFC)

NFC is a short ranged wireless communication, that can be tampered with like any other wireless communication. Has the benefit of being shorter range, and thus harder to intercept. Many attacks can be performed against an NFC communication. Eavesdropping: Simply listening in to traffic. Replay: Data is replayed to emulate older traffic. MitM: An attacker intercepts NFC traffic, changes or monitors it, and forwards it to its final destination.

Phishing

Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. User training needs to happen in order to be effective in stopping phishing attempts.

Ransomware

Software that encrypts programs and data until a ransom is paid to remove it.

Nation States/APT

The Nation State Actor are hacker that are generally legally hacking for the government of their country. They are usually well trained and will have a set a focused target. An Advanced Persistent Threat (APT) describes a group of well organized attackers, possibly from an enemy country, who use very sophisticated and targeted attacks against your organization.

Backdoor

A Backdoor attack is one that uses a method of bypassing normal authentication. Can take the form of any type of virus that has found a way around conventional security. Many backdoors are installed initially by malware so that other malware has an easier time accessing the user's computer. Often introduced as a rootkit

DoS(Denial Of Service)

A DoS (Denial of Service) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. Commonly happen to web servers, and more often, by a single external user. Often accomplished using buffer overflows or by using multiple servers and/or routers to overwhelm another router or host.

Virus

A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. A virus is a security threat to a system that requires interaction from a user. The characteristics of a virus: Replication Mechanism Activation Mechanism Objective

End of System Life and Lack of Vendor Support

As software and hardware ages, it eventually reaches a point where it needs to be replaced with newer technology. Older machines tend to have know vulnerabilities that an attacker could exploit. Machines that go unpatched to new threats are susceptible to them. Systems without vendor support may reach a state where they are in need of repair, but no support exists to repair them.

Improper Input Validation

Input validation, also called data validation, is the process of ensuring that a program operates on clean, correct, and useful data. Should be used to make sure your applications are coded in a secure manner. Improper input validation could lead to: Buffer overflow attacks, Command injection attacks, XSS and XSRF attacks And many more!

Spyware

Spyware is a type of malware that is installed on computers and that collects information about users without their knowledge. Typically, spyware is secretly installed on the user's personal computer or on a shared computer. Spyware can negatively affect confidentiality.

Wireless jamming

Wireless jamming can easily occur on a network because wireless traffic traverses over an otherwise easily accessible medium, air. A frequency can be clogged with large amounts of illegitimate traffic, preventing the access point from identifying legitimate traffic. Can also happen accidentally, as many commercial products operate on the 2.4GHz frequency.

Trojan or Trojan Horse

.The Trojan horse describes a class of computer threats that appears to perform a desirable function but, in fact, performs undisclosed malicious functions. Trojans are commonly installed via a thumb drive. Keygens (Key Generators) are well known for containing Trojans.

Brute Force

A brute-force attack is an attempt to manually guess a password, pin, or any other passphrase-like authentications in order to gain access to an account or system. Alternatively, the attacker can attempt to guess an encryption key using a program or algorithm. In theory, any key could be brute forced, but some forms of encryption are estimated to require so much time to break, that it is considered statistically impossible.

Rogue Access Points

A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator or has been created to allow an attacker to conduct a man-in-the-middle attack. If you notice an unauthorized wireless access point attached to your network, you should unplug the Ethernet cable from the wireless access point. Port Security can prevent the installation of rogue access points.

Vulnerability Scanners

A vulnerability scanner is a computer program designed to search for and map systems for weaknesses in an application, computer, or network. These utilities are the least intrusive and check the environment for known software flaws. Scheduling vulnerability scans is a management control type. Examples of some vulnerability scanner programs are: Nessus and Microsoft Baseline Security Analyzer

Zero Day Attack

A zero-day attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or the software developer. Also called zero-day vulnerabilities. Could be used to cause buffer overflows. With a Zero-Day exploit, either there is no fix for the vulnerability yet, or the fix was just released and not everyone has patched their systems yet.

Zero Day Attack

A zero-day attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or the software developer. Also called zero-day vulnerabilities. With a Zero-Day exploit, either there is no fix for the vulnerability yet, or the fix was just released and not everyone has patched their systems yet.

ARP poisoning

ARP is the method for finding a host's link layer (hardware) address when only its IP or some other Network Layer address is known. ARP poisoning allows traffic to be redirected through a malicious machine by sending false hardware address updates to a victim. Basically, an attacker convinces the victim that he, the attacker, is the default gateway for the network. ARP poisoning is used to later launch a man-in-the-middle attack.

Active Recon.

Active reconnaissance refers to the act of attempted to gather information from a group, website, etc. by the use of scanners, software, or a similar method requiring technical knowledge.

Adware

Adware is software installed that automatically displays and downloads advertising material when a user is online. Comes in the form of banners, pop-ups, browser search bars, etc. Typically downloaded secretly and has the potential to continue to install more of itself or other malware as long as the user is online.

Improperly Configured Accounts

An improperly configured account can compromise system security or prevent a user from accessing resources they should have access to. Without proper permissions to networked resources, a user might be unable to do their job. With too many permissions, a user might be able to access resources they should never have access to, potentially compromising the network. Default accounts should never be utilized on a secure network.

Integer Overflow

An integer overflow is when some integer is expected, but an integer outside of the expect range is forced into the application. For example, in a Date of Birth field it asks for month and day, and the user inputs, "3" for the month but "32" for the day. 32 is larger than the expected largest number of 31 days in march.

Resource Exhaustion

Anything from a computer to a piece of software only has certain allotted resource, either by hardware restraints or by design. Software that utilizes the maximum allotted CPU usage my become sluggish or crash, causing a DOS A server that reaches maximum CPU usage might also become sluggish, and be slow to respond to requests, also causing a DOS A DDOS frequently relies on exhausting resources of a server for the attack to be effective.

Intrusive Vs Non-Intrusive

As compared to a penetration test, a vulnerability scan tends to simply glance over a system to reveal compromises where the latter attempts to break through systems to reveal them. While a scan has the capability of slowing down a system during its operation it still allow for regular business operation to continue.

Bluejacking

Bluejacking is when unsolicited messages are sent to Bluetooth-enabled phones.

Bluesnarfing

Bluesnarfing allows hackers to gain access to data stored on a Bluetooth enabled phone using Bluetooth wireless technology without alerting the phone's user of the connection made to the device. Only specific older Bluetooth enabled phones are susceptible to bluesnarfing.

Hijacking

Clickjacking is tricking a user into clicking a link other than what they had initially intended to. May redirect a user to a malicious site. URL Hijacking, or Typo squatting, is an attack the relies on typographical errors made by users when inputting a web address in a browser.

DNS poisioning

DNS poisoning is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. For example: You are trying to connect to PayPal, but the URL changes to a different site (one that looks just like PayPal asking for your financial information).

Driver manipulation

Driver manipulation is when an attacker manages to sneak malicious code into a "legitimate" device driver. The user thinks they are installing a driver for a device. Driver actually contains a malicious attack that can compromise the system. Can be mitigated by only trusting signed drivers

dumpster diving

Dumpster diving is when attackers sort through the garbage of a company to gain information used for a subsequent attack. Use a shredder or shredding service to prevent this.

Improper Certificate and Key Management

Not keeping certificates up to date can lead to several devices on a company network not trusting each other. Outdated certificates that are never renews can also prevent a company smart card from granting access to the building, even for a valid employee. Not securing the private keys of your employees, servers, certificate authorities, etc. from an outside attack can lead to a compromise of those keys, making them untrustworthy. It is especially harmful if the CA is compromised, as all certificates signed by that CA become untrustworthy.

Passive Reconnaissance

Passive reconnaissance is characterized by the lack of technical expertise used to glean information. As an example, finding employee names from a business's public-facing website.

Shoulder Surfing

Shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information. Using password masking, privacy screens, and proximity readers instead of key-punch locks are ways to mitigate shoulder surfing.

False Positive/Negative

Sometimes when a scan is conducted it may yield results that are misleading in the form of false positives and negatives. A false negative is when a system reports that a verified user is unauthorized. A false positive is when a system identifies an unauthorized user and allows them access.

Spear Phishing Attack

Spear phishing is an email spoofing fraud attempt that targets a specific organization in order to seek unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets, or military information. Spear phishing targets specific employees of a company.

Spoofing

Spoofing is claiming to be something it/you are not. MAC spoofing is a technique for changing a factory-assigned MAC address of a network interface on a networked device in order to deceive certain securities. Similarly, IP spoofing, also known as IP address forgery or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network.

Tailgating

Tailgating is the act of an unauthorized, or authorized, person who follows someone to a restricted area without the consent of the authorized person.

Organized Crime

The most common adversary thought of when discussing data theft, cyber-criminals seek the immediate satisfaction of a financial payout. They typically target personal and financial information, hoping to exploit or sell the data for their own financial gain. This is typically carried out by an organized group of attackers trying to reap financial gain.

ID Vulnerabilities

The primary purpose for vulnerability scans is going to be to search a system, check back to it's database of filed vulnerabilities, and point out flaws that match. An important practice to observe when scanning is to run additional scans after vulnerabilities are found as there may others that have surfaced since the last ones were found and removed. A possible result from a vulnerability scan is identifying a lack of security controls. This points out a complete lack of a security measure as opposed to a gap in an existing one. Running a second scan is especially important in these cases as you would need to check if the new controls you put in place still present vulnerabilities. Attackers often look for systems that are misconfigured, but vulnerability scanners can detect some common misconfiguration settings. Some of these common misconfigurations include unintentionally open ports, default accounts and passwords, and weak passwords. Some scanners can also detect if certain sensitive data is being sent over the networks when it should not.

RAT(remote access Trojan)

This is a Trojan that can control a system without the user giving consent.

Script Kiddies

A Script Kiddie is some form of unskilled hacker who has no real skill of their own. They will utilize common or easily implemented vulnerabilities that can be found online. Script kiddies are assumed to be unskilled and thus a minor threat when compared to other threat actors. Script kiddies might be a threat to your untrained users, but generally user training and proper security controls on the network can mitigate most attacks that would be carried out by a script kiddie.

A Watering Hole Attack

A Watering Hole Attack is when an attacker finds a website or service frequented by whichever specific group that the attacker is targeting. The associated malware is usually some form of spyware to collect information of the target group. Usually effective against targets even if they are trained against social engineering attacks, as it exploits an otherwise trusted website.

Weak and Default Passwords

A weak password is a password that can be easily guessed. Passwords should be long enough and meet some sort of complexity to be hard to guess or be cracked by a password cracker. When creating a strong password, length is the most important factor to consider. This is closely followed by complexity, which uses upper-case, lower-case, special characters, and numbers. Always change default passwords in software and hardware! Until you do, the password can be easily obtained by downloading vendor documentation.

Hacktivist

A Hacktivist is a person that uses hacking to promote a cause or push a political agenda A hacktivist can be anything from an individual getting attention for a cause to a cyberterrorist. This can cause a moral grey area when viewing a hacktivist. Some will support the cause and others will condone it depending on the cause. Hacktivism is frequently a red herring for a more threatening attack. For example, a website might get defaced and some credit cards might be discreetly stolen.

Misconfiguration and Weak Configuration

A Misconfigured device can cause all sorts of issues, and can be an issue with any device. Weak configurations can cause open passage ways into your systems for attackers, create easily prevented vulnerabilities, and much more. Intentional but weak configurations are equally dangerous, for example, setting a password to only require lowercase and uppercase letters, but no numbers or special characters.

Pivot & Initial Exploitation

A Penetration testing pivot is the first steps into a network or system. The pivot point is the point where the hacker can then branch out and compromise other parts of the system or other devices on the network. The pivot is basically the initial exploitation that is required to a hacker to compromise the rest of the network. After this initial exploitation takes place, the attacker/ tester will either hit the systems they planned to hit and go, or use this pivot point as a persistent means to continue to compromise the system.

Race Condition

A Race Condition is when multiple events try to be processed by a system at the same time, potentially causing them to be processed in the wrong order. An issue with sequence dependent events. One file being access by multiple users at once, if both are saved by the different users, can cause the file to be corrupt, or one users changes never saving.

Birthday Attack

A birthday attack is an attack on hashed password that utilizes the same logic as the birthday problem. Which is to say, even if there are many different possible hashing outputs, you are likely to find two different inputs with the same hash. The amount of attempts required for a probable match is less than one might think, for example: 1 in 21 (4%) chance to match after 100 attempts if there were 100,000 unique hashes. 1 in 3 (39%) chance to match after 100 attempts if there were 10,000 unique hashes. Keep in mind, while more unique hashes exist, hashes can be brute-forced at a rate of hundreds per second.

Buffer Overflows

A buffer overflow is a condition where a process attempts to store more data into a memory variable than that variable accepts. Basically it writes too much data into an application's memory and causes the application to crash. If successful, a buffer overflow can lead to a DoS. The most common exploit of an Internet-exposed network service or a web server is a buffer overflow.

Buffer Overflows

A buffer overflow is a condition where a process attempts to store more data into a memory variable than that variable accepts. Basically it writes too much data into an application's memory and causes the application to crash. If successful, a buffer overflow can lead to a DoS. The most common exploit of an Internet-exposed network service or a web server is a buffer overflow.

Default Accounts

A default account is using the main account that was supplied by the device vendor. If at all possible: Always change (or better yet remove) the default account. Create a new account and make sure that you use a complex password. Even try to get away from using the account name Administrator or Admin.

Dictionary Attack

A dictionary attack is similar to a brute-force but instead of systematically working through otherwise random passwords, a dictionary attack goes after common passwords first. This way, passwords like "password" or "12345" would be quickly broken. Companies can mitigate this attack by training user on secure password usage and by enforcing a strict password policy. The dictionary attack can still be successful, but it prevents those easy passwords from being discovered quickly.

Disassociation

A disassociation attack, (also known as a deauthentication attack) is when an attacker manages to cause a user's connection to Wi-Fi to get broken, or deauthenticated. The attacker can accomplish this by spoofing the legitimate user's MAC address and sending a deauthentication (think logging out) frame to the wireless access point. There have been multiple cases of public businesses performing these attacks on their guests in an attempt to for them to pay for the business' Wi-Fi.

Downgrade

A downgrade attack is an attack that forces a system to utilize a weaker form of encryption or security. This way, the attacker can have an easier time breaking the weaker encryption as opposed to the previously implemented one. Or, if possible, to force the target system to abandon encryption entirely. This type of attack can be a result of a main in the middle attack, which all of the user's traffic is sent through a malicious device. The attack negotiates the user's connection to use a weaker encryption. This can be prevented by not allowing a user to use older versions of an application or protocol, forcing the latest and greatest security.

Man in the Middle Attack

A form of active eavesdropping, or network sniffing, in which the attacker makes independent connections with the victims and relays messages between them. A man-in-the-middle attack is when there is an interruption of network traffic for spying, and possibly accompanied by the insertion of malicious code.

key logger

A keylogger records every keystroke on a device, trying to pick out patterns that synchronize with certain information. Often used covertly and remotely using software in order to record sensitive information such as passwords, credit numbers, etc. Can come packaged with other types of malware, such as trojans.

Logic Bomb

A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. A type of malicious attack that is set off by a specific event, date, or time. Not able to be discovered by an antivirus scan. Code review and change management processes are the best way to stop logic bombs from showing up in your applications.

Memory Leak

A memory leak can occur when a system incorrectly manages memory allocations in such a way that memory that is no longer being utilized or needed is not release. Basically, an application consumes demands more and more utilization of the system's RAM but never returns and unused memory to the system. This will lead to the eventual crashing of the software.

Penetration Testing

A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker or Cracker. A penetration tester should perform a penetration test when the penetration tester has written permission from the network owner. Penetration testing actively tests security controls and can cause system instability.

Rainbow Tables

A rainbow table is a table of common hashes for plaintext while using various hashing algorithms. These tables are pre-calculated so an attacker has to do little work to utilize one. A Rainbow table can be compared to a master password file of corporate users, and if the rainbow table is able to successfully discover a users password, then you know one of two things must be true (or both). The user's password is weak. The hash algorithm used by the company is weak. Attackers can also build their own rainbow table while attempting to brute-force a hash.

Replay

A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. An example of this would be an attacker capturing part of a communication stream and then later sending that communication stream to the server while pretending to be the client.

Rootkit

A rootkit is malware which consists of a program designed to hide or obscure the fact that a system has been compromised. A rootkit hides its processes, applications, and files from being detected. An attacker may use a rootkit to replace vital system executables which may then be used to hide processes and files the attacker has installed along with the presence of the rootkit itself.

worm

A worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes, and it may do so without any user intervention. Can autonomously replicate itself across networks. The difference between a Trojan Horse and a Worm is that the Worm self-replicates while the Trojan Horse does not.

Botnet

Botnet is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. A botnet can be used to perform a Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack.

XSS and XSRF

Cross-Site Scripting (XSS) attacks are when malicious scripts are injected into benign or otherwise trusted websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. Cross-site Request Forgery (XSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. Unlike cross-site scripting , which exploits the trust a user has for a particular site, XSRF exploits the trust that a site has in a user's browser. Unlike cross-site scripting , which exploits the trust a user has for a particular site, XSRF exploits the trust that a site has in a user's browser.

Authenticated vs.Unauthenticated

There are two approaches to vulnerability scanning, authenticated and unauthenticated scans. An unauthenticated scan is performed the same way an intruder would be expected to scan the network. No credentials are used. This way, the company can get an accurate view of the vulnerabilities that are present and exploitable without ever logging into the network. An authenticated scan is performed with internal network credentials. This can usually see a more full picture of the network and can also simulate a scan from an internal threat,

Domain Hijacking

Domain hijacking is when an attacker manages to take control of somebody else's domain. This can be accomplished a number of ways, but getting admin access is generally involved. For example, an attacker gets admin control of example.com and forces anybody who goes to example.com to be redirected to a malicious site. This is possible since the admin has full control. An attacker could also install malware on the hijacked site.

Evil Twin

Evil Twin is a term for a rogue, or counterfeit, Wi-Fi access point that appears to be a legitimate one offered on the premises. These WAPs have been set up by a hacker to eavesdrop on wireless communications among Internet surfers. Evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider.

Impersonation

Impersonating is when someone tries to pass themselves off as someone else. A simple strategy used to obtain information and/or access for a future attack. "This is X website you're subscribed to and we need you to tell us your password."

DDoS Attack

In a DDoS (Distributed Denial of Service), large numbers of compromised systems (zombies/bots) attack a single target in attempt to crash it. These zombie computers are being remotely updated by a command and control center.

Persistent Penetration

In a Persistent Penetration Attack, after the initial attack, the attacker will continue to monitor the target network. As the threatscape changes due to new exploits, or as improved methodologies are developed, these new attacks are compared against the target network to identify new risks. This more accurately simulates the approach of real-world methods

Insider Threat

Insider Threats are perpetrated by individuals that are a part of the targeted group/company. They may aim to vandalize assets as a form of revenge, steal proprietary assets for resale on the dark web, or simply send sensitive data to anybody who asks. The hard part, of course, is distinguishing these actions from all the legitimate activity that occurs every day on your network. Some tactics could help mitigate an insider threat, like least privilege or job rotation.

Attributes of Actors

Internal vs. External - An internal threat is one that originates from within the targeted group and will have an easier time getting through or already have access to that groups information making them potentially more dangerous then an external threat that would have to break through the security. Level of Sophistication refers to the amount of organization, and expertise that are attributed to the particular attacker. What also helps to determine the effectiveness of an attacker is the amount of resources and funding that are available to them. Where a Script Kiddie would have little to none to pull from, a Nation State would have resources from the government that employed them. Intent is also important in assessing a threat as an attacker seeking to expose government secrets will be assessed more dangerous than an attacker seeking to deface a public website.

Competitors

Threats posed by competitors are, simply, threats perpetrated by competing groups in order to gain some sort of edge or handicap their rivals. Threats may include disrupting day-to-day operations, exposing sensitive information, destroying public relations, etc.

Passively Testing

One way that vulnerability scanning distinguishes itself from penetration testing is the amount of work involved in conducting it. When a vulnerability scan is conducted it runs on its own to search for compromises based on a database without active involvement. Ends up not being as thorough, but allows for regular business operation to continue.

Open-Source Intelligence

Open-source intelligence (OSINT) is publicly available information that any corporation or individual can utilize in order to keep up to date on many types of attacks and threats. This could included many sources including, but not limited to, the news, social media, and publicly available reports. OSINT is simply any openly available information to the public.

Piggybacking

Piggybacking is when an authorized person allows (intentionally) others to pass through on their security principles. Double entry doors, security guards, and turnstiles would be used to deter piggybacking.

Whaling

Whaling is a type of spear-phishing that targets executives and high-profile targets (the "big fish"). For example, a company may have bios of its executive officers on a corporate website. This information may be used by a social engineer to create a targeted spear phishing attack to the corporate officer.

Privilege Escalation

Privilege escalation is the act of exploiting a bug or design flaw in a software application to gain access to resources which normally would have been protected from an application or user. Privilege escalation is a type of attack that occurring when the attacker uses an account that has read-only access to gain access to an account that has full control access.

SQL Injection

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. An attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored data. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. MS-SQL database port number is 1433. An example of a SQL injection is ' or '1' ='1

Social Engineering

There are several "principles" (reasons for effectiveness) of Social Engineering: 1.Authority 2.Intimidation 3.Scarcity 4.Urgency 5.Familiarity/liking 6.Trust Any of these principles could help an attacker trick a victim into divulging information or unwittingly aiding in an attack.

Untrained Users

Untrained users can cause countless problems, more so than any other issue. Untrained users can cause minor hiccups in day to day operations. Untrained users can cause a complete system failure. Users need to be trained and kept up to date on a few aspects to prevent a failure. Latest best security practices to prevent social engineering attempts. Functionality of a system to prevent misconfigurations. Much, much more.

Vishing

Vishing (Voice Phishing or VoIP Phishing) is phishing using the telephone as a means to find a target. The hacker will typically use a war dialer to send a recorded message stating that there is an error with a victims credit card or bank account and leave a number to call back. If the victim calls back, they will usually be asked personal information, such as SS# or account numbers.

WPS Attack

WPS can utilize a pin which is inherently unsecure and easily brute-forced. This type of attack is possible because of the simple nature of the pin. A WPS pin is considerably easy to brute-force as it is just made of several digits. A WPS pin can be broken in just a few hours.

Weak Implementation

Weak encryption based attacks target the implementation or the algorithm itself, that is used in implementing password based authentication. If the attacker has access to the location where the passwords are stored, and if there are suitable conditions for the attacker to break the passwords, then it is pretty much a situation of compromise.

Improper Error Handling

When a piece of software receives an error, it wants to handle that error gracefully and without compromising itself or the underlying system. In an extreme example, an error improperly handled can cause the application to crash completely, causing a DOS.

Undocumented Assets

While undocumented assets not immediately effect a company, one of a few negative outcomes can be possible. Something is stolen, but not detected because of lack of documentation. An employee never returns a company laptop, but is forgotten about. A stolen laptop is used to exfiltrate data from the network, but the vulnerability goes undetected because no known laptop exists to be stolen. Additionally, not documenting company assets can lead to an inefficient use of company resources. An undocumented asset can't be utilized if the company is unaware of its existence.

White Box

White box testing is a testing technique whereby explicit knowledge of the internal workings of the item being tested is used to select the test data.