1.2 Compare and contrast types of attacks.
Downgrade Attack
An attack in which the system is forced to abandon the current higher security mode of operation and fall back to implementing an older and less secure mode.
Smurf Attack
An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.
WPS Attack
Wi-Fi Protected Setup (WPS) is a wireless security standard meant for easy wifi configuration. Unfortunately, the 8-digit PIN used is susceptible to brute force attacks. Once an attacker has the PIN, they can get the WPA/WPA2 passphrase and gain access to the network.
Weak implementations
developers who try to create their own cryptographic methods, or who poorly implement other, existing methods.
ARP
helps translate between IP addresses and MAC addresses of devices.
Bluesnarfing
involves stealing information from a bluetooth connection (instead of sending unwanted information).
Collision Attack
An attempt to find two input strings of a hash function that produce the same hash result.
Pass the Hash
Websites do (or should) use hashed passwords and not passwords in plaintext. If a hacker can capture the hashed value, they might be able to use that to authenticate without ever knowing the password.
Whaling
Whaling refers to a phishing attack that specifically targets "high-value" persons, like CEOs.
Dumpster Diving
What could you find when dumpster diving? Personal information, IDs, passwords, company info (that would make the attacker seem more plausible), etc. They might also find hardware or other equipment that could be reverse engineered.
Social Engineering: Consensus
-People are often more willing to like something that other people like. -attackers take advantage of this by creating web sites with fake testimonials that promote a product. For example, criminals have set up some web sites with dozens of testimonials listing all the benefits of their fake antivirus software (rogueware)
URL Hijacking and Typo Squatting
-Redirecting a user to a fictitious website based on a misspelling of the URL. Also called typo squatting. -Buying a domain similar to one that's legitimate\ Done to host malicious code, earn ad revenue, or resell the domain to the legitimate one
Amplification
-Significantly increases the amount of traffic sent to, or requested from, a user. ex. smurf attack
Hoaxes
-a message that tells of impending doom from a virus or other security threat that doesn't exist. -often wants users to delete files from their computer to get rid of the threat
DDoS
-a type of attack where multiple virus-infected computers are used to target a single system, overwhelming it with traffic, rendering it useless or unresponsive -Attacks from botnets
ARP Poisoning
-an attack that convinces the network that the attacker's MAC address is the one associated with an allowed address so that traffic is wrongly sent to the attacker's machine
Rogue AP Attack
A rogue access point is similar to the evil twin one. An attacker can use a rogue AP to get users to connect, enter credentials, etc. From here, MitM and other attacks can occur. My understanding is that the difference between evil twin and rogue AP attacks is that an evil twin AP is made to look legitimate.
Evil Twin Attack
A wireless network with the same name as another wireless access point. Users unknowingly connect to the evil twin; hackers monitor the traffic looking for useful information. By using an access point with higher-gain antennas, devices will attach to that AP, as it will be the "better" connection option. From here, man-in-the-middle or denial-of-service attacks can occur.
Zero Days
A zero day is a vulnerability for which there's no previous knowledge, aside from the hacker or vendor.
MITB
-hacker sends a Trojan to intercept browser calls. Trojan sits between browser and libraries, allowing hacker to watch and interact within a browser session
Known Plaintext/Ciphertext
If an attacker has access to both plaintext and ciphertext copies of a message, they can (probably?) reverse engineer the encryption and decrypt other messages, too.
Social Engineering: Intimidation
Intimidation can go hand-in-hand with authority. It can range from very subtle to very direct
MAC Spoofing
MAC spoofing refers to changing a MAC address to bypass security checks that are looking for a specific MAC address.
Social Engineering: Authority
Many people have grown up to respect authority and are more likely to comply when a person of authority says to do so.
Privilege Escalation
Privilege escalation refers to starting an ordinary privilege level and working your way up to root or admin level. This can be done by stealing credentials (possibly left in plaintext somewhere). This can also be done in conjunction with other attacks on processes running with elevated privileges.
Rainbow Tables
Rainbow tables are precomputed lookup tables of hash values for a given password. Fastest way to guess a password
Replay
Replay attacks occur when an attacker captures some communication between two parties, and then re-transmits it later. This might get them authenticated, or repeat a transaction.
Shimming
Shimming refers to putting another layer of code between the driver and OS. This can be a way for developers to make future improvements easier. Changes the drivers behavior
Buffer overflow
A buffer overflow is where an input buffer is overwritten with more data than that buffer can hold. As a result, the user input spills into other parts of memory. This allows attackers to crash the program, or overwrite values.
Dictionary Attack
A dictionary will have a lot of possible passwords, which then might be combined or altered ("secret" => "s3cr3t") to generate passwords to try.
XSRF or CSRF
is "an attack that forces an end-user to execute unwanted actions on a web application in which they're currently authenticated."
NFC
is a wireless protocol that lets devices talk over a very short range (~4 inches). This has become more popular in mobile payment systems (the "tap to pay" thing). -Done through eavesdropping and the use of antennas to intercept the data between 2 devices
Phishing
phishing occurs when an attacker tries to obtain sensitive information from users by pretending to be a trusted entity. This can be in the form of an email, text-message, etc. Phishing often directs users to a reputable-looking (fake) copy of a website. The user then enters their credentials, which are stolen by the attacker, who owns the fake website.
Impersonation
pretending to be somebody else. In this case, we're talking specifically about pretending to be someone known to the victim, like their boss, or IT.
Spear Phishing
targets a specific group of people. While there are fewer potential victims, this method may be more successful because it looks less suspicious.
Bluejacking
which means sending unauthorized messages to a Bluetooth-enabled device.
Social Engineering: Urgency
This needs to happen quickly. Don't even think about it. Just provide this information right now so that we can solve this problem.
RFID Attack
This stands for radio frequency identification. RFID tags can either be active or passive. Active tags have their own power source, whereas passive tags are powered by (nearby) RF fields The radio frequencies in use are publicly known, so eavesdropping and replay attacks aren't that difficult. Anything that needs to be tracked (Inventory, Animals)
Vishing
Vishing is a type of phishing that uses voice communication. People are more trusting of a stranger over the phone than over email. Unfortunately, this trust can be exploited. It doesn't help that attackers can spoof calls using Voice over IP technology.
Watering Hole Attack
Water hole attacks involve infecting a target website with malware. When they visit the site, their computer will also be affected with malware.
Brute Force Attack
Brute force attacks try all possible password combinations. If you're trying this "online" (connected to the victim), then it's more likely that you'll get caught due to excessive traffic. If you do it "offline" (meaning you've stolen a copy of what you're trying to crack), detection and bandwidth is less of an issue.
Clickjacking
Clickjacking is where elements on the website result in a the user clicking something they didn't want to. This might be a translucent overlay, for example.
IP Address Spoofing
Creating Internet Protocol packets with a forged IP address to hide the sender's identity or to impersonate another computer system.
DNS Poisoning
DNS poisoning or spoofing is where you (similar to ARP poisoning) change a DNS record. This results in wrongly diverted traffic.
Disassociation Attack
Disassociation attacks mean disconnecting (or dissociating) a device from the network.
Domain Hijacking
Domain hijacking is the (unauthorized) act of changing a domain name's registration.
Spoofing
Spoofing refers to making something look like it has come from a different source. This usually means impersonating a well-known, reputable or authenticated source.
Tailgating
Tailgating means following closely behind a person who has used their own access card to get into a room or building.
Bluebugging
Taking control of a phone to make calls, send text messages, listen to calls, or read text messages.
Social Engineering: Familiarity
They become your friend. They talk about things that you like, and by doing that, they make you familiar with them on the phone and make you want to do things for them.
MITM
They occur when an attacker places himself (or herself) between two hosts that are communicating. This allows the attacker to observe all traffic, including modifying or blocking traffic. The attacker then forwards the traffic to the intended recipient, and they are none the wiser.
Social Engineering: Scarcity
-People are often encouraged to take action when they think there is a limited quantity. -Attackers can take advantage of this and encourage users to click a link for exclusive access to a new product.
Dos
-An attack on a computer resource that prevents it from performing its normal operations, usually by overwhelming it with large numbers of requests in an effort to monopolize its resources. -One attacker against one target
IV attack
-Attempts to discover the pre-shared key from the IV -Successful when an encryption system reuses the same IV -Uses packet injection to add more packets into the data stream. AP responds with more packets, increasing the chance that the IV will reuse a key -WEP should never be used since it is vulnerable to these attacks
XSS
Cross-site scripting (XSS) is where an attacker can include a script in their input. The injected script might be immediately executed by the backend but not persisted, making it a non-persistent XSS attack. It could be stored on the backend and then used against others later (making it a persistent attack).
Wireless Replay Attack
Essentially, you record traffic between endpoints and the wireless access point (you could do this with Bluetooth, etc. as well). Then you can replay those messages to authenticate, execute a transaction, etc.
Jamming Attack
Jamming refers to blocking wireless or radio signals and causing denial of service.
Injection
Like the buffer overflow attack, injection vulnerabilities are the result of poor or no input validation. Injection means that an attacker can provide input that is interpreted/executed by an application to malicious ends.
Social Engineering: Trust
Make them feel like they are doing the right thing
Refactored
Refactoring is another legitimate software development process. It means to restructure existing code without changing the overall behavior (so the OS and user won't notice a difference).
Birthday Attack
This is named after the "birthday paradox," which describes the high (50%) probability that two individuals (in a group of 23 or more) will share a birthday.
Session Hijacking
This is where an attacker takes over an existing session between a client and server. Since the user (likely) already authenticated, the attacker can carry on with full privileges once the attack is complete.
Shoulder Surfing
This is where the attacker can watch the victim enter in credentials, a keycode, etc. This can happen while the attacker is physically present and nearby. It can also happen through security cameras, binoculars, etc.