CSEC 280 Module 02

Motive

Originates out of the notion that the target system stores or processes something valuable which leads to threats of attacks on the system

Passive Attack

Attacker does not tamper with the data and involve intercepting and monitoring network traffic and data flow on the target network

Active Attack

Attacker tampers with the data in transit or disrupt the communication or services between the systems to break or bypass into secured systems

Close-in Attack

Performed when the attacker is in close physical proximity with the target system or network.

Insider Attacks

Involve using privileged access to violate rules or intentionally cause a threat to the organization's information or information systems

Distribution Attack

Occur when attackers temper with hardware or software prior to installation

Hacking

Refers to the practice of modifying or altering computer software and hardware to accomplish a goal that is considered to be outside of the creator's original objective.

Tactics

Guidelines that describe the way an attacker performs an attack from beginning to end

Techniques

The technical methods used by an attacker to achieve intermediate results during the attack

Procedures

Organizational approaches that threat actors follow to launch an attack

MITRE ATT&CK

Globally accessible knowledge base of adversary tactics and techniques based on real-world observations

Reconnaissance Attacks

Attackers attempt to discover information about the target network

Network Scanning

A set of procedures used for identifying hosts, ports, and services in a network

DNS Footprinting

Provide important information about the locations and types of servers

Packet Sniffing

The process of monitoring and capturing all data packets passing through a given network using a software application or hardware device

Man-in-the-Middle Attack

Used to intrude into an existing connection between systems and intercept the messages being exchanged

DNS Posioining

The unauthorized manipulation of IP addresses in the DNS cache

Domain Hijacking

An attack that changes the registration of a domain name without permission from the owner.

ARP Spoofing Attack

A protocol used for mapping an IP address to a physical machine address which is recognized in the local network

DHCP Spoofing Attack

The attacker sets up a rouge DHCP server on the network and responds to DHCP requests with bogus IP addresses resulting in compromised network access

Switch Port Stealing

Uses Mac Flooding to sniff the packets

MAC Spoofing/Duplicating/Cloning

By listening to the traffic on the network, a malicious user can intercept and use a legitimate user's MAC address to receive all the traffic destined for the user

MAC Flooding

involves the flooding of the CAM table with fake MAC address and IP pairs until it is full.

IP Address Spoofing

Changes the source IP addresses so that the attacker appears to be coming form someone else

Denial-of-Service Attack

A coordinated attack that involves a multitude of compromised systems attacking a single target, thereby denying service to users of the targeted system

Distributed Reflection DoS (DRDoS)

A network-based attack where the attacker dramatically increases the bandwidth sent to a victim during a DDoS attack by implementing an amplification factor.

Malware Attacks

Any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising

Advanced Persistent Threat (APT)

A network threat, where an attacker gains unauthorized access to a target network and remain undetected for a long period of time

Malicious universal serial bus (USB) cable

A USB with additional electronics that may tell your computer it is a keyboard or mouse. This allows it to type anything it wants into the system. It would then start up a command prompt, type in some commands to download some malware from a third party site.

Card cloning

The process of creating a duplicate of a credit card or access card by copying information from the original card

Malicious Flash Drive

a physical device that contains malicious PDFs, files, etc that could be harmful to your computer, older systems would automatically upload from this physical device without user consent

Skimming

The process of extracting payment and personal information from credit card users using special devices

Injection Flaws

Web application vulnerabilities that allow untrusted data to be interpreted and executed as part of a command or query

Cross-Site Scripting (XSS)

Exploits Web page security vulnerabilities to bypass browser security mechanisms and create a malicious link that injects unwanted code into a Web site.

Parameter Tempering Attack

Involves the manipulation of parameters exchanged between client and server in order to modify application data such as user credentials and permissions, price, quantity of products

Directory Transversal Attack

Attackers use ../ sequence to access restricted directories outside the web server root directory

Cross-Site Request Forgery

An attack that uses the user's Web browser settings to impersonate the user.

DNS Amplification Attack

Attacker takes advantage of the DNS recursive method of DNS redirection.

Server-Side Request Forgery (SSRF)

An attack that takes advantage of a trusting relationship between web servers.

Application Level DoS Attack

Attackers exhaust available servers by sending hundreds of resource-intensive requests

XML External Entity

A server-side forestry attack that can occur when a misconfigured XML parser allows applications to parse XML input from unreliable sources

Watering Hole Attack

An attack method that infects web sites that a group is likely to trust and visit.

Man-in-the-Browser Attack

Trojan horse that intercepts data passing through the browser

Session Replay Attack

Attacker listens to the conversation between the user and the server and captures the authentication token of the user

Secure Socket Layer (SSL) Stripping

A technique of demoting website security from HTTPS to the less secure HTTP

Password Cracking

Technique used to crack passwords of users on the target system

Dictionary Attack

A dictionary file is loaded into the cracking application that runs against user accounts

Brute-Force Attack

The password cracker tries every possible combination of characters

Rule-based Attack

Attacker has some information about the password.

Hash Injection

Allows an attacker to inject a compromised hash into a local session and use the hash to validate network resources

Rainbow Table

A precomputed table for reversing cryptographic hash functions, usually for cracking password hashes

Compare the Hashes

An attacker captures the hash of a password and compares it with the precomputed hash table. If a match is found, then the password is cracked. It is easy to recover passwords by comparing captured password hashes to the pre-computed tables.

Easy to Recover

An easy way to recover passwords by comparing the captured password hashes to the precomputed tables

Zero-day Attacks

Attacks that exploit previously unknown vulnerabilities, so victims have no time (zero days) to prepare or defend against the attacks.

Buffer Overflow

A technique for crashing by sending too much data to the buffer in a computer's memory

Return-Oriented Programming (ROP) Attack

An exploitation technique used by attackers to execute arbitrary malicious code

Privilege Escalation

An attacker can gain access to the network using a non-admin user account and the next step would be to gain administrative privilege's

DLL Hijacking

Loading a malicious DLL in the application directory so that when the application executes, it will choose the malicious DLL

Application Shimming

Used to provide compatibility between the older and newer versions of the Windows OS

Refactoring

The process of modifying the non-functional code of driver software without affecting the actual operation of the driver

Social Engineering

The art of manipulating people so they give up confidential information

Impersonation

The attacker pretends to be someone legitimate or an authorized

Eavesdropping

Unauthorized listening of conversations, or reading of messages

Shoulder Surfing

A direct observation techniques, such as looking over someone's shoulder, to get information.

Dumpster Diving

Looking for treasure in someone else's trash.

Reverse Social Engineering

The attacker presents him/herself as an authority and the target seeks his or her advice before or after offering the information that the attacker needs

Piggybacking

An authorized person intentionally allows an unauthorized person to ass through a secure door

Tailgating

When an unauthorized individual enters a restricted-access building by following an authorized user.

Hoax Letters

Emails that issue warnings to the user about new viruses, Trojans, or worms that may harm the user's system.

Spam Email

Irrelevant, unwanted, and unsolicited emails that attempt to collect financial information, social security numbers, and network information

Instant Chat Messenger

Gathering personal information by chatting with a selected user online to get information such as birth dates and maiden names

Phishing

An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information

Credential Harvesting

Attacker employ TTPs such as phishing campaigns, password dumping tools, to perform credential stuffing

Typosquatting

Attackers register domain names with intentionally misspelled versions of well-known websites to send unsuspecting visitors to malicious websites

Elicitation

A technique to extract information from a target without arousing suspicion.

Identity Theft

A crime that involves someone pretending to be another person in order to steal money or obtain benefits

Influence Campaigns

Using social engineering to sway attention and sympathy in a particular direction.

Rouge AP Attack

Placed into an 802.11 network can be used to hijack the connections of legitimate network users

AP MAC Spoofing

Hackers spoof the MAC address of WLAN client equipment to mask as an authorized client

War Driving

The act of searching for instances of wireless LAN networks while in motion, using wireless tracking devices like PDAs, mobile phones, or laptops.

Evil Twin

A wireless network with the same name as another wireless access point. Users unknowingly connect to the evil twin; hackers monitor the traffic looking for useful information.

Jamming Signal Attack

An attacker stakes out the area from a nearby location with a high-gain amplifier drowning out the legitimate AP

Dissociation Attack

The attacker makes the victim unavailable to other wireless network devices by destroying the connectivity between the AP and client

De-authentication Attack

The attacker flood(s) with forged de-authenticates or disassociates to disconnect users from an AP

Reverse Engineering

Attackers perform reverse engineering by gaining access to the chip and reading its memory contents optically to retrieve the PIN, biometric data, personal information, etc.

Power Analysis Attack

A type of side-channel attack that enables attackers to crack passwords by analyzing the power-consumption patterns of a network device

RFID Cloning/Spoofing

Involves capturing the data from a legitimate RFID tag and then creating a clone of it using a new chip

Data Modification Attack

A more dangerous attack that not only captures and stores the target's data exchange but also modifies it using a radio-frequency device

Data Corruption Attack

A type of DoS attack performed by interfering or disrupting the data transmission or blocking the data channel so that the receiver is not able to decipher or read the data received

Sandboxing

Protect systems and users by limiting the resources the app can access to the mobile platform

Mobile Spam

Unsolicited messages sent in bulk form to known/unknown phone numbers/email IDs to target mobile phones.

SMS Phishing

The act of trying to acquire personal and financial information by sending SMSs containing deceptive links

Android Rooting

Involves exploiting security vulnerabilities in the device firmware and copying the SU binary to a location in the current process's path and grating it executable permission with chmod command

Jailbreaking iOS

Defined as the process of installing a modified set of kernel patches that allows users to run third-party applications not signed by the OS vendor

Provides root access to the operating system and permits downloading of third-party applications, themes, extensions on iOS devices

Removes sandbox restrictions, which enables malicious apps to access restricted mobile resources and info

Metasploit

Allows testers to scan systems for vulnerabilities, conduct network reconnaissance, launch exploits, and more

Distributed Denial of Service (DDoS) Attack

Attacker initiates the attack by exploiting the vulnerabilities in the devices and installing a malicious software in their OS

Rolling Code Attack

Used in keyless endless systems to prevent replay attacks, where an eavesdropper records transmission and replays it at a later time to cause the receiver to unlock

BlueBorne Attack

Performed on Bluetooth connections to gain access and take full control of the target device.

SDR-Based Attacks on IoT

The attacker uses software defined radio (SDR) to examine the communication signals in the IoT network and sends spam content or texts to the interconnected devices

HMI-Based Attacks

Attackers gain access to the HMI systems to cause physical damage to the SCADA devices to collect sensitive information related to critical architecture