Attacks

  • Access aggregation
  • Access control
    • Asset identification
    • Password
      • Birthday – hashing collision, 50% chance 2 people of 23 share a birthday
      • Brute force
      • Dictionary
      • PBKDFw
      • Pepper (not attack), large constant stored apart from a salt
      • Rainbow Table
      • Sniffer – captures network traffic
      • Wireshark capture – protocol analyzer captures traffic
    • Smartcard / side-channel
    • Social engineering
      • Phishing
      • Shoulder surfing
      • Spear phishing
      • Vishing
      • Whaling
    • Spoofing
    • Threat identification
      • Advanced Persistent Threat (APT)
  • Agents – bots
  • Application
    • Back doors
    • Buffer overflows
    • Escalation of privilege
    • Rootkit
    • TOCTOU – Time Of Check to Time Of Use
  • ARP – Address Resolution Protocol – IP -> MAC poisoning
  • Botnets
  • Bots
  • Business – illegally obtain company’s information
  • Computer architecture
    • Buffer overflow
    • Data diddling – making small changes to data
    • Design-based – take advantage of flawed design
    • Incremental – slow, gradual changes, not obvious
    • Input checking
    • Maintenance hooks – backdoors created by developers
    • Parameter checking
    • Salami
    • State
    • Trusted recovery
  • Computer crime
    • APTs
    • Business
    • Corporate espionage
    • Financial
    • Grudge
    • Hacktivist
    • Industrial espionage
    • Insider threats
    • Intelligence
    • Military
    • Script kiddies
    • Terrorist
    • Thrill
  • Cryptography
    • Analytic
    • Birthday
    • Brute force
    • Chosen ciphertext
    • Chosen plaintext
    • Ciphertext only
    • Collision
    • Frequency
    • Implementation
    • Known plaintext
    • Man-in-the-middle – intercept communication between 2 parties
    • Meet-in-the-middle – defeat encryption using 2 rounds (reason there is no 2DES)
    • Replay
    • Reverse hash matching
    • Statistical
  • DDoS
  • Eavesdropping
  • Fraggle – UDP over ports 7 and 19
  • Grudge
  • Hijacking
  • Hyperlink spoofing
  • Impersonation
  • Land – spoofed SYN packets using victim’s IP as source and destination, replies to self
  • Drive-by download
  • Masquerading
  • Modification
  • Ping flood – pings, not echos
  • Ping of death – oversized ping packet (32-64 bytes amplified to 64 KB)
  • Replay
  • Sabotage
  • Smurf – ICMP echo packets
  • SYN flood
  • TCP reset – spoof IP address in RST packet to disconnect active session
  • Teardrop – fragments packets in a way the system can’t put them back together
  • Unskilled attackers
  • VoIP
  • Wireless networking
    • Evil Twin
    • IV (initialization vector)
    • Replay
    • Rogue access point
    • War chalking
    • War driving
  • Zero-day exploits
  • Zombies