Attacks
  • An attack designed to send a specifically crafted TCP packet to a device on the network.
  • This crafting of the packet is one that turns on a bunch of flags.
    • There is space set up in the packet header, called flags.
    • All these flags are turned on or off depending on what the packet is doing.
  • In an Xmas tree attack, the following flags are turned on:
    • Urgent
    • Push
    • Fin
  • Used as a reconnaissance technique to grab information about various operating system.
  • It looks for open ports.
  • An attack on wireless networks.
  • It modifies the IV of an encrypted wireless packet during transmission.
  • Once an attacker learns the plaintext of one packet, they can compute the RC4 key stream generated by the IV used.
  • This key stream can be used to decrypt all other packets that use the same IV.
  • Since there is only a small set of possible initialization vectors, the attacker can eventually build a decryption table to decrypt every packet sent over that wireless connection.

Data Exfiltration

  • The unauthorized transfer of data from a computer or device.

Cross-Site Request Forgery (XSRF/CSRF) - AKA {Session Riding}

  • This application issue involves unauthorized commands coming from a trusted user to a user or website.
  • Generally involves social networking.

Data Diddling - {Source}

  • An attack that changes data.
  • Authorized users usually perpetuate this attack for financial gain.

Password Attacks

  • Sniffing
  • Social Engineering
  • Dictionary Attack
    • Focuses on cracking the password.
    • Uses password cracking tools like {hashcat}, {cain & abel}, {john the ripper}, etc.
    • Employs the use of a dictionary of words as the password, such as {rockyou} or {crackstation}, to repeatedly attempt to access a system using a valid user account.
    • To protect against dictionary attacks, a password complexity policy should be enforced that requires uppercase and lowercase characters, numbers, and symbols.
  • Brute Force
    • Also known as exhaustive attacks.
    • Usually cycle through a more substantial number of possibilities that can include characters, numbers, and symbols.
    • An account length policy that requires a longer password would affect the time a manual brute force attack would take.
  • Capturing
    • Keylogger, protocol analyzer.
    • Man-in-the-middle and replay attacks.
  • Resetting
    • Attacker gains physical access to a computer and resets the password.
  • Online Guessing
    • Not really practical.
  • Steps for using a rainbow table
    • Creating the table.
      • Chain of plaintext passwords.
      • Encrypt initial password.
      • Feed into a function that produces different plaintext passwords.
      • Repeat for a set number of rounds.
    • Using the table to crack a password.
      • Run encrypted password through same procedure used to create initial table.
      • Results in initial chain password.
    • Using the table to crack a password.
      • Repeat, starting with this initial password until original encryption is found.
      • Password used at last iteration is the cracked password.
    • Rainbow table advantages over other attack methods.
      • Can be used repeatedly.
      • Faster than dictionary attacks.
      • Less machine memory needed.

Debugging Hooks aka Maintenance Hooks {source}

  • Software code that is intentionally embedded in the software during its development process to allow the developer to bypass the regular access and authentication mechanisms.
  • These hooks can pose a threat to the security of the software and can be exploited if any maintenance hook is not removed before the software goes into production.

Pseudo-Flaw {source}

  • A vulnerability code embedded intentionally in the software to trap intruders.

Birthday Attack

  • Named after the mathematical probability that two people in the same network have the same birthday.
  • Can be used in communication abuse between two or more parties.
  • It depends on a fixed degree of permutations (pigeonholes) and the higher likelihood of collisions found between random attack attempts.

Phreakers

  • Attack VoIP and PBX equipment used for telephone lines.