Attacks
An attack designed to send a specifically crafted TCP packet to a device on the network.
This crafting of the packet is one that turns on a bunch of flags.
There is space set up in the packet header, called flags.
All these flags are turned on or off depending on what the packet is doing.
In an Xmas tree attack, the following flags are turned on:
Urgent
Push
Fin
Used as a reconnaissance technique to grab information about various operating system.
It looks for open ports.
Initialization Vector Attacks
[https://www.professormesser.com/security-plus/sy0-401/wireless-iv-attacks/]
An attack on wireless networks.
It modifies the IV of an encrypted wireless packet during transmission.
Once an attacker learns the plaintext of one packet, they can compute the RC4 key stream generated by the IV used.
This key stream can be used to decrypt all other packets that use the same IV.
Since there is only a small set of possible initialization vectors, the attacker can eventually build a decryption table to decrypt every packet sent over that wireless connection.
The unauthorized transfer of data from a computer or device.
Cross-Site Request Forgery (XSRF/CSRF) - AKA {Session Riding}​
This application issue involves unauthorized commands coming from a trusted user to a user or website.
Generally involves social networking.
Data Diddling - {Source}​
An attack that changes data.
Authorized users usually perpetuate this attack for financial gain.
Sniffing
Social Engineering
Dictionary Attack
Focuses on cracking the password.
Uses password cracking tools like {hashcat}, {cain & abel}, {john the ripper}, etc.
Employs the use of a dictionary of words as the password, such as {rockyou} or {crackstation}, to repeatedly attempt to access a system using a valid user account.
To protect against dictionary attacks, a password complexity policy should be enforced that requires uppercase and lowercase characters, numbers, and symbols.
Brute Force
Also known as exhaustive attacks.
Usually cycle through a more substantial number of possibilities that can include characters, numbers, and symbols.
An account length policy that requires a longer password would affect the time a manual brute force attack would take.
Capturing
Keylogger, protocol analyzer.
Man-in-the-middle and replay attacks.
Resetting
Attacker gains physical access to a computer and resets the password.
Online Guessing
Not really practical.
Steps for using a rainbow table
Creating the table.
Chain of plaintext passwords.
Encrypt initial password.
Feed into a function that produces different plaintext passwords.
Repeat for a set number of rounds.
Using the table to crack a password.
Run encrypted password through same procedure used to create initial table.
Results in initial chain password.
Using the table to crack a password.
Repeat, starting with this initial password until original encryption is found.
Password used at last iteration is the cracked password.
Rainbow table advantages over other attack methods.
Can be used repeatedly.
Faster than dictionary attacks.
Less machine memory needed.
Debugging Hooks aka Maintenance Hooks {source}​
Software code that is intentionally embedded in the software during its development process to allow the developer to bypass the regular access and authentication mechanisms.
These hooks can pose a threat to the security of the software and can be exploited if any maintenance hook is not removed before the software goes into production.
Pseudo-Flaw {source}
A vulnerability code embedded intentionally in the software to trap intruders.
Named after the mathematical probability that two people in the same network have the same birthday.
Can be used in communication abuse between two or more parties.
It depends on a fixed degree of permutations (pigeonholes) and the higher likelihood of collisions found between random attack attempts.
Attack VoIP and PBX equipment used for telephone lines.
