• An attack designed to send a specifically crafted TCP packet to a device on the network.

  • This crafting of the packet is one that turns on a bunch of flags.

    • There is space set up in the packet header, called flags.

    • All these flags are turned on or off depending on what the packet is doing.

  • In an Xmas tree attack, the following flags are turned on:

    • Urgent

    • Push

    • Fin

  • Used as a reconnaissance technique to grab information about various operating system.

  • It looks for open ports.

  • An attack on wireless networks.

  • It modifies the IV of an encrypted wireless packet during transmission.

  • Once an attacker learns the plaintext of one packet, they can compute the RC4 key stream generated by the IV used.

  • This key stream can be used to decrypt all other packets that use the same IV.

  • Since there is only a small set of possible initialization vectors, the attacker can eventually build a decryption table to decrypt every packet sent over that wireless connection.

Data Exfiltration

  • The unauthorized transfer of data from a computer or device.

Cross-Site Request Forgery (XSRF/CSRF) - AKA {Session Riding}

  • This application issue involves unauthorized commands coming from a trusted user to a user or website.

  • Generally involves social networking.

Data Diddling - {Source}

  • An attack that changes data.

  • Authorized users usually perpetuate this attack for financial gain.

Password Attacks

  • Sniffing

  • Social Engineering

  • Dictionary Attack

    • Focuses on cracking the password.

    • Uses password cracking tools like {hashcat}, {cain & abel}, {john the ripper}, etc.

    • Employs the use of a dictionary of words as the password, such as {rockyou} or {crackstation}, to repeatedly attempt to access a system using a valid user account.

    • To protect against dictionary attacks, a password complexity policy should be enforced that requires uppercase and lowercase characters, numbers, and symbols.

  • Brute Force

    • Also known as exhaustive attacks.

    • Usually cycle through a more substantial number of possibilities that can include characters, numbers, and symbols.

    • An account length policy that requires a longer password would affect the time a manual brute force attack would take.

  • Capturing

    • Keylogger, protocol analyzer.

    • Man-in-the-middle and replay attacks.

  • Resetting

    • Attacker gains physical access to a computer and resets the password.

  • Online Guessing

    • Not really practical.

  • Steps for using a rainbow table

    • Creating the table.

      • Chain of plaintext passwords.

      • Encrypt initial password.

      • Feed into a function that produces different plaintext passwords.

      • Repeat for a set number of rounds.

    • Using the table to crack a password.

      • Run encrypted password through same procedure used to create initial table.

      • Results in initial chain password.

    • Using the table to crack a password.

      • Repeat, starting with this initial password until original encryption is found.

      • Password used at last iteration is the cracked password.

    • Rainbow table advantages over other attack methods.

      • Can be used repeatedly.

      • Faster than dictionary attacks.

      • Less machine memory needed.

Debugging Hooks aka Maintenance Hooks {source}

  • Software code that is intentionally embedded in the software during its development process to allow the developer to bypass the regular access and authentication mechanisms.

  • These hooks can pose a threat to the security of the software and can be exploited if any maintenance hook is not removed before the software goes into production.

Pseudo-Flaw {source}

  • A vulnerability code embedded intentionally in the software to trap intruders.

Birthday Attack

  • Named after the mathematical probability that two people in the same network have the same birthday.

  • Can be used in communication abuse between two or more parties.

  • It depends on a fixed degree of permutations (pigeonholes) and the higher likelihood of collisions found between random attack attempts.


  • Attack VoIP and PBX equipment used for telephone lines.