Types of Attacks

• Denail of Service (DOS) occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor.
• Distributed Denial of Service (DDOS) occurs when multiple machines are operating together to attack one target.
• Man in the Middle (MITM) occurs when someone intercepts communication between a legitimate sender and the intended recipient.
  • ARP Poisoning occurs when someone modifies the MAC address or ARP table of a network device
  • DNS Poisoning or DNS spoofing occurs when someone modifies the names and IP addresses in the DNS records to divert traffic from legitimate servers or other legitimate network devices
• Watering Hole attacks occur when an attacker infects a website that a group of people are likely to visit to compromise their systems.
• Propagation attacks occur when someone sets up an illegitimate wireless system that pretends to be a legitimate wireless system for unauthorized activities. Here are some types of propogation attacks:
  • War Driving occurs when someone physically travels around neighborhoods and businesses to search for unsecure wireless networks for for the purpose of secretly conducting unauthorized activities on those networks.
  • Rogues and Evil Twin attacks occur when someone sets up a spoofed wireless system with the same Service Set IDentification (SSID) as a legitimate Wirelesss Access Point (WAP) to intrude on legitimate end users for criminal purposes (i.e. legitimate end users think they are connected to the legitimate WAP, but are actually connected to the spoofed wireless system).
  • Disassociation attacks occur when someone sends wireless deauthentication frames with the source MAC address of the legitimate WAP (spoofed MAC address) for the purpose of gathering reconnaisance information for a cryptographic attack (used to gain unauthorized access) or to deny legitimate users from effectively connecting to the wireless network.
  • Near Field Communication (NFC) attacks occur when someone exploits vulnerabilities in BlueTooth or similar technologies for criminal activities. Examples include:
    • Bluejacking occurs when attackers use BlueTooth technologies to send spam
    • Bluesnarfing occurs when attackers try to force paring between a victim's device and their own device.
  • Radio Frequency IDentification (RFID) attacks occur when someone scans RFID chips to collects unauthorized information for criminal activity (e.g. someone scans your credit card which has an RFID chip to make unauthorized purchases).
• SQL Injection - usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database (see W3schools for more information) - need to validate user input
• Other Injection - other code injected into a data field to get unauthorized information - need to validate user input
• Cross-Site Scripting (XSS) - a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites which occurs when anattacker uses a web application to send malicious code (see OWASP's webpage on XSS) - need to validate user input
• Cross-Site Request Forgery (aka CSRF or XSRF) - forces an end user to execute unwanted actions on a web application in which they are currently authenticated (see OWASP's webpage on CSRF) - Train users on the risks of clicking on links or opening attachments from untrusted sources.
• Clickjacking - tricking a user into clicking on a button or link on another page when they were intending to click on the the top level page (see OWASP's webpage on clickjacking). - Train users on the risks of clicking on links or opening attachments from untrusted sources
• Cursorjacking - deceives a user by using a custom cursor image, where the pointer was displayed with an offset (see California State University - Berkeley's article on User Interface (UI) attacks for more information - Train users on the risks of clicking on links or opening attachments from untrusted sources.
• Directory Traversal Attack - aims to access files and directories that are stored outside the web root folder (see OWASP's article for more informtation) - need to validate user input
• Buffer Overflow - characterized by the overwriting of memory fragments of the process (see OWASP's article on Buffer Overflow for more information)- need to validate user input
• Session Hijacking (also known as Cookie Jacking) occurs when a attacker obtains the session ID via session cookie to take over a valid user's session. Web Cookies help the websites keep track of your visits and activity (see Black Hat's "Cookie Hijacking in the Wild: Security and Privacy Implications" for more inforation) - Disable cookies on untrusted sites More information is available on Netsparker's web article on session hijacking. The following measures can mitigate a session hijacking attack:
  • Use HTTPS with TLS to encrypt all session traffic
  • Set the HttpOnly attribute using the Set-Cookie HTTP header to prevent access to cookies from client-side scripts.
  • Use Web frameworks (e.g. Microsoft's ASP.NET In-Proc Session State Management on IIS) for highly secure and well-tested session ID generation and management mechanisms. Do not invent your own session management system!
  • Regenerate the session key after initial authentication.
  • Perform additional user identity verification beyond the session key or use a user inactivity timeout to close the user session after a set idle time.
• Malicious Add-Ons - Web browser plugins that compromise your web browsing sessions or does bad things on your system (e.g. collecting usernames and passwords to sensitive sites for unauthorized activities without your knowledge)
• Code Execution
  • Arbitrary Code Execution
  • Remote Code Execution
• Driver Manipulation
  • Refactoring - Changes the way the malware looks every time someone downloads the malware (aka metamorphic malware)
  • Shimming - Code that allows legacy applications to run on newer systems to circumvent some of those newer security techniques.
• Error and Exception Handling
• Social Engineering (nonsystem)
  • Authority - Pretending to have the right to exercise control (e.g. pretending to be a manager)
  • Intimidation - Stating that something bad will happen unless they comply (often used in phishing attacks)
  • Consensus/Social Proof (The herd mentality) - Making decisions to follow a popular action for a situation to get approval from others
  • Scarcity - Creating a sense of urgency to act on something before it's too late
  • Familiarity/Liking - Gaining the favor or grace of someone else to get access to resources (e.g. a lady who promises a man some special treatment in exchange for credit card and other sensitive information)
  • Impersonation
    • Spam - Unwanted email
    • Phishing - collecting user credentials for unauthorized access
    • Spear Phishing - collecting user credentials from targeted individuals for unauthorized access
    • Whaling - collecting user credentials from specific people (usually upper management) for unauthorized access (usually to high stakes resources)
    • Pharming - using fake websites in place of legitimate websites to steal data.
    • Vishing - voice equivalent to phishing
    • Spim - Instant Messaging equivalent to spam
    • Spoofing - using a fake identity
  • Physical Social Engineering
    • Shoulder Surfing - Looking over someone's shoulders for unauthorized information
    • Dumpster Diving - Looking through trash for sensitive information for unauthorized access
    • Tailgating - Following someone into a restricted area for unauthorized access

Application Security

• Application Hardening
• Implement an Enterprise Resource Planning (ERP) system
• Proper authentication
• Implement encryption
• Validate user input
• Remediate known exploits and vulnerabilities
• Patching (updates)

Wireless Encryption Algorithms

• Wired Equivalent Protocol (WEP)
• WPA
• WPA2
• WPS

Vulnerabilities

• Memory Vulnerabilities
  • Memory Overflow
  • Resource Exhaustion
  • Memory Leak
    • Memory Pointers
    • Null Pointer Dereferencing or Null Pointer Exception
    • DLL Injection
  • Race Conditions
  • Time of Check/Time of Use
• Configuration Vulnerabilities
• Cryptographic Vulnerabilities
• Architectural Vulnerabilities
  • System Sprawl

Vulnerability Assessment Tools

• Passive Tools (Observe activity)
• Active Tools (Interact with machines)
  • Honeypots (attractive decoy machines)
  • Honeynets (decoy networks)
  • Protocol Analyzers (e.g. Wireshark)
  • Scanners
    • Port (e.g. NMAP)
    • Vulnerability (e.g. Nessus)
    • Application

Terms

• Threats (external forces that are aimed at breaking systems)
• Vulnerabilities (Weaknesses in systems)
• Risk (chance of exploited weaknesses)

Assessment Techniques

• Baseline Reporting
• Attack Surface Review
• Code Review
• Architecture Review
• Penetration Testing
  • Attack Phase
  • Discovery Phase
    1. White Box - is performed based on the knowledge of how the system is implemented
    2. Black Box - takes place without any knowledge of the underlying service and system configuration
    3. Gray Box - takes place with partial knowledge of the underlying service and system configuration
  • Pivoting (simulate attack)
  • Persistence
• Advanced Vulnerability Scanning
  1. Non-Intrusive Scanning (safe-mode) which does not disrupt systems
  2. Intrusive Scanning (dangerous-mode) which disrupts systems
     • Credentialed Scanning
  3. Vendor Vulnerabilities Analysis
     • End of Life
       1. End of Sale
       2. End of Support
       3. End of Life
     • Embedded System

The navigation options for this page are:

• Proceed to Domain #2 → Technologies and Tools,
• Return to the main Security+ resources page,
• Return to the main Nine Star training website, or
• Go to the main Nine Star website.