• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/21

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

21 Cards in this Set

  • Front
  • Back

'Attacking the Wall' basic steps

1. Assess the target


2. Define an attack strategy

#1 - ASSESS THE TARGET

EVERY AND ALL NODES CAN BE ATTACKED.



Possible nodes:


1) Users and Admins


2) Web Logins


3) Servers


4) Databases / Data centers

USER ATTACKS

#1 - SOCIAL ENGINEERING


#2 - PHISHING


#3 - CREDENTIAL REUSE


#4 - MALWARE


#5 - MAN IN THE MIDDLE (MitM)


#6 - PACKET SNIFFER


#7 - STOLEN HARDWARE

USER ATTACK #1 - SOCIAL ENGINEERING

A HACKER CAN TRICK A USER INTO GIVING UP THEIR CREDENTIALS BY PRETENDING TO BE AN ADMIN

USER ATTACK #2 - PHISHING

PHISHING IS THE ACT OF ATTEMPTING TO TRICK A USER INTO OPENING AND ENGAGING WITH A FRAUDULENT SITE BY SENDING MALICIOUS EMAIL SOLICITATIONS. THE EMAIL MAY CONTAIN A MALICIOUS ATTACHMENT THAT CONTAINS MALWARE OR A MALICIOUS URL THAT DIRECTS TO AN ILLEGITIMATE SITE MASQUERADING AS A LEGITIMATE SITE

User Attack #3 - Credentials Reuse

A HACKER CAN FIND USER LOGINS AND PASSWORDS FROM ONE SITE TO USE ON ANOTHER

User Attack #4 - Malware

A HACKER CAN DEPLOY MALWARE, SUCH AS SPYWARE OR KEY LOGGERS, TO CAPTURE DAILY USER ACTIVITY.

User Attack #5 - MitM Attack

MAN IN THE MIDDLE ATTACK.



A hacker cab create a MitM attack by providing a free WiFi hotspot to capture user credentials

User Attack #6 - Packet Sniffer

A PACKET SNIFFER ALLOWS A HACKER TO SNIFF PACKET TRAFFIC ACRISS INSECURE NETWORKS, SUCH AS AT A CAFE OR RESTAURANT

User Attack #7 - Stolen Hardware

A HACKER CSN SIMPLY STEAL A COMPUTER OR PHONE AND USE SAVED CREDENTIALS TO LOG IN

WEBSITE ATTACKS

#1 - BRUTE FORCE ATTACKS


#2 - CODE-INJECTION ATTACKS


#3 - FAULTY SESSION MANAGEMENT

Website Attack #1 - Brute Force Attacks

A HACKER CAN USE A BRUTE FORCE ATTACK BY CONTINUOUSLY ATTEMPTING USERNAME AND PASSWORD COMBINATIONS

Website Attack #2 - Code-Injection

A HACKER CAN USE A CODE-INJECTION ATTACK IN WHICH MALICIOUS CODE IS DIRECTLY INJECTED INTO THE USERNAME OR PASSWORD FIELDS

Website Attack #3 - Faulty Session Management

A HACKER CAN EXPLOIT FAULTY SESSION MANAGEMENT WHEN DEVELOPERS INCORRECTLY IMPLEMENT CODE USED TO MAINTAIN LOGINS AND LOGOUTS

SERVER ATTACKS

#1 - OS EXPLOITS


#2 - MALICIOUS SOFTWARE

Server Attacks #1 - OS Exploits

SERVERS, WHICH RUN ON OPERATING SYSREMS LIKE WINDOWS OR LINUX, ARE SUBJECT TO OS EXPLOITS WHEN INCORRECTLY PATCHED

Server Attacks #2 - Malicious Software

MALICIOUS SOFTWARE CAN BE LOADED DIRECTLY ONTO THE SERVER BY USB OR OTHER MEANS

DATABASE ATTACKS

#1 - DEFAULT CREDENTIALS


#2 - UNPATCHED DATABASE


#3 - LACK OF SEGREGATION

Database Attacks #1 - Default Credentials

DATABASE MANAGEMENT SYSTEMS OFTEN COME EITH DEFAULT CREDENTIALS, WHICH MAY BE LEFT UNCHANGED

Database Attacks #2 - Unpatched Database

DATABASE MANAGEMENT SYSTEMS MIGHT BE UNPATCHED AGAINST PUBLICLY KNOWN VULNERABILITIES

Database Attack #3 - Lack of Segregation

THE DATABASE MIGHT BE SET UP TO LET A CLIENT LOOK AT ANOTHER CLIENT'S DATA