Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
21 Cards in this Set
- Front
- Back
|
'Attacking the Wall' basic steps |
1. Assess the target 2. Define an attack strategy |
|
|
#1 - ASSESS THE TARGET |
EVERY AND ALL NODES CAN BE ATTACKED. Possible nodes: 1) Users and Admins 2) Web Logins 3) Servers 4) Databases / Data centers |
|
|
USER ATTACKS |
#1 - SOCIAL ENGINEERING #2 - PHISHING #3 - CREDENTIAL REUSE #4 - MALWARE #5 - MAN IN THE MIDDLE (MitM) #6 - PACKET SNIFFER #7 - STOLEN HARDWARE |
|
|
USER ATTACK #1 - SOCIAL ENGINEERING |
A HACKER CAN TRICK A USER INTO GIVING UP THEIR CREDENTIALS BY PRETENDING TO BE AN ADMIN |
|
|
USER ATTACK #2 - PHISHING |
PHISHING IS THE ACT OF ATTEMPTING TO TRICK A USER INTO OPENING AND ENGAGING WITH A FRAUDULENT SITE BY SENDING MALICIOUS EMAIL SOLICITATIONS. THE EMAIL MAY CONTAIN A MALICIOUS ATTACHMENT THAT CONTAINS MALWARE OR A MALICIOUS URL THAT DIRECTS TO AN ILLEGITIMATE SITE MASQUERADING AS A LEGITIMATE SITE |
|
|
User Attack #3 - Credentials Reuse |
A HACKER CAN FIND USER LOGINS AND PASSWORDS FROM ONE SITE TO USE ON ANOTHER |
|
|
User Attack #4 - Malware |
A HACKER CAN DEPLOY MALWARE, SUCH AS SPYWARE OR KEY LOGGERS, TO CAPTURE DAILY USER ACTIVITY. |
|
|
User Attack #5 - MitM Attack |
MAN IN THE MIDDLE ATTACK. A hacker cab create a MitM attack by providing a free WiFi hotspot to capture user credentials |
|
|
User Attack #6 - Packet Sniffer |
A PACKET SNIFFER ALLOWS A HACKER TO SNIFF PACKET TRAFFIC ACRISS INSECURE NETWORKS, SUCH AS AT A CAFE OR RESTAURANT |
|
|
User Attack #7 - Stolen Hardware |
A HACKER CSN SIMPLY STEAL A COMPUTER OR PHONE AND USE SAVED CREDENTIALS TO LOG IN |
|
|
WEBSITE ATTACKS |
#1 - BRUTE FORCE ATTACKS #2 - CODE-INJECTION ATTACKS #3 - FAULTY SESSION MANAGEMENT |
|
|
Website Attack #1 - Brute Force Attacks |
A HACKER CAN USE A BRUTE FORCE ATTACK BY CONTINUOUSLY ATTEMPTING USERNAME AND PASSWORD COMBINATIONS |
|
|
Website Attack #2 - Code-Injection |
A HACKER CAN USE A CODE-INJECTION ATTACK IN WHICH MALICIOUS CODE IS DIRECTLY INJECTED INTO THE USERNAME OR PASSWORD FIELDS |
|
|
Website Attack #3 - Faulty Session Management |
A HACKER CAN EXPLOIT FAULTY SESSION MANAGEMENT WHEN DEVELOPERS INCORRECTLY IMPLEMENT CODE USED TO MAINTAIN LOGINS AND LOGOUTS |
|
|
SERVER ATTACKS |
#1 - OS EXPLOITS #2 - MALICIOUS SOFTWARE |
|
|
Server Attacks #1 - OS Exploits |
SERVERS, WHICH RUN ON OPERATING SYSREMS LIKE WINDOWS OR LINUX, ARE SUBJECT TO OS EXPLOITS WHEN INCORRECTLY PATCHED |
|
|
Server Attacks #2 - Malicious Software |
MALICIOUS SOFTWARE CAN BE LOADED DIRECTLY ONTO THE SERVER BY USB OR OTHER MEANS |
|
|
DATABASE ATTACKS |
#1 - DEFAULT CREDENTIALS #2 - UNPATCHED DATABASE #3 - LACK OF SEGREGATION |
|
|
Database Attacks #1 - Default Credentials |
DATABASE MANAGEMENT SYSTEMS OFTEN COME EITH DEFAULT CREDENTIALS, WHICH MAY BE LEFT UNCHANGED |
|
|
Database Attacks #2 - Unpatched Database |
DATABASE MANAGEMENT SYSTEMS MIGHT BE UNPATCHED AGAINST PUBLICLY KNOWN VULNERABILITIES |
|
|
Database Attack #3 - Lack of Segregation |
THE DATABASE MIGHT BE SET UP TO LET A CLIENT LOOK AT ANOTHER CLIENT'S DATA |
