1.2 Compare and contrast types of attacks Flashcards
A social engineer convinced a victim to visit a malicious website, which allowed the attacker to exploit vulnerabilities on the victim’s web browser. Which of the following best describes this type of attack?
A Man-in-the-Browser (MitB) attack
–
A MitB attack occurs when the web browser is compromised by installing malicious plug-ins, scripts or intercepting API calls. Vulnerability exploit kits can be installed to a website and will actively try to exploit vulnerabilities in clients browsing the site.
HTTP Response Splitting occurs when the attacker would craft a malicious URL and convince the victim to submit it to the web server.
XSRF is a malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser.
LSOs, or Flash cookies, are data that is stored on a user’s computer by websites that use Adobe Flash Player. A site may be able to track a user’s browsing behavior through LSOs.
Which of the following is a way that a Denial of Service (DoS) attack cannot be performed?
Use web application firewall processing rules to filter traffic.
–
A web application firewall (WAF) is one designed specifically to protect software running on web servers and their backend databases from code injection and DoS attacks. WAFs use application-aware processing rules to filter traffic.
DoS attacks can prevent network access by knocking out the directory server.
Spoofed routing information (route injection). Routing protocols that have weak or no authentication are vulnerable to route table poisoning. This can mean that traffic is misdirected to a monitoring port (sniffing), sent to a blackhole (non-existent address), or continuously looped around the network, causing DoS.
DoS attacks focus on overloading a service by using up CPU, system RAM, disk space, or network bandwidth (resource exhaustion).
previous
If a social engineer dresses up as an internet technician, and then proceeds to enter a place of business once granted permission, what type of social engineering attack does this describe?
Impersonation
–
Impersonation is a social engineering attack, in which the attacker pretends to be someone else.
In a hoax attack, an email alert or web pop-up will claim to have identified a security problem, such as a virus infection, and offer a tool to fix the problem. The tool, of course, will be a Trojan application.
Pharming relies on corrupting the way the victim’s computer performs Internet name resolution, which redirects the user from the genuine site to the malicious one.
Tailgating is a means of entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint.
A group of college students receive a phone call from someone claiming to be from a debt consolidation firm. The solicitor tried to convince the students that for a limited time, a rare offer will expire, which could erase their student loan debt if they provide their Social Security Number and other personally identifiable information (PII). Which of the following tactics did the caller use?
Scarcity and urgency
–
Creating a false sense of scarcity or urgency can disturb ordinary decision-making processes by demanding a quick response. For example, the social engineer might try to get the target to sign up for a “limited time” or “invitation-only” offer.
Social engineers can try to intimidate their target by pretending to be someone else, such as someone of authority or superior in rank or expertise.
With consensus/social proof, an attacker fools users into believing that a malicious website is legitimate by posting fake reviews. The victims believe the reviews and place their trust in the website.
One of the basic tools of a social engineer is to be likable, and to present the requests they make as completely reasonable and unobjectionable.
Which of the following is a way to protect against birthday attacks?
Encryption algorithms, demonstrating collision avoidance
Which of the following social engineering techniques has less of a chance of arousing suspicion and getting caught? (Select two)
Familiarity
Liking
–
Familiarity is low risk. If the request is refused, it is unlikely to cause suspicion and the social engineer can move to a different target without being detected.
Liking is low risk. If the request is refused, it is less likely to cause suspicion and the social engineer can move on to a different target without being detected.
Compared to using a familiarity/liking approach, the authority tactic is riskier as there is a greater chance of arousing suspicion and the target reporting the attack attempt.
Compared to using a familiarity/liking approach, the intimidation tactic is riskier as there is a greater chance of arousing suspicion and the target reporting the attack attempt.
Which of the following is a way to protect against birthday attacks?
Encryption algorithms, demonstrating collision avoidance
–
(hash: one-way cryptographic function which takes an input and produces a unique message digest)
To protect against the birthday attack, encryption algorithms must demonstrate collision avoidance (that is, to reduce the chance that different inputs will produce the same output).
Operating system hardening is process of making the OS configuration secure by enabling and allowing access to only necessary services, installing monitoring software to protect against malware and intrusions, and establishing a maintenance schedule to ensure the OS is patched to be secure against software exploits.
Implementing a captive portal requiring login credentials helps protect against unauthorized users accessing your Wi-Fi hotspot.
Understanding the use of environmental controls helps provide suitable conditions for server equipment and protect against fire risks.
If a system is vulnerable, to which of the following can an attacker (with system access) be able to obtain keys from system memory?
Privilege escalation
–
An attacker with system access is able to obtain keys from system memory or pagefiles/scratch disks. Privilege escalation is the practice of exploiting flaws in an operating system or other application, to gain a greater level of access than was intended for the user or application.
An SQL injection attack inserts an SQL query as part of user input, which allows an attacker to extract or insert information into the database or execute arbitrary code.
Directory traversal occurs when the attacker gets access to a file outside the web server’s root directory.
Transitive access describes the problem of authorizing a request for a service that depends on an intermediate service.
A security analyst’s scans and network logs show that unauthorized devices are connecting to the network. After tracing this down, the analyst discovered a tethered smartphone creating a backdoor to gain access to the network. Which of the following describes this device?
A rogue access point (AP)
–
If scans or network logs show that unauthorized devices are connecting, determine whether the problem is an access point with misconfigured or weak security or whether there is some sort of rogue AP.
A spectrum analyzer is a device that can detect the source of jamming (interference) on a wireless network. It usually has a directional antenna, so that the exact location of the interference can be pinpointed.
RFID devices encode information into passive tags, which can be easily attached to devices, structures, clothing, or almost anything else.
With a SPAN port, the sensor is attached to a specially configured port on the switch that receives copies of frames addressed to nominated access ports (or all the other ports).
Which of the following is an example of why viruses are destructive? (Select two)
Viruses can spread via social engineering techniques.
Viruses can exploit zero days.
–
Viruses can be categorized by their virulence. Some viruses are destructive since they exploit a previously unknown system vulnerability (a “zero day” exploit).
Some attackers utilize particularly effective social engineering techniques to persuade users to open an infected file (an infected email attachment with the subject “I Love You” being one of the best examples of the breed).
Worms spread through memory and network connections rather than infecting files. Viruses spread from computer to computer, usually by “infecting” executable applications or program code.
Worms are memory-resident viruses that replicate over network resources. Viruses spread from computer to computer, usually by “infecting” executable applications or program code.
A penetration tester cracked a company’s Wired Equivalent Privacy (WEP) access point (AP) by making the AP generate a large amount of initialization vector (IV) packets, by replaying Address Resolution Protocol (ARP) packets at it. What type of attack did the pen tester use to crack the AP?
Replay
–
In a replay attack the attacker intercepts authentication data and reuses it to re-establish a session. To crack WEP, a type of replay attack is used.
War driving is the practice of using a Wi-Fi sniffer to detect WLANs and then either making use of them or trying to break into them (using WEP and WPA cracking tools).
A Wi-Fi jamming attack can be performed by setting up an AP with a stronger signal. Wi-Fi jamming devices are illegal to use and to sell. The attacker needs to gain fairly close physical proximity to the wireless network.
Skimming is an RFID attack where an attacker uses a fraudulent RFID reader to read the signals from a contactless bank card.
A hacker used a Man-in-the-Middle (MitM) attack to capture a user’s authentication cookie. The attacker disrupted the legitimate user’s session and then re-sent the valid cookie to impersonate the user and authenticate to the user’s account. What type of attack is this?
Replay
–
In a replay attack, the attacker captures some data used to log on or start a session legitimately. The attacker then disrupts the legitimate session and resends the captured data to re-enable the connection.
A birthday attack is a type of brute force attack aimed at exploiting collisions in hash functions. This type of attack can be used for the purpose of forging a digital signature.
A downgrade attack can be used to facilitate a Man-in-the-Middle (MitM) attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths.
A Man-in-the-Middle (MitM) attack is a form of eavesdropping in which the attacker makes an independent connection between two victims and steals information to use fraudulently.
A social engineer used vishing and polite behavior to persuade a target to visit a fake website with fake reviews. The attacker then persuaded the victim to enter personally identifiable information (PII) in a web form. Which of the following did the attacker use to make the site appear more legitimate? (Select two)
Consensus/social proof
Familiarity/liking
–
With consensus/social proof impersonation, an attacker fools users into believing that a malicious website is legitimate by posting fake reviews. The victims believe the reviews and place their trust in the website.
One of the tools of social engineers is to be likable, and to present the requests they make as completely reasonable.
Many people find it difficult to refuse a request by someone they perceive as superior to them. Social engineers can try to exploit this behavior to intimidate their target by pretending to be someone of authority.
Creating a false sense of urgency can disturb people’s ordinary decision-making process. The social engineer can try to pressure his or her target by demanding a quick response.
After a social engineer used Open Source Intelligence (OSINT) to gather information about the victim, the attacker then used this information to email the victim, personalizing the message and convincing the victim to click a malicious link. What type of social engineering attack does this describe?
Spear phishing
–
Spear phishing refers to a phishing scam where the attacker has some information that makes an individual target more likely to be fooled by the attack. The attacker might know the details that help convince the target that the communication is genuine.
Phishing is a type of email-based social engineering attack. The attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.
Vishing describes a phishing attack conducted through a voice channel (telephone or VoIP, for instance).
SMiShing refers to fraudulent SMS texts. Other vectors could include instant messaging or social media sites.
Which of the following attacks would allow an attacker to sniff all traffic on a switched network?
Address Resolution Protocol (ARP) poisoning
–
To sniff all traffic on a switched network, the switch must be overcome using ARP poisoning. ARP poisoning occurs when an attacker, with access to the network, redirects an IP address to the MAC address of an unintended computer.
Domain Name System (DNS) spoofing is an attack that compromises the name resolution process, and can be used to facilitate pharming or Denial of Service (DoS) attacks.
IP spoofing occurs when an attacker sends IP packets from a false (or spoofed) source address to communicate with targets.
Transmission Control Protocol/Internet Protocol (TCP/IP) hijacking is a type of spoofing attack where the attacker disconnects a host, then replaces it with his or her own machine, spoofing the original host’s IP address.
Through what method can malware evade antivirus software detection so that the software no longer identifies the malware by its signature?
Refactoring
–
Refactoring means the code performs the same function by using different methods. Refactoring means that the antivirus software may no longer identify the malware by its signature.
Improper input handling exposes software to input validation attacks. When an attacker exploits improper input handling, it crashes the process hosting the code, perform Denial of Services (DoS), obtain elevated privileges, or facilitate data exfiltration.
DLL injection is not a vulnerability of an application, but of the way the operating system allows one process to attach to another, and then force it to load a malicious link library.
Shimming is the process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable.
Which of the following describes a social engineering technique an attacker can use if the attacker wanted the end-user to click on a link as soon as possible?
Urgency
–
A false sense of urgency can disturb people’s ordinary decision-making process. The social engineer can try to pressure his or her target by demanding a quick response.
With consensus/social proof impersonation, an attacker fools users into believing that a malicious website is legitimate by posting fake reviews. The victims believe the reviews and place their trust in the website.
One of the tools of social engineers is to be likable, and to present the requests they make as completely reasonable.
Many people find it difficult to refuse a request by someone they perceive as superior to them. Social engineers can try to exploit this behavior to intimidate their target by pretending to be someone of authority.
A social engineer impersonated an IT security staff member of a company, and called an employee to extract personally identifiable information (PII) from the employee. Which of the following attacks did the impersonator conduct?
Vishing
Which of the following attacks can the use of once-only tokens and timestamping sessions help prevent? (Select more than one)
- replay
- pass-the-hash
–
Pass-the-hash occurs when the attacker steals hashed credentials and uses them to authenticate to the network. This type of attack is prevented by using once-only session tokens or timestamping sessions.
A replay attack consists of intercepting a key or password hash, then reusing it to gain access to a resource. This type of attack is prevented by using once-only session tokens or timestamping sessions.
A birthday attack is a type of brute force attack aimed at exploiting collisions in hash functions. This type of attack can be used for forging a digital signature.
A downgrade attack is used to facilitate a Man-in-the-Middle (MitM) attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths.
What type of brute force attack aims at exploiting collisions in hash functions?
Birthday attacks
An attacker bought a domain similar to the domain name of a legitimate company. The attacker then used the fake domain to host malware and launch pharming attacks. Which of the following did the attacker use?
URL hijacking (also called typosquatting) relies on users navigating to misspelled domains. An attacker registers a domain name with a misspelling of an existing domain. Users who misspell a URL in a web browser are taken to the attacker’s website.
Domain hijacking is a type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking.
TCP/IP hijacking is a spoofing attack where attackers disconnect a host, then replaces it with their own machine, spoofing the original host’s IP address.
Mutual authentication helps in avoiding session hijacking attacks and is a security mechanism that requires each party to verify each other’s identity.
Which of the following can perform a Denial of Service (DoS) attack against a wireless network? (Select two)
- disassociation
- deauthentication
Similar to a deauthentication attack, a disassociation attack uses disassociation packets to perform DoS attacks.
Similar to a disassociation attack, a deauthentication attack uses deauth frames to perform DoS attacks.
An evil twin is a rogue access point (AP) masquerading as a legitimate one, and can have a similar Service Set Identifier (SSID) name as the legitimate AP. The evil twin can harvest information from users entering their credentials.
Bluesnarfing refers to using an exploit in Bluetooth to steal information from someone else’s phone/mobile device.
Which of the following attacks would allow an attacker to sniff all traffic on a switched network?
ARP
An attacker used an exploit to steal information from a mobile device, which allowed the attacker to circumvent the authentication process. Which of the following attacks is the mobile device vulnerable to?
Bluesnarfing (STEALING INFO)
–
Bluesnarfing refers to using an exploit in Bluetooth to steal information from someone else’s phone. The exploit (now patched) allows attackers to circumvent the authentication mechanism.
A Bluetooth-discoverable device is vulnerable to bluejacking, similar to spam, where someone sends you an unsolicited text (or picture/video) message or vCard (contact details). This can be a vector for Trojan malware.
Skimming is an RFID attack where an attacker uses a fraudulent RFID reader to read the signals from a contactless bank card.
A rogue AP masquerading as a legitimate one is called an evil twin or sometimes wiphishing.
A social engineer impersonated an IT security staff member of a company, and called an employee to extract personally identifiable information (PII) from the employee. Which of the following attacks did the impersonator conduct?
Vishing
–
Vishing describes a phishing attack conducted through a voice channel (telephone or VoIP, for instance).
SMiShing refers to fraudulent SMS texts. Other vectors could include instant messaging or social media sites.
Phishing is a type of email-based social engineering attack. The attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.
Pharming is a means of redirecting users from a legitimate website to a malicious one. Pharming relies on corrupting the way the victim’s computer performs Internet name resolution, which redirects the user from the genuine site to the malicious one.
A social engineer used a phishing attack to trick users into visiting a website. Once users visit the site, a vulnerability exploit kit installs, which actively exploits vulnerabilities on the client. What type of attack did the users become a victim of?
A Man-in-the-Browser (MitB) attack
If an attacker performs open source intelligence (OSINT) gathering and social engineering on the CEO and creates an email scam for the upper management department of a company, what type of attack occurs?
Whaling
–
A spear phishing attack directed specifically against upper levels of management in the organization (CEOs and other “big beasts”) is sometimes called whaling.
Tailgating is a social engineering technique to gain access to a building by following someone else (or persuading them to “hold the door”).
If a user leaves a workstation unattended while logged on, an attacker can physically gain access to the system (often described as a lunchtime attack).
A watering hole attack is a type of directed social engineering attack. It relies on the circumstance that a group of targets may use an unsecure third-party website.
An attacker hosted an exploit script on a malicious website and injected it into a trusted website. The attacker then sent the link to the victim and used open source information gathering (OSINT) and social engineering tactics, such as spear phishing, to convince the victim to click the link, which compromised the user browsing to the site. Which of the following best describes this type of attack?
Cross-site scripting (XSS)
–
A spear phishing attack directed specifically against upper levels of management in the organization (CEOs and other “big beasts”) is sometimes called whaling.
Tailgating is a social engineering technique to gain access to a building by following someone else (or persuading them to “hold the door”).
If a user leaves a workstation unattended while logged on, an attacker can physically gain access to the system (often described as a lunchtime attack).
A watering hole attack is a type of directed social engineering attack. It relies on the circumstance that a group of targets may use an unsecure third-party website.
An attacker can exploit a weakness in a password protocol, to calculate the hash of a password. Which of the following can the attacker match the hash to, as a means to obtain the password? (Select two)
rainbow table
dictionary word
–
Password crackers can exploit weaknesses in a protocol, to calculate the hash and match it to a dictionary word or brute force it.
Rainbow tables are associated with attacks where an attacker uses a set of related plaintext passwords and their hashes to crack passwords.
A Pre-Shared Key (PSK) refers to using a passphrase to generate the key that is used to encrypt communications. It is also referred to as group authentication, since a group of users share the same secret.
Wi-Fi Protected Access (WPA) is an encryption scheme for protecting Wi-Fi communications, designed to replace WEP.
A residential internet consumer wants to add a wireless network to their home. To automate and simplify the setup process, the user installed a wireless access point capable of Wi-Fi Protected Setup (WPS) with an eight-character Personal Identification Number (PIN). What type of attack is this installation vulnerable to?
brute force
–
WPS is vulnerable to brute force attacks. The PIN is eight characters, but these separate PINs are simple to brute force.
In a dictionary attack, software enumerates values in a dictionary wordlist. Enforcing password complexity and varying the characters makes passwords difficult to guess and compromise.
A rainbow table attack is where an attacker uses a set of related plaintext passwords and their hashes to crack passwords. Values are computed in chains and only the first and last values need to be stored.
A hybrid password attack is targeted against naively strong passwords. The password cracking algorithm tests dictionary words and names in combination with numeric prefixes and/or suffixes.
An attacker exploited a vulnerability on a website frequently visited by a group of bank employees. Once the employees visit the site, the attacker’s malware infects their computers. What type of attack did the employees fall for?
A watering hole attack
–
A watering hole attack is a directed social engineering attack. It relies on the circumstance that a group of targets may use an unsecure third party website.
In a hoax attack, an email alert or web pop-up will claim to have identified some sort of security problem, like a virus infection, and offer a tool to fix the problem, but the tool will be some sort of Trojan application.
Pharming relies on corrupting the way the victim’s computer performs Internet name resolution, so that they are redirected from the genuine site to the malicious one.
If a user leaves a workstation unattended while logged on, an attacker can physically gain access to the system (often described as a lunchtime attack).
Which of the following, if implemented, will NOT help mitigate the threat of tailgating?
Installing non-discretionary privilege management
–
Nondiscretionary privilege management models are aimed to mitigate the problem of regulating the access control of privileged admin accounts.
The risk of tailgating may be mitigated by installing a turnstile (a type of gateway that only allows one person through at a time).
The risk of tailgating may be mitigated by implementing surveillance (whether by camera or guard) on the gateway.
Where security is critical and cost is no object, a mantrap could be employed to mitigate tailgating. A mantrap is where one gateway leads to an enclosed space protected by another barrier.
By modifying query traffic, an attacker compromised a legitimate site’s web server via a Denial of Service (DoS) attack and redirected traffic, intended for the legitimate domain to go instead to the attacker’s malicious IP address. What type of attack did the hacker perform?
DNS Server Cache poisoning
–
DNS Server Cache poisoning is a redirection attack, that aims to corrupt the records held by the DNS server itself. The intention is to redirect traffic for a legitimate domain to a malicious IP address.
Domain Name System (DNS) spoofing is an attack that compromises the name resolution process, and can be used to facilitate pharming or Denial of Service (DoS) attacks.
Address Resolution Protocol (ARP) poisoning occurs when an attacker, with access to the network, redirects an IP address to the MAC address of a computer that is not the intended recipient.
IP spoofing occurs when an attacker sends IP packets from a false (or spoofed) source address to communicate with targets.
Mutual authentication prevents a client from inadvertently submitting confidential information to a non-secure server. Mutual authentication also helps avoid which of the following? (Select two)
Man-in-the-Middle attacks
Session hijacking attacks
–
Mutual authentication is a security mechanism that requires that each party in a communication verifies each other’s identity and helps in avoiding Man-in-the-Middle attacks.
Mutual authentication helps in avoiding session hijacking attacks, and is a security mechanism that requires that each party in a communication verifies each other’s identity.
Address Resolution Protocol (ARP) poisoning occurs when an attacker, with access to the network, redirects an IP address to the MAC address of a computer that is not the intended recipient.
IP spoofing occurs when an attacker sends IP packets from a false (or spoofed) source address to communicate with targets.
A social engineer, impersonating a suppliant, rummaged through the garbage of a high-ranking loan officer, hoping to find discarded documents and removable media containing personally identifiable information (PII). Which of the following social engineering techniques did the attacker utilize?
dumpster diving
–
Dumpster diving refers to combing through an organization’s (or individual’s) garbage to try to find useful documents (or even files stored on discarded removable media).
Piggy backing is a situation where the attacker enters a secure area with an employee’s permission.
If a user leaves a workstation unattended while logged on, an attacker can physically gain access to the system (often described as a lunchtime attack).
Shoulder surfing refers to stealing a password or PIN (or other secure information) by watching the user type it, either in close proximity or remotely.
A social engineer, after performing reconnaissance on a victim, spoofed the phone number of the doctor’s office the target frequently visits. Posing as the receptionist, the attacker called the victim, and requested the victim’s Social Security Number (SSN). What type of social engineering attack did the social engineer exercise?
Authority
–
Many people find it difficult to refuse a request by someone they perceive as superior to them. Social engineers can try to exploit this behavior to intimidate their target by pretending to be someone of authority.
With consensus/social proof impersonation, an attacker fools users into believing that a malicious website is legitimate by posting fake reviews. The victims believe the reviews and place their trust in the website.
Creating a false sense of urgency can disturb people’s ordinary decision-making process. The social engineer can try to pressure his or her target by demanding a quick response.
One of the tools of social engineers is to be likable, and to present the requests they make as completely reasonable.
A user entered credentials into a web application login page. Unfortunately, the login form contained a malicious invisible iFrame, that allowed the attacker to intercept the user’s input. What type of attack is this known as?
Clickjacking
–
Clickjacking is a hijacking attack that forces a user to unintentionally click a link that is embedded in or hidden by other web page elements.
A MitB attack is where the web browser is compromised by installing malicious plug-ins or scripts or intercepting API calls. Vulnerability exploit kits can be installed to a website and actively try to exploit vulnerabilities in clients browsing the site.
XSRF is a malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser.
Session IDs are generated using patterns (such as IP address with the date and time), making the session vulnerable to eavesdropping and possibly hijacking, by replaying the cookie to re-establish the session.
By compromising a Windows XP application that ran on a Windows 10 machine, an attacker installed persistent malware on a victim computer with local administrator privileges. What should the attacker add to the registry, along with its files added to the system folder, to execute this malware?
A shim
The code library to enable legacy mode is a shim. The shim must be added to the registry and its files added to the system folder. The shim database is a way that allows malware to run with persistence.
A pointer is a reference to an object in memory. Attempting to access that memory address is called dereferencing.
An integer is a positive or negative whole number. An integer overflow attack causes the target software to calculate a value that exceeds the upper and lower bounds.
A race condition is a software vulnerability that occurs when the execution processes is dependent on the timing of certain events, and those events fail to execute in the order and timing intended.
A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute?
A Man-in-the-Middle attack
A Man-in-the-Middle attack is a form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.
A replay attack consists of intercepting a key or password hash, then reusing it to gain access to a resource, such as the pass-the-hash attack.
A birthday attack is a type of brute force attack aimed at exploiting collisions in hash functions. This type of attack can be used for the purpose of forging a digital signature.
A downgrade attack can be used to facilitate a Man-in-the-Middle (MitM) attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths.
An attacker stole a website name by gaining control of and altering its registration information. The attacker then changed the IP address associated with the site, to the IP of a web server the attacker owned. What is this exploit of the website registration process known as?
Domain hijacking
Domain hijacking is a type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking.
Typosquatting relies on users navigating to misspelled domains. An attacker registers a domain name with a common misspelling of an existing domain. Users who misspell a URL in web browsers are taken to the attacker’s website.
Kiting is the act of continually registering, deleting, and reregistering a name within the five-day grace period without having to pay for it.
Tasting is a Domain Name Server (DNS) exploit that involves registering a domain temporarily to see how many hits it generates within the five-day grace period.