1.2 Compare and contrast types of attacks. Flashcards
Clickjacking
Normal web page underneath
• Invisible layer on the top
Clickjacking your phone
Invisible information drawn over the screen
• Monitor keystrokes and record user input
Cookies
Information stored on your computer by the browser
• Used for tracking, personalization, session management
• Not executable, not generally a security risk
• Unless someone gets access to them
• Could be considered be a privacy risk
Session IDs
Maintains sessions across multiple browser sessions
Header manipulation
Information gathering • Wireshark, Kismet • Exploits • Cross-site scripting • Modify headers • Tamper, Firesheep, Scapy • Modify cookies • Cookies Manager+ (Firefox add-on)
Prevent session hijacking
Encrypt end-to-end
• They can’t capture your session ID if they can’t see it
• Additional load on the web server (HTTPS)
• Firefox extension: HTTPS Everywhere, Force-TLS
• Encrypt end-to-somewhere
At least avoid capture over a local wireless network
• Still in-the-clear for part of the journey
• Personal VPN (OpenVPN, VyprVPN, etc.)
• Use session ID monitors
Blacksheep
• Application-specific
Malware hide-and-go seek
There are still ways to infect and hide
• It’s a constant war
• Zero-day attacks, new attack types, etc.
drivers
The interaction between the hardware and
your operating system
Hardware interactions contain sensitive information
• Video, keyboard, mouse
Shimming
Filling in the space between two objects • A middleman • Windows includes it’s own shim • Backwards compatibility with previous Windows versions • Application Compatibility Shim Cache • Malware authors write their own shims • Get around security (like UAC)
Refactoring
Metamorphic malware
• A different program each time it’s downloaded
• Make it appear different each time
• Add NOP instructions
• Loops, pointless code strings
• Can intelligently redesign itself
• Reorder functions
• Modify the application flow
• Reorder code and insert unused data types
• Difficult to match with signature-based detection
• Use a layered approach
Spoofing
Pretend to be something you aren’t
• Fake web server, fake DNS server, etc.
Email address spoofing
• Caller ID spoofing
Man-in-the-middle attacks
The person in the middle of the conversation
pretends to be both endpoints
MAC spoofing
• Very difficult to detect
Circumvent MAC-based ACLs
• Fake-out a wireless address filter
IP address spoofing
- Take someone else’s IP address
- Pretend to be somewhere you are not. Easier to identify than MAC address spoofing
- Actual device ARP poisoning
- DNS amplification / DDoS
IP address spoofing prevention
Apply rules to prevent invalid traffic,enable switch security
Wired vs. wireless replay
Similar to a wired replay attacks • Wireless doesn’t change those attacks • Wireless adds some additional capabilities • This is a big concern for the security professional • Much easier to capture the data • Hotspots are generally in the clear • Just like tuning in to a radio station
Cracking WEP - Wired Equivalent Privacy
• A broken security protocol
• Could not stop the replay of 802.11 packets
• ARP request replay attack
• Cracking WEP requires thousands of
Initialization Vector (IV) packets
• Wait all day to collect IV information
• Or replay a ton of ARPs and collect the IV packets
• Now you have many thousands of IV packets
• You can crack WEP in seconds