1.4 Network Attacks

Question 1

Evil Twin

Answer 1

This is a malicious fake access point that is set up to appear to be a legit trusted network

Question 2

Rogue Access Point

Answer 2

These are access points added to your network either intentionally or unintentionally. Once connected to your network they can offer a point of entry to attackers or unwanted users.

Question 3

Bluesnarfing

Answer 3

This is unauthorized access to a bluetooth device, typically aimed at gathering info like contact lists or other details the device contains

Question 4

Bluejacking

Answer 4

Sends unsolicited messages to bluetooth-enabled devices

Question 5

Disassociation

Answer 5

This describes what happens when a device disconnects from an access point.

Question 6

Jamming

Answer 6

This will block all the traffic in the range or frequency it is conducted against. A jammer sends powerful traffic to drown out traffic.

Question 7

Radio frequency identification (RFID)

Answer 7

This is a short range wireless technology that uses a tag and a receiver to exchange information. (usually between a foot to 100 meters)

Question 8

Near-field communication (NFC)

Answer 8

This is used for very short range communication between devices, usually within 4 inches and often used with apple pay or google wallet.

Question 9

On-path attack

Answer 9

This attack occurs when an attacker causes traffic that should be sent to the intended recipient to be relayed through a system or device the attacker controls. (man-in-the-middle attack)

Question 10

Address resolutions

Question 11

Address resolution protocol (ARP) poisoning

Answer 11

Send malicious ARP packets to the default gateway of a network with the intent of changing the pairings of MAC addresses to IP addresses that the gateway maintains.

Question 12

Media access control (MAC) flooding

Answer 12

This is targeting switches by sending so many MAC addresses to the switch that the CAM or MAC table that stores pairings of ports and MAC addresses is filled.

Question 13

MAC cloning

Answer 13

This duplicates the media access control address of a device.

Question 14

Domain name system (DNS)

Answer 14

This is what is used to send users traffic whenever they try to visit a site using a human readable name.

Question 15

Domain hijacking

Answer 15

This changes the registration of a domain, either through a vulnerability or control of a system. The domains settings and configurations can be changed by an attacker, allowing them to intercept traffic, send and receive email or take action while appearing to be the legit domain holder.

Question 16

DNS poisoning

Answer 16

An attacker provides a DNS response while pretending to be an authoritative DNS server.

Question 17

Uniform Resource locator (URL) redirection

Answer 17

This is to insert alternate IP addresses into a systems hosts file

Question 18

Domain reputation

Answer 18

This provides information about whether a domain is a trusted email sender or sends a lot of spam email.

Question 19

Distributed denial of service (DDoS)

Answer 19

This is conducted from multiple locations, networks, or systems, making it difficult to stop and hard to detect. This attack occurs when there is a massive amount of resources that try to overwhelm the system or network.

Question 20

Network

Answer 20

Malicious actors commonly use large-scale botnets to conduct network DDoS attacks

Question 21

Application

Question 22

Operational technology (OT)

Answer 22

This is the software and hardware that controls devices and systems in buildings, factories, powerplants and other industries.

Question 23

Powershell

Answer 23

Fileless malware often leverages powershell to download and execute itself once it leverages a flaw in a browser or plug-in to gain access to a windows system.

Question 24

Python

Answer 24

Used to run code that can be hard to detect on linux systems, allowing remote access and other activities to occur

Question 25

Bash

Answer 25

This can be used to create persistent remote access using bind or reverse shells and other exploit tools

Question 26

Macros

Answer 26

These are included in office documents that require users to enable them,

Question 27

Visual Basic for applications (VBA)