1.4 Network Attacks Flashcards
Evil Twin
This is a malicious fake access point that is set up to appear to be a legit trusted network
Rogue Access Point
These are access points added to your network either intentionally or unintentionally. Once connected to your network they can offer a point of entry to attackers or unwanted users.
Bluesnarfing
This is unauthorized access to a bluetooth device, typically aimed at gathering info like contact lists or other details the device contains
Bluejacking
Sends unsolicited messages to bluetooth-enabled devices
Disassociation
This describes what happens when a device disconnects from an access point.
Jamming
This will block all the traffic in the range or frequency it is conducted against. A jammer sends powerful traffic to drown out traffic.
Radio frequency identification (RFID)
This is a short range wireless technology that uses a tag and a receiver to exchange information. (usually between a foot to 100 meters)
Near-field communication (NFC)
This is used for very short range communication between devices, usually within 4 inches and often used with apple pay or google wallet.
On-path attack
This attack occurs when an attacker causes traffic that should be sent to the intended recipient to be relayed through a system or device the attacker controls. (man-in-the-middle attack)
Address resolutions
Address resolution protocol (ARP) poisoning
Send malicious ARP packets to the default gateway of a network with the intent of changing the pairings of MAC addresses to IP addresses that the gateway maintains.
Media access control (MAC) flooding
This is targeting switches by sending so many MAC addresses to the switch that the CAM or MAC table that stores pairings of ports and MAC addresses is filled.
MAC cloning
This duplicates the media access control address of a device.
Domain name system (DNS)
This is what is used to send users traffic whenever they try to visit a site using a human readable name.
Domain hijacking
This changes the registration of a domain, either through a vulnerability or control of a system. The domains settings and configurations can be changed by an attacker, allowing them to intercept traffic, send and receive email or take action while appearing to be the legit domain holder.
DNS poisoning
An attacker provides a DNS response while pretending to be an authoritative DNS server.
Uniform Resource locator (URL) redirection
This is to insert alternate IP addresses into a systems hosts file
Domain reputation
This provides information about whether a domain is a trusted email sender or sends a lot of spam email.
Distributed denial of service (DDoS)
This is conducted from multiple locations, networks, or systems, making it difficult to stop and hard to detect. This attack occurs when there is a massive amount of resources that try to overwhelm the system or network.
Network
Malicious actors commonly use large-scale botnets to conduct network DDoS attacks
Application
Operational technology (OT)
This is the software and hardware that controls devices and systems in buildings, factories, powerplants and other industries.
Powershell
Fileless malware often leverages powershell to download and execute itself once it leverages a flaw in a browser or plug-in to gain access to a windows system.
Python
Used to run code that can be hard to detect on linux systems, allowing remote access and other activities to occur
Bash
This can be used to create persistent remote access using bind or reverse shells and other exploit tools
Macros
These are included in office documents that require users to enable them,
Visual Basic for applications (VBA)