Active_Attacks_Flashcards
Man-in-the-Middle (MITM)
Intercepting communications to read, alter, or inject data.
Session Hijacking
Taking over an active user session by stealing cookies or session tokens.
Spoofing
Impersonating another device or user, such as IP or DNS spoofing.
Injection Attacks
Inserting malicious code or commands into input fields or data streams.
Replay Attacks
Capturing and resending valid data packets for unauthorized actions.
Denial-of-Service (DoS)
Overloading a system with requests to make it unavailable.
Distributed Denial-of-Service (DDoS)
Multiple systems flooding a target to overwhelm resources.
Logic Bombs
Malware triggered by specific conditions to disrupt operations.
Privilege Escalation
Exploiting bugs to gain unauthorized higher-level permissions.
Buffer Overflow
Overwriting memory regions to execute arbitrary code.
Zero-Day Exploits
Attacking vulnerabilities not yet patched or publicly known.
Trojan Horse
Malicious software disguised as legitimate.
Ransomware
Encrypting user data and demanding payment for the decryption key.
Worms
Self-replicating malware that spreads across networks.
Spyware/Adware
Collecting sensitive information or displaying unwanted advertisements.
Phishing
Tricking users into providing sensitive information via fake emails or websites.
Spear Phishing
A targeted version of phishing aimed at specific individuals or organizations.
Baiting
Offering something enticing to trick users into exposing data or installing malware.
Brute Force
Attempting all possible combinations to crack passwords or encryption.
Keylogger Attacks
Capturing keystrokes to extract sensitive data like passwords.
Cryptanalysis
Exploiting weaknesses in cryptographic algorithms to decrypt data.
Evil Twin Attack
Creating a rogue Wi-Fi network to intercept data.
Deauthentication Attack
Disconnecting users from a Wi-Fi network to capture credentials.
Advanced Persistent Threats (APTs)
Long-term targeted attacks for stealing data or compromising infrastructure.
DNS Spoofing/Cache Poisoning
Redirecting users to malicious websites by altering DNS records.
BGP Hijacking
Redirecting internet traffic by manipulating routing tables.
Malicious Insiders
Employees intentionally exploiting their access for malicious purposes.
Exploited Insiders
Attackers tricking insiders into performing malicious actions.
Firmware Tampering
Modifying firmware to control or disrupt IoT devices.
Botnet Formation
Compromising IoT devices to form a botnet for attacks.
USB Injection
Using infected USB drives to deploy malware.
Hardware Trojans
Malicious modifications to hardware for spying or sabotage.
Cross-Tenant Access
Exploiting vulnerabilities in shared cloud environments.
Account Hijacking
Gaining unauthorized access to cloud accounts to manipulate data.
Deepfake Attacks
Using AI to create fake video or audio content for deception.
Adversarial AI
Attacking machine learning models to manipulate outcomes.