Attacks Flashcards
XSS
Cross-Site Scripting.
Attackers embed malicious HTML or javascript into a websites code. Executes when user visits the site.
Prevented with input validation techniques.
CSFR
Cross Site Forgery Request.
Attackers trick users into performing an action on a website. The attacker creates a specially crafted HTML link and the user performs the action without realizing it.
SQL Injection
Attacker enters additional data in the web page form to generate different SQL statements. Input validation protects gains SQL Injection attacks.
Disassociation Attacks
Wireless attack that removes a wireless client from a wireless network, forcing it to reauthenticate. Sends specially crafted traffic to a wireless client. and an access point to accomplish this.
WPS Attacks
Wi-fi protected setup attack. Keeps trying different pins that would allow the attacker access to the wireless device. Experts recommend disabling WPS on all devices
Rogue AP
An AP placed within a network without authorization. Increases vulnerabilities to the network. Can allow attacker to connect into the wired network. Used to capture and exfiltrate data.
Evil Twin
Rogue AP with the same SSID as a legitimate access point.
Jamming Attacks
Attackers transmit noise or another radio signal on the same frequency used by a wireless network.
IV Attacks
Attempts to discover a pre-shared key from the IV. IV attack is successful when an encryption system reuses the same IV.
Bluejacking
Practice of sending unsolicited messages. to nearby Bluetooth devices.
Bluesnarfing
Unauthorized access to, or theft of information from a bluetooth advice.
Wireless Replay Attacks
An attacker captures data sent between two entities, modifies it, and then attempts. to impersonate one of the parties by replaying the data. WPA2 using CCMP and AES is not vulnerable to replay attacks. WPA using TKIP is vulnerable.
RFID Attacks
Eavesdropping, Replay, and DoS
