Chapter 8: Social Engineering and Attacks Flashcards
two types active and passive; passive is where the attacker researches your company and collect information that will be used at a later stage. Active is where the attacker interacts with the user or their desktop—someone has your username and tries to reset the password
Reconnaissance
campaigns are a social engineering attack to influence people form countries all over the world—two types: social media and hybrid warfare
Influence Campaigns
carried out by state actors to influence the balance of power in a country using military political economic or civil means
Hybrid warfare
when someone removes the trash from your trash in hopes of finding a letter that holds PII that can be used to commit fraud.
Dumpster Diving
involves a person standing behind someone who is using a computer so that they can see sensitive information
Shoulder surfing
companies in the same industry visit similar websites. Therefore, attackers identify a website that people in a particular industry are likely to visit and then infect with a virus.
Watering Hole Attack
this is a DNS redirection attack where either the DNS cache has been poisoned or an entry is placed in your hosts file. The victim is redirected to a fraudulent website.
Pharming
Types of Social Engineering
Authority: email may be sent out by someone of a higher authority ordering you to complete a form that can be accessed by clicking a link.
Intimidation: someone pretending to be someone of high authority. They then threaten an individual telling them they are in trouble if don’t do what they are told.
Urgency: someone arriving at a reception desk and demanding access quickly.
Scarcity: panic to make a snap decision. “Only one room left”
Familiarity and Trust: hackers make themselves familiar to their victims; they come around a lot bringing them boxes of chocolates and eventually they become trusted
Consensus: people like to be accepted by peers and coworkers. An attacker might ask for some information and state that they obtained it last week from a coworker and need an update on it.
has no information because they are not authorized by the company
-hacker
Black Hat
is provided with limited information from the company because may be participating in the bug bounty program-may be known as ethical hackers
Gray Hat
is an ethical hacker who is employed by the company to test applications for flaws and vulnerabilities.
White Hat
external threat actor who defaces your website or breaks into your computer or network. They are politically motivated and seek social change.
Hactivists
this is where people plug their own computers and devices into your network without your consent.
Shadow IT
person who does not have expert technical knowledge and uses script and code that they find to launch an attack on your company
Script Kiddie
another country that poses a threat to your country
State Actors
external threat that tries to steal data from your network but they are there for an extremely long period of time. They are well organized well funded and sophisticated
Advanced Persistent Threat (APT)
Target mainly to steal money
Criminal Syndicates
disgruntled employee that may have been overlooked for promotion and relationship with company has gone sour.
Insider Threat
start by using all the words in the oxford English Dictionary and use them to try and crack passwords, but misspelled names or passwords with special characters cant be cracked.
-could crack elasticity but not el@sticity
Dictionary Attacks
runs though all the different combinations of letters and characters and will eventually crack a given password. The length of the password may slow down such an attack, but will eventually be cracked.
Brute Force Attacks
is a combination of both a dictionary and a brute force attack
Hybrid Attack
password spraying uses the most common password in a type of reverse brute force attack. The hacker first searches the internet for people who work within an organization and see whether they can work out the standard naming convention.
Spraying Attack
this is where an attacker navigates through a structure of a web server moving from page to page searching for login details. It is known to use …/ to navigate through the directory structure.
Directory Traversal
can also be called “skimming” where a credit card has been put through a card cloning machine. The most common places for these devices are ATMs or when you pay a bill at a restaurant
Card Cloning
the attacker intercepts traffic going between two hosts then changes the information in the packets in real time.
Man in the Middle Attack (MITM)
where a malicious plugin or script has been downloaded and the browser has been compromised. It acts like a trojan.
Man in the Browser Attack (MITB)
is an on path attack that intercepts data but replays it at a later date
replay attack
when a user visits a website a Session ID is set up between the user and the webserver. This information can be stored in a cookie and is present in the traffic going between the user and the website. The attacker can steal a cookie or can use a protocol analyzer and capture the Session ID from HTTP packets.
Session Replay Attack
where the victim’s machine or network is flooded with a high volume of requests from another host so that it is not available for any other host to use. A common method is to use SYN flood attacks, where the first two parts of the three way handshake occur
DoS Attack
when an exploit is found but at the time there is no solution to prevent it.
zero day attack
this is where an attacker gains access to the network via a vulnerable host. It then attacks a critical server such as a domain controller or a database server. In a virtual world it would be called a Virtual Escape.
Pivoting
older operating systems such as Windows NT 4.0 stored the password locally and it was hashed with MD4. Attackers used to use a rainbow table to complete a hash collision attack, an alternative would be the hashcat tool. Prevent pass the hash attacks by disabling NTLM
Pass the Hash Attack
operates at layer 2 of the OSI using MAC addressed. It is an attack which a LAN is flooded with fake MAC addresses so that they can be linked to legitimate addresses
ARP Poisoning
is the theft of a MAC address of another networked device, which is then used to gain access to the network.
MAC Spoofing Attack
this is where an attacker floods a switch with a fake IP address to port mapping so that it consumes limited memory that a switch has.
MAC Flooding
attack where an attacker wants to grant themselves more permissions than they are entitled to.
Privilege Escalation
this is used when you want to pretend to be a different device, so you can connect to a network device or bypass the security on a captive portal
MAC Cloning Spoofing
is the modification of the Internet Protocol packet using a fake IP address to mask the identity of the sender. This prevents the attacker from being traced when they carry out a malicious attack.
IP Spoofing
this is an attack where the attackers carry out an SSL downgrade attack, where they manage to bypass the certificate based protection and turn the session into an HTTP attack.
SSL Stripping
this is where an attack on the application consumes all available memory and CPU cores. It could also be where all IP addresses have been allocated on a DHCP server.
Resource Exhaustion
this is a technique used for running code within the address space of another process by forcing it to load a DLL. This makes the application run differently from how it was designed to. You could install a malware DLL in another process
Dynamic Link Library Injection (DLL)
The user must be authenticated to the webserver where the user clicks on a link, like, or share button to perform an action.
Cross Site Request Forgery (CSRF)
will use a web application as their attack vector to create a packet from a backend server to look as if it has come from the localhost. The request looks if it has come from the server itself and will try and access the contents of the /etc/passwd file.
Server Side Request Forgery (SSRF)
is when a user injects a malicious code into another user’s browser. It uses both HTML tags and JavaScript. The following is a very simple server side script to dis-play the latest comments.
Cross Site Scripting (XSS)
occurs when a program tries to store more data than it can hold in a temporary memory storage area.
buffer overflow
is a condition that occurs when the result of an arithmetic operation, such as multiplication or addition, exceeds the maximum size of the integer type used to store it.
integer overflow
when you use SQL database, you can run queries against the SQL database using Transact SQL.
SQL Injection Attack
applications have a tendency to create errors and the applications themselves do not validate the information returned in errors.
Improper Error Handling
is where data is entered either using a web page or wizard; both are set up to only accept data in the correct format within a range of minimum and maximum values.
Input Validation
is where an attacker takes control of a Bluetooth device such as a phone. They are then able to make phone calls and send texts
Bluejacking
an attacker hijacks a Bluetooth phone but they extract contact details and any sensitive information.
Bluesnarfing
is when someone tries to change domain registration of a domain with the internet authorities so they can control it for profit.
Domain Hijacking
is a process in which a website is falsely removed from the results of a search engine and replaced by another web page that links to the remote page
URL Hijacking
this is where an attacker redirects you from a legitimate website to a fraudulent website
URL Redirection
hackers creates websites with characters transposed to redirect a users session to a fraudulent website. This is known as URL hijacking.
Typosquatting
process of changing an applications code to avoid detection by anti virus software while still retaining its attack functionality
Refactoring
small library that is transparently intercepts API calls and changes the arguments passed
Shimming
the birthday paradox states that in a random gathering of 23 people, there is 50 percent change that two people will have the same birthday. If we store passwords as hashes all the password that are the same will produce the same hash if we use the same hashing algorithm
Birthday Attack
lists of pre computer passwords with corresponding hash. You can obtain free rainbow tables from the internet
Rainbow Tables
Open Permissions/Unsecure Root Accounts/Errors/Weak Encryption/Default Settings/Open Ports and Services
Weak Configurations
