Common Hacking Methodologies

Question 1

Phishing

Answer 1

Most common attack. Click on a link, download malicious code
Ex: “Problem with account”

Question 2

Bait and Switch

Answer 2

Advertisement that looks legit. Link is not

Question 3

ClickJacking

Answer 3

being tricked to click something different than what you are being shown

Question 4

DOS/DDOS

Answer 4

App/bots overflowing TCP 3-way handshake buffers to crowd out legitimate traffic

Question 5

Fake WAP

Answer 5

Creates man in the middle in two ways

“Starbucks Free” acts as a middleman and sniffs all traffic

It can also redirect to the bait-and-switch page that asks you to confirm credentials.

Question 6

Keylogger

Answer 6

Software that records every keystroke on a user’s computer

Question 7

Vishing

Answer 7

Phishing over the phone.

Question 8

Malware

Answer 8

Virus=Code fragment embedded in another program

Must be executed by a user. Self-replicating. Not remote-controlled.

Question 9

Malware examples

Answer 9

Installed via “virus dropper” (usually a trojan horse)

File virus = malicious file executing malware

Boot Sector Virus = Loads before the OS does

Macro virus = executed via doc shortcuts like the word

Encrypted virus = hides from anti-virus by decrypting after installation

Worm = Independent program that eats system resources
Executes via system vulnerability, can be remotely controlled
Spreads faster than the virus

Trojan Horse = Uses false name to hide malware and does not replicate

Rootkit = collection of malware that takes over a computer.