Lesson 12 - Attacking Specialized Systems Flashcards
A Technology that is similar to Bluetooth, in that is used to communicate wirelessly over short distances but uses less energy.
Bluetooth Low Energy (BLE)
What was the major attack that went after IoT devices such as cameras and baby monitors exploiting default passwords to launch DDos Attacks
Mirai bot
Dyn - Amazon
Twitter
FitHub
What are the two common network open-source protocols that are used by IoT devices
Constrained Application Protocol (CoAP)
Message Queuing Telemetry Transport (MQTT)
Name some common CoAP attacks
Coercice parsing attack
Spoofing
Packet Amplification
Used UDP Protocol
Describe MQTT and name some attacks against it
MQTT carries messages between devices and uses authentication however it is typically not encrypted.
Sniffing
Data Modification
Joining a Botnet
T or F a Supervisory control and data Acquistion (SCADA) system is a type of Industrial Control System (ICS)
True
Prevalent in the utilities and energy companies controlling their critical infrastructure such as gas lines
Name some common vulnerabilities to an ICS system
Leaving Data Exposed - Intelligent Mangement Interface (IPMI) not properly configured
Handling Errors - having error and debug errors that provide too much information to malicious actors
Fuzzing - sends a running app random and unusual characters and monitors how app responds
What is the term when VM’s are susceptible to configuration vulnerability and not properly authorized and monitored
VM Sprawl
What are the 3 Class of Virtual Attacks
Class 1 - outside of VM
Class 2 - Directly at VM
Class 3 - Originates within VM and is the source
What is the attack were malware running in a VM is able to interact directly with the Hyper-Visor or host kernel
VM Escape
What is the Virtual attack when a malicious actor takes control of the Hypervisor
Hyperjacking
