1.0 Attacks, Threats, and Vulnerabilities
1.4 Potential Indicators of a Network Attack
Wireless
Evil Twin - Made to look legitimate, configured to match similar settings, wireless phishing.
Rogue Access Point - Access Point on a network that was not authorized.
Bluesnarfing - Attacker uses Bluetooth to access data.
Bluejacking - Unsolicited messages sent through Bluetooth.
Disassociation - Wireless connection keeps dropping, deauthenticated from wireless network.
RF Jamming - Radio Frequency is interfered with to prevent the signal from being received.
Radio Frequency Identification (RFID) - Attacks can be data capture, spoof RFID, jamming.
Near-Field Communication (NFC) - Two-way wireless communication, built on RFID.
Initialization Vector (IV) - A way to add randomization to the encryption process.
On-Path Attack (man-in-the-middle/man-in-the-browser attack) - An attacker is able to intercept and redirect communications/data from a device.
Layer 2 Attacks
Address Resolution Protocol (ARP) Poisoning - Redirects traffic by changing the cached ARP data on the target device, needs to be on the same local network.
Media Access Control (MAC) Flooding - Attacker sends traffic with many different MAC addresses to fill up a Switches MAC table, once overloaded the Switch will be more like a hub allowing the attacker to data capture network traffic.
MAC Cloning - Spoofing a MAC Address, can be used to create a duplicate of existing MAC device, circumvent filters, create a communication disruption.
Domain Name System (DNS)
Domain Hijacking - Attacker gets access to the domain registration and can control where the traffic flows.
DNS Poisoning - Attacker redirects network traffic.
Uniform Resource Locator (URL) Redirection - Makes use of similar looking URLs, misspelled URLs to try to get a victim to go to an incorrect site.
Domain Reputation - Internet tracks your security posture, suspicious emails or service providers will get limited once reported, can cause a domain to be flagged by search engines as containing malware.
Denial of Service (DoS) Attacks
Distributed Denial-of-Service (DDoS) - Force a service to fail by using many devices to cause a traffic spike/overload.
Network - Layer 2 loop without STP (spanning tree protocol), bandwidth overload, DNS amplification.
Application - Fill disk space, Overuse a measured cloud resource.
Operational Technology (OT) - Attacker targets industrial infrastructure, electric grid, traffic control, manufacturing plants or pipelines, ect.
Malicious Code or Script Execution
PowerShell - .ps1 file extension, uses cmdlets to run scripts and functions, or executables. Highly integrated to be used for Windows system administration.
Python - .py file extension, commonly used for cloud orchestration, broad support across many platforms.
Bash - .sh file extension, Bash/Bourne/Korn/C, Linux shells, often starts with hash-bang (#!).
Macros - Automated functions used within an app or OS, automated exploit.
Visual Basic for Applications (VBA) - Automates processes with Windows apps, can interact with the OS, similar to macros, vulnerabilities can lead to more direct access.