Table of Contents
- Preface
- Attack Types
- USB
- Session Hijacking
- MITM
- Metasploit
- Persistent Attacks
- Debrief
Preface
Welcome! I would like to give some thoughts and basic information on the various types of Cyber Attacks.
Attack Types
DDoS — Affects availability in the CIA triad. Sends many requests to single/multiple machines to use up its resources
ARP poisoning — Takes an incorrect MAC address and links it to a legitimate IP address in order carry out actions from a foreign device using a recognized IP address
SMB(Server Message Block) — A type of MITM attack
DNS — Exploits in the Domain Name Server(Domain Hijacking, DNS Flood{DDoS}, DNS Cache Poisoning{spoofing similar to ARP poisoning})
USB
Sometimes automated, malicious payloads loaded onto a physical device that requires a direct connect interface, if autonomous you would want to make it seem like it was a personable item by adding a key chain or a useless house key onto the physical USB to make it more appealing for the victim to want to check the contents of the USB and plug it into their computer, giving it the presence of an actual victimless USB.
HID(human interface device) spoofing mimics keyboard strokes and performs pre-programmed keystrokes on the machine pretending to be a human(ducky script)
Malicious code usually found in the contents of the USB hidden in a file as a link or executing a picture to check it but runs as a program, or anything similar to this type of tactic, effectiveness depends on the attackers creativity
USB kill attack will harvest the power that is getting through and will store it to shoot it back at the machine is it connected to to try and kill off the machine, not really effective as it can get pulled out or the machine can be unplugged from the power source
Session Hijacking
An active session you are in has been copied/stolen in order for the attacker to access the same session without having to login using your login credentials, think XSS or CSRF
MITM(man in the middle) Attack
the attacker inserts their own device in between two connections to monitor/copy/change network traffic/data
Metasploit
Framework and the community are free with a pro version available for purchase, would encourage anyone to learn more about this tool as well
Metasploit runs on Unix (including Linux and macOS) and on Windows. The Metasploit Framework can be extended to use add-ons in multiple languages.
To choose an exploit and payload, some information about the target system is needed, such as operating system version and installed network services. This information can be gleaned with port scanning and TCP/IP stack fingerprinting tools such as Nmap. Vulnerability scanners such as Nessus, and OpenVAS can detect target system vulnerabilities. Metasploit can import vulnerability scanner data and compare the identified vulnerabilities to existing exploit modules for accurate exploitation.
Persistent Attacks
Unauthorized access to a computer network and remains undetected for an extended period:
Backdoors(RAT, user account)
Rootkit
SSH, RDP, VNC, Telnet
Shells
Scheduled Tasks
Debrief
I made this list just to write out some of the different types of attacks that occur in Cyber Space and I hope it helped explain some things or introduce some new ones to you. Thanks!