Add to collection(s) Add to saved
  1. No category
Uploaded by Kevin Le

Vulnerabilities

advertisement 
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Smishing: Phishing attacks conducted through SMS messages.
Dissociation Attack (also known as Deauthentication Attack) is an attack on a
wireless network where the attacker sends deauthentication frames to the access point
or client, causing them to disconnect.
Phishing: Fraudulent attempts to obtain sensitive information by disguising as a
trustworthy entity in electronic communications.
Spear Phishing: Targeted phishing attacks aimed at specific individuals or
organizations.
Whaling: Phishing attacks directed specifically at senior executives or other high-profile
targets within a business.
Vishing: Phishing attacks conducted through voice calls.
Man-in-the-Middle: An attack where the attacker secretly intercepts and relays
messages between two parties who believe they are directly communicating with each
other.
Spoofing: Deceiving a system or user by masquerading as a legitimate entity.
Adware: Software that automatically displays or downloads advertising material.
Trojan Horse: Malware disguised as legitimate software that, once activated, can steal
information or harm the host system.
Virus: Malware that attaches itself to a host file or system and spreads to other files and
systems.
Worm: Malware that replicates itself to spread to other computers, often exploiting
vulnerabilities in network security.
Zero-Day Exploit: An attack that targets a previously unknown vulnerability in software
or hardware.
SQL Injection: An attack that allows attackers to execute arbitrary SQL code on a
database.
Cross-Site Scripting (XSS): An attack where malicious scripts are injected into
otherwise benign websites.
Denial of Service (DoS): An attack aimed at making a service unavailable to its
intended users.
Distributed Denial of Service (DDoS): A large-scale DoS attack that uses multiple
compromised systems to target a single system.
Brute Force Attack: An attack that attempts to gain access by systematically trying
every possible password combination.
Credential Stuffing: An attack that uses stolen account credentials to gain unauthorized
access to user accounts.
Social Engineering: Manipulating individuals into divulging confidential or personal
information.
Backdoor: A method of bypassing normal authentication to gain unauthorized access to
a system.
Insider Threat: A threat posed by someone within the organization who has inside
information and access.
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Botnet: A network of private computers infected with malicious software and controlled
as a group without the owners' knowledge.
Keylogger: Software or hardware that records keystrokes made by a user, often to gain
unauthorized access to passwords and other confidential information.
Watering Hole Attack: An attack where the attacker compromises a specific group’s
common online resources to infect its members.
Ransomware: Malware that encrypts a user's files and demands payment for the
decryption key.
Rootkit: Software designed to hide the existence of certain processes or programs from
normal methods of detection and enable continued privileged access to a computer.
Session Hijacking: An attack where the attacker takes over a session between a user
and a trusted network.
Cross-Site Request Forgery (CSRF): An attack that tricks the user into performing
actions they did not intend to perform.
Drive-By Download: Unintended download of malicious code to a device without the
user's consent or knowledge.
DNS Spoofing: An attack that changes a domain name system (DNS) record to redirect
traffic to a malicious site.
DHCP Starvation: An attack on a network's Dynamic Host Configuration Protocol
(DHCP) server, where the attacker floods the server with numerous DHCP requests,
using spoofed MAC addresses.
Privilege Escalation: An attack that exploits a vulnerability to gain higher-level access
to resources than intended.
Session Fixation: An attack where the attacker sets a user's session ID to a known
value and then uses it to gain unauthorized access.
Clickjacking: An attack that tricks users into clicking on something different from what
they perceive, potentially revealing confidential information or allowing control of their
computer.
Rogue Security Software: Malicious software that deceives or misleads users into
paying for fake or simulated removal of malware.
Fileless Malware: Malware that operates in-memory and does not write any part of its
activity to the hard drive, making it difficult to detect.
Typosquatting: An attack where attackers register domain names that are misspelled
versions of popular sites to deceive users.
Rainbow tables: A rainbow table is a giant list of these hashes, but they’re created
ahead of time for many possible passwords. Adding random data (a "salt") to each
password before hashing makes rainbow tables ineffective because each password gets
a unique hash.
Related documents
Social Engineering Techniques
Social Engineering Techniques
Blue Yellow Round and Friendly Technology Comparison infographic
Blue Yellow Round and Friendly Technology Comparison infographic
SI110 Spring AY13 Alpha:___________ Name:________________________________
SI110 Spring AY13 Alpha:___________ Name:________________________________
Malicious Attacks By: Jamie Woznicki Rahul-Anaadi Kurl Alexander Kaufmann
Malicious Attacks By: Jamie Woznicki Rahul-Anaadi Kurl Alexander Kaufmann
14230878
14230878
hwhwhw
hwhwhw
Download
advertisement