1.4 Potential Indicators - Network Attacks

Rogue Access Points and Evil Twins

Both are security threats in the realm of wireless networks. They involve unauthorized setup of wireless access points to deceive or compromise users.

Rogue access points are unauthorized wireless access points that are connected to a network without the network administrator's knowledge or approval. They can be set up by employees, visitors, or malicious actors. - providing unauthorized access to a network, eavesdropping on network traffic, launching MitM (man-in-the-middle) attacks

Wireless evil twin is a type of rogue acess points that appears to be a legitimate, trustworthy network, often with a name similar to a legitimate network, in an attempt to deceive users into connecting to it. - intercept network traffic, steal login credentials, launch attacks on connected devices

Bluejacking and Bluesnarfing

Bluejacking is a relatively harmless and often playful practice where an individual sends unsolicited messages or digital business cards (vCards) to nearby Bluetooth-enabled devices, such as smartphones, tablets, or laptops, without pairing or connecting to them. - bluejacking is often done without malicious intend | you can perform this type of practice just to have some fun without annoying people

Bluesnarfing is a malicious activity where an attacker gains unauthorized access to a Bluetooth-enabled device, such as a smartphone or PDA (personal digital assistant), to steal personal information, contacts, emails, or other data stored on the device. - bluesnarfing can be done maliciously | it involves stealing sensitive information from a victim's device without their knowledge or consent - an attacker may exploit a Bluetooth vulnerability to connect to a victim's device and download its contacts, messages, or files.

Wireless Disassociation

Also known as deauthentication attack. It is a type of cyberattack that targets wireless networks by sending deauthentication or disassociation frames to one or more connected clients, effectively disconnecting them from the network. - primary purposes of a wireless disassociation attack is to disrupt network services by disconnecting clients repeatedly

Wireless Jamming

In jamming, the goal is to decrease the signal-to-noise ratio at the receiving device so that the receiving device can't hear the good signal. It involves transmitting radio frequency (RF) signals on the same frequencies used by wireless devices, disrupting their ability to communicate effectively. - blocking communication during critical operations or espionage activities - some wireless technologies, such as Bluetooth and some military radios, use frequency hopping techniques to avoid jamming.

RFID and NFC Attacks

Radio-Frequency Identification (RFID) and Near-Field Communication (NFC) are both wireless communication technologies used for various applications, including contactless payments, access control, and inventory tracking. - RFID attacks can capture data and view communication in between - replay attack - spoof the reader, write your own data to the tag, denial of service - signal jamming

Randomizing Cryptography

Randomizing involves introducing randomness or unpredictability into cryptographic processes to enhance security and resist various types of attacks. - generating cryptographic keys with a high degree of randomness is essential - random or pseudorandom numbers are used to create encryption keys, ensuring that they are difficult to predict or guess - use nonce during the login processes - server gives you a nonce, then calculates the password hash using the nonce - each password hash will be different, replay attack won't work

• key aspects of randomization in cryptography - key generation - initialization vectors = IVs are used in block cipher modes of operations, such as CBC, to add an element of randomness to each encryption operation which prevents identical plaintext blocks from reproducing the same ciphertext blocks - salt in hashing | nonces | random padding

On-Path Attacks

Formerly known as man-in-the-middle attack. This type of attack redirects the traffic from you to your destination and you never know that the traffic was redirected by someonelse. - an attacker intercepts and potentially modifies communication between two parties - compromise the confidentiality, integrity, and authenticity of data exchanged between the legitimate parties - Certificate Authorities can prevent this type of attack

MAC Flooding and Cloning

MAC flooding = a network attack where an attacker floods a network switch with a large number of fake or randomly generated MAC addresses. This is done to overwhelm the switch's MAC address table, causing it to operate in a less secure "fail-open" mode. - goal of MAC flooding is to force the switch into a state where it can no longer efficiently map MAC addresses to physical ports. In this state, the switch behaves like a hub, broadcasting traffic to all connected devices - when a switch is in "fail-open" mode, it becomes susceptible to an eavesdropping attack

Mac cloning = also known as MAC spoofing, involves changing the MAC address of a network interface to impersonate another device's MAC address on the network - attackers use MAC cloning to circumvent network security measures or gain unauthorized access - by assuming the identity of an authorized device, they can bypass MAC address filtering or gain access to network resources

DNS Attacks

DNS is a fundamental part of the internet that translates human-readable domain names into IP addresses, allowing users to access websites and other online services.

DNS poisoning = attackers insert false DNS information into the cache of a DNS resolver which leads to incorrect IP address mappings and redirects users to malicious websites. - send fake response to a valid DNS request | requires redirection of the original request

Domain hijacking = compromise a domain registrar's account to gain control of a domain name, altering its DNS records to redirect traffic to malicious servers - you don't need to edit the actual server - you just discover the DNS names and DNS IP addresses

URL hijacking = also known as URL redirection or URL forwarding, refers to a technique where a malicious actor redirects a user from a legitimate website or URL to a different, often malicious, website without the user's consent or knowledge.

Denial of Service

This type of attack is a malicious attempt to disrupt the normal functioning of a computer network, system, or service by overwhelming it with a flood of traffic, requests, or other activities.

DDoS = distributed DoS launches an army of computers to bring down a service which uses most of the bandwidth or resource - attackers use botnets to perform DDoS attacks DDoS amplification = this approach turns the small attack into a big attack often reflected off another device or service

Malicious Scripts

Scripting and automation allows you to automate tasks wich you don't have to be present during execution.

Windows Powershell allows command line interaction for system administrators and allows extended functionality of command-line. Powershell can execute scripts and functions to download malicious payloads, collect information, or move laterally in a network.

Python is a general-purpose scripting language which is highly popular in many technologies. It is commonly used for automation and cloud orchestration.

Shell scripting allows to automate and extend the command line that allows to attack Linux environments. Shell scripting is very powerful because it can interact with the OS.