Type of attacks:

  • Passive attack (eavesdropping, traffic analysis, etc.)
  • Active attack (masquerade, replay such as man in the middle, modification, denial of service)

Layer 1 Attacks

Simplest attack is tapping the phone

Evil Twin AP

Layer 2 Attacks

Wi-Fi deauthentication attack

Rogue AP attack

Layer 3 Attacks

ARP Poisoning ARP spoofing

Sniffing Traffic

Tampering With Traffic

Wormhole attack

Black Hole attack

Byzantine attack

Information Leaks

Resource Consumption attack

Sleep Deprivation attack

Port Stealing

NDP Spoofing

Routing attacks

Mitnick attack

Layer 4 Attacks

Sniffing/Monitoring

Denial of Service

DHCP attacks

DNS attacks

DNS Hijacking

DNS DoSing

dns spoofing

Layer 5 Attacks

Man in the Middle

Session Hijacking

Layer 6 Attacks

Man-in-the-Middle Attacks (MITM)

Session Hijacking

Denial of Service (DoS)

An example of local DoS is the fork bomb

  1. a single process issues the fork system call
  2. this call creates a copy of the calling process and runs it
  3. the copy, containing the same simple code as the parent, also calls to fork
  4. the total number of forks rises exponentially

Distributed Denial of Service (DDoS)

DDoS is like cancer

Cross Site Request Forgery (CSRF)

Deserialization Attack, Insecure Deserialization

Clickjacking

https://support.mozilla.org/en-US/kb/xframe-neterror-page

Phishing

Injection

directory traversal attack

Cross Site Scripting (XSS)

DOM-based XSS

SQL Injection

Malware

Malware loves to use Selenium because it does not add cookie unless you specifically ask it to do so

Virus

ILOVEYOU

MELISSA

Types of virus:

  • boot
  • camo
  • cavity
  • multipartite
  • metamorphic
  • network
  • polymorphic code
  • shell
  • stealth

Trojan

Worm

https://en.wikipedia.org/wiki/Stuxnet

Ransomware

Ransomware groups loves small businesses

Bots, Botnets

Adware

Spyware

Rootkits

Credential Reuse

credential stuffing

Brute Force

Side-Channel Attack

TEMPEST attack