Lecture 2-2

Metasploit is a framework, and it is a combination of tools and programs. You pick one of the programs that can be used against the vulnerability of your target.

Zero day exploit is a cyberattack that takes advantage of a vulnerability that is unknown to developers. The typical ways to find the zero-day vulnerabilities are fuzzing and source code analysis. In cybersecurity, fuzzing is a tool created by the hacker to find vulnerabilities. Source code analysis is identifying bugs in the code.

Buffer Overflows What It Is: This happens when a program writes more data to a buffer (temporary storage) than it can hold. Effect: The overflow can cause the system to crash or behave unpredictably. Structured Exception Handler (SEH) Overwrites What It Is: SEH is a system that handles errors in a program. Effect: Hackers can manipulate SEH to handle fake errors, potentially crashing the system.

Insider threats are people who work within an organization and intend to harm it. These insiders have an advantage because they already have access to the organization's systems and knowledge about its vulnerabilities. This inside knowledge allows them to target the organization more effectively.

One way an insider could extract data from a company computer without detection, if the BIOS is not locked down and there's no full disk encryption, is by booting the computer from an external device like a USB drive containing a live operating system, and then accessing and copying the data from the computer's storage.

SQL Injection is a code injection attack that targets the websites that are coded in PHP and SQL for the backend and have inputs provided for the users on the webpage. Hackers supply inputs that can manipulate the execution of SQL statements, causing a compromise to occur at the backend and exposing the underlying database.

Cross-Site Scripting (XSS) is a type of cyber attack where hackers inject malicious scripts into web pages viewed by other users. They do this by exploiting unprotected input fields on websites, such as search boxes or comment sections. When unsuspecting users visit the compromised pages, their browsers execute the injected scripts, allowing hackers to steal sensitive information like cookies or manipulate page content.

This weakness allows attackers to capture or bypass a web application's authentication methods. It's often exploited in shared computers, like those in cyber cafes. The attack targets the computer itself because websites keep sessions and cookies stored on the computer even after a user closes the browser without logging out.

Used against big companies. The main aims for DDoS attacks are normally either to bring down a server or to create a diversion in order to commit another malicious act such as stealing data by flooding traffic.

In May 2017, a vulnerability was discovered in Google Chrome, affecting the latest version on Windows 10. Hackers could exploit this flaw to automatically download a harmful file onto a victim’s computer, potentially stealing their credentials. By tricking victims to visit a malicious website, attackers could gain access to their usernames and password hashes, leaving them vulnerable to various attacks, including SMB relay attacks. This means attackers could use victims' credentials to access other resources like email or remote servers.