Cybersecurity Assessment PDF
Document Details
Uploaded by Deleted User
Tags
Summary
"Cybersecurity Assessment" slides cover various cybersecurity topics, including hacker classifications, hacking skills, and different attack methods.
Full Transcript
CYBERSECURITY AWARENESS CLASSIFICATION OF HACKERS BLACK HAT HACKERS WHITE HAT HACKERS GRAY HAT HACKERS RED HAT HACKERS BLUE HAT HACKERS GREEN HAT HACKERS ELITE HACKERS HACKTIVIST HACKERS HACKING SKILLS Password Cracking Password Cracking is the process of...
CYBERSECURITY AWARENESS CLASSIFICATION OF HACKERS BLACK HAT HACKERS WHITE HAT HACKERS GRAY HAT HACKERS RED HAT HACKERS BLUE HAT HACKERS GREEN HAT HACKERS ELITE HACKERS HACKTIVIST HACKERS HACKING SKILLS Password Cracking Password Cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system Session hijacking is an attack where a user session is taken over by an attacker. A session starts when you log into a service, for example your banking application, and ends when you log out. To perform session hijacking, an attacker needs to know the victim’s session ID (session key). This can be obtained by stealing the session cookie or persuading the user to click a malicious link containing a prepared session ID. In both cases, after the user is authenticated on the server, the attacker can take over (hijack) the session by using the same session ID for their own browser session. The server is then fooled into treating the attacker’s connection as the original user’s valid session. Session Spoofing What is an example of spoofing? An example of spoofing is when an email is sent from a false sender address, that asks the recipient to provide sensitive data. This email could also contain a link to a malicious website that contains malware. Spoofing is when someone or something pretends to be something else in an attempt to gain our confidence, get access to a system, steal data, or spread malware. Network Traffic Sniffing Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools. It is a form of “tapping phone wires” and get to know about the conversation. It is also called wiretapping applied to the computer networks. In other words, Sniffing allows you to see all sorts of traffic, both protected and unprotected. In the right conditions and with the right protocols in place, an attacking party may be able to gather information that can be used for further attacks or to cause other issues for the network or system owner. A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. Exploring Buffer Overflow Vulnerability A buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle. The extra information, which has to go somewhere, can overflow into adjacent memory space, corrupting or overwriting the data held in that space. This overflow usually results in a system crash, but it also creates the opportunity for an attacker to run arbitrary code or manipulate the coding errors to prompt malicious actions. Executing a Buffer Overflow Attack Cybercriminals exploit buffer overflow problems to alter the execution path of the application by overwriting parts of its memory. The malicious extra data may contain code designed to trigger specific actions — in effect sending new instructions to the attacked application that could result in unauthorized access to the system. Hacker techniques that exploit a buffer overflow vulnerability vary per architecture and operating system. Methods of Cybersecurity Attack Methods of Cybersecurity Attack Methods of Cybersecurity Attack Methods of Cybersecurity Attack Phases of Cybersecurity Attack