Common Attack Vectors

Trevor Chandler · Dec 25, 2024

Here are some common types of attack vectors:

- Weak or Compromised Access Credentials
- Phishing
- Malware
- Unpatched Software
- Third-party vendors & service providers
- Insider Threats
- Lack of Encryption
- Misconfigurations
- Trust Relationships
- Brute Force
- DDoS Attacks
- SQL Injections
- Cross-site scripting (XSS)
- Man-in-the-Middle (MITM)
- Session Hijacking

Got anymore to add to my list!!

precious · Dec 25, 2024

A surprise visit lists from the ‘ghost in the machine’?"........ Aren't they attacks themselves?

Trevor Chandler · Dec 25, 2024

precious said:
A surprise visit lists from the ‘ghost in the machine’?"........ Aren't they attacks themselves?

Huh??????????

precious · Dec 25, 2024

Trevor Chandler said:
Huh??????????

I meant they graduated from attack vectors to attacks themselves

Trevor Chandler · Dec 25, 2024

precious said:
I meant they graduated from attack vectors to attacks themselves

Oh, okay, now I understand

Patrick Asamago · Dec 26, 2024

Trevor Chandler said:
Here are some common types of attack vectors:

- Weak or Compromised Access Credentials
- Phishing
- Malware
- Unpatched Software
- Third-party vendors & service providers
- Insider Threats
- Lack of Encryption
- Misconfigurations
- Trust Relationships
- Brute Force
- DDoS Attacks
- SQL Injections
- Cross-site scripting (XSS)
- Man-in-the-Middle (MITM)
- Session Hijacking

Got anymore to add to my list!!

Cross site request attack
Social engineering attack
Man in the browser attack
Zero day attack

Gregory Childers · Dec 26, 2024

If we could eliminate social engineering threats, we could eliminate the vast majority of cybersecurity incidents and breaches.

precious · Dec 26, 2024

Gregory Childers said:
If we could eliminate social engineering threats, we could eliminate the vast majority of cybersecurity incidents and breaches.

Since it comes with vulnerabilities that can never be patched

Gregory Childers · Dec 26, 2024

precious said:
Since it comes with vulnerabilities that can never be patched

More effective training and awareness programs combined with more stringent compliance audits can definitely help.

precious · Dec 26, 2024

Gregory Childers said:
More effective training and awareness programs combined with more stringent compliance audits can definitely help.

They very very important

Trevor Chandler · Dec 26, 2024

Patrick Asamago said:
Cross site request attack
Social engineering attack
Man in the browser attack
Zero day attack

Okay, I'll accept these!

precious · Dec 26, 2024

Patrick Asamago said:
Cross site request attack
Social engineering attack
Man in the browser attack
Zero day attack

I add A02:2021-Cryptographic Failures

Trevor Chandler · Dec 26, 2024

precious said:
I add A02:2021-Cryptographic Failures

I'll accept that!

precious · Dec 26, 2024

Trevor Chandler said:
I'll accept that!

Okay

Michael Schmitz · Dec 28, 2024

Trevor Chandler said:
Here are some common types of attack vectors:

- Weak or Compromised Access Credentials
- Phishing
- Malware
- Unpatched Software
- Third-party vendors & service providers
- Insider Threats
- Lack of Encryption
- Misconfigurations
- Trust Relationships
- Brute Force
- DDoS Attacks
- SQL Injections
- Cross-site scripting (XSS)
- Man-in-the-Middle (MITM) -> now: On Path Attack for CompTIA
- Session Hijacking

Got anymore to add to my list!!

Really go in that list?
Man in the Cloud
Man in the Disk (still no nonoffensive exclusive name for these).
SMSishing

Whaling,
Qishing (Manipulating QR Codes, not new, but more and more common)
Just go to the Exam Objectives for Sec+.

Trevor Chandler · Dec 28, 2024

Michael Schmitz said:
Really go in that list?
Man in the Cloud
Man in the Disk (still no nonoffensive exclusive name for these).
SMSishing

Whaling,
Qishing (Manipulating QR Codes, not new, but more and more common)
Just go to the Exam Objectives for Sec+.

Man in the Cloud? Man in the Disk? These haven't arrived to my knowledge base just yet!!!

Michael Schmitz · Dec 29, 2024

Trevor Chandler said:
Man in the Cloud? Man in the Disk? These haven't arrived to my knowledge base just yet!!!

you should attend one of my courses then.

Man in the Cloud: using public Cloud ressources for delivering malware or using onedrive7ggogle drive to exfiltrate data f.e.
Man in the Disk: attack vector for android with installed SD-Card

Also there is a Meet in the middle Attack, but that is for 3DES encryption.
I mention that only ~~to confuse~~ (no, so they have heard it sometime, if it might come up again in the future my students..

Wondering, that you to not ask about quishing....

Search

Search

Common Attack Vectors

Trevor Chandler

Well-known member

precious

Well-known member

Trevor Chandler

Well-known member

precious

Well-known member

Trevor Chandler

Well-known member

Patrick Asamago

Well-known member

Gregory Childers

Well-known member

precious

Well-known member

Gregory Childers

Well-known member

precious

Well-known member

Trevor Chandler

Well-known member

precious

Well-known member

Trevor Chandler

Well-known member

precious

Well-known member

Michael Schmitz

Well-known member

Trevor Chandler

Well-known member

Michael Schmitz

Well-known member