Exploits - ayosecu/security-terms GitHub Wiki

  • Three Ways to Attack - Social, Physical, Network

    • Social
      • Ask the person for access, phishing.
      • Cognitive biases - look at how these are exploited.
      • Spear phishing.
      • Water holing.
      • Baiting (dropping CDs or USB drivers and hoping people use them).
      • Tailgating.
    • Physical
      • Get hard drive access, will it be encrypted?
      • Boot from linux.
      • Brute force password.
      • Keyloggers.
      • Frequency jamming (bluetooth/wifi).
      • Covert listening devices.
      • Hidden cameras.
      • Disk encryption.
      • Trusted Platform Module.
      • Spying via unintentional radio or electrical signals, sounds, and vibrations (TEMPEST - NSA).
    • Network
      • Nmap.
      • Find CVEs for any services running.
      • Interception attacks.
      • Getting unsecured info over the network.
  • Exploit Kits and Drive by Download Attack

  • Remote Control

    • Remote code execution (RCE) and privilege.
    • Bind shell (opens port and waits for attacker).
    • Reverse shell (connects to port on attackers C2 server).
  • Spoofing

    • Email spoofing.
    • IP address spoofing.
    • MAC spoofing.
    • Biometric spoofing.
    • ARP spoofing.
  • Tools

    • Metasploit.
    • ExploitDB.
    • Shodan - Google but for devices/servers connected to the internet.
    • Google the version number of anything to look for exploits.
    • Hak5 tools.