Exploits - ayosecu/security-terms GitHub Wiki
-
Three Ways to Attack - Social, Physical, Network
- Social
- Ask the person for access, phishing.
- Cognitive biases - look at how these are exploited.
- Spear phishing.
- Water holing.
- Baiting (dropping CDs or USB drivers and hoping people use them).
- Tailgating.
- Physical
- Get hard drive access, will it be encrypted?
- Boot from linux.
- Brute force password.
- Keyloggers.
- Frequency jamming (bluetooth/wifi).
- Covert listening devices.
- Hidden cameras.
- Disk encryption.
- Trusted Platform Module.
- Spying via unintentional radio or electrical signals, sounds, and vibrations (TEMPEST - NSA).
- Network
- Nmap.
- Find CVEs for any services running.
- Interception attacks.
- Getting unsecured info over the network.
- Social
-
- Remote code execution (RCE) and privilege.
- Bind shell (opens port and waits for attacker).
- Reverse shell (connects to port on attackers C2 server).
-
- Email spoofing.
- IP address spoofing.
- MAC spoofing.
- Biometric spoofing.
- ARP spoofing.
-
- Metasploit.
- ExploitDB.
- Shodan - Google but for devices/servers connected to the internet.
- Google the version number of anything to look for exploits.
- Hak5 tools.