Threats and Tools

Session hijacking is a type of attack where an adversary exploits weaknesses in how an application implements sessions and user authentication. As a result, the adversary can hijack or manipulate an active session and use it to gain unauthorized access to an application.  When a user signs in to a web application such as Facebook...

Phishing is a common tactic used by online scammers and hackers to trick users into sharing their online credentials or other sensitive information. It is a type of “Social Engineering” that is usually done by sending a genuine and trustworthy looking message (E-mail, SMS, social media etc.) containing a link to a deceptive website. Once...

Brute-force attack is an attempt to guess a secret – e.g. password or encryption key – by systematically checking every possible option. A brute force attack against an encryption system attempts to decrypt encrypted data by exhaustively enumerating and trying encryption keys. Such an attack might be used when it is not possible to take...

Corporate Account Takeover (CATO) is a type of account takeover (ATO) where the target account belongs to a business as opposed to an individual. Account takeover occurs when an attacker manages to gain unauthorized access to a legitimate account – access which he uses to carry out nefarious activities such as initiate a fraudulent payment,...

Credential stuffing is the automated injection of stolen username (typically emails) and password pairs in order to gain unauthorized access to user accounts. Using automation tools, large numbers of compromised credentials are automatically entered into an application (typically a Web application) until success is achieved. Once account takeover is achieved, account data can be stolen,...

A Golden Ticket attack is when an attacker has complete and unrestricted access to an entire domain — all computers, files, folders, and most importantly, the access control system itself. Because the attacker is controlling the component of the access control system that is responsible for issuing Ticket Granting Tickets (TGTs), then he has the...

Advanced persistent threat (APT) is a general term that refers to sophisticated and persistent efforts to breach a computing device or network. The attack is often targeted at a specific resource or user, and perpetrated by very capable and well-funded attackers (e.g. government organizations). APT attacks can employ various attack tools and techniques that exploit...

Address Resolution Protocol (ARP) poisoning is when an attacker sends falsified ARP messages over a local area network (LAN) to link an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is linked to an authentic IP address, the attacker can receive any...

Man-in-the-browser is a form of man-in-the-middle attack where an attacker is able to insert himself into the communications channel between two trusting parties by compromising a Web browser used by one of the parties, for the purpose of eavesdropping, data theft and/or session tampering. Man-in-the-browser is often used by attackers to carry out various forms...

What Is a Password Spraying Attack? Password spraying is a form of brute-force cyberattack in which threat actors attempt to access large numbers of accounts (usernames) with a few commonly used passwords. How Is Password Spraying Different From Other Brute–Force Attacks? Traditional brute-force attacks target a single account with multiple possible passwords. A password spraying...

Meterpreter is a Metasploit attack payload that provides an interactive shell from which an attacker can explore the target machine and execute code. Meterpreter is deployed using in-memory DLL injection. As a result, Meterpreter resides entirely in memory and writes nothing to disk. No new processes are created as Meterpreter injects itself into the compromised...

The HTTPS protocol is a staple of modern web communication, as it offers a high degree of security that’s sufficient for most circumstances utilizing strong TLS cryptography. But that doesn’t mean hackers have given up on HTTPS domains. One common method of attack is called HTTPS spoofing, in which an attacker uses a domain that...

Session hijacking, also known as cookie side-jacking, is another form of man-in-the-middle attack that will give a hacker full access to an online account. When you sign in to an online account such as Facebook or Twitter, the application returns a “session cookie,” a piece of data that identifies the user to the server and...

Also known as an “evil twin” attack, hackers perform Wi-Fi eavesdropping, a type of man-in-the-middle attack that tricks unsuspecting victims into connecting to a malicious Wi-Fi network. To perform Wi-Fi eavesdropping, a hacker sets up a Wi-Fi hotspot near a location where people usually connect to a public Wi-Fi network. This can be a hotel,...

Email hijacking is another form of man-in-the-middle attack, in which the hacker compromises and gain access to a target’s email account. The attacker then silently monitors the communications between the client and the provider and uses the information for malicious purposes. For instance, at an opportune moment, the attacker might send a message from the...

Another form of man-in-the-middle attack happens when a hacker manages to stage an SSL stripping scheme against the victim. As we mentioned previously, hackers can’t break into legitimate HTTPS traffic between a client and a server even if they manage to intercept and relay the communications. In the case of SSL stripping, the attackers downgrade...

Domain name system (DNS) is the technology that translates domain names (e.g. doubleoctopus.com) to the IP address of the server it corresponds to. DNS is one of the most important infrastructural protocols of the internet and it is meant, among other purposes, to ease communications and relieve humans of the trouble of memorizing the IP...

Every computer in a network is identified with an internet protocol (IP) address, which it uses to communicate with other devices on the same network. IP addresses come in different forms, the more common form, known as IPv4, gives each computer a 32bit identifier (e.g. 192.168.34.12). On some networks, security of digital assets and applications...

Mimikatz is a credential dumping open source program used to obtain account login and password information, normally in the form of a hash or a clear text password, from an operating system or software. Credentials can then be used to perform lateral movement and access restricted information. Mimikatz is a Windows x32/x64 program to extract...

In a Man-in-the-Middle (MitM) attack an attacker is able to insert himself into the communications channel between two trusting parties for the purpose of eavesdropping, data theft and/or session tampering. There are multiple ways an attacker can carry out the attack depending on the setup and type of communications channel established. One common example for...