Threats and Tools

To know how to protect identities well is to know the threats that are out there.

Corporate Account Takeover (CATO)

Corporate Account Takeover (CATO) is a type of account takeover (ATO), where the target account belongs to a business as opposed to an individual. Account takeover occurs when an attacker manages to gain unauthorized access to a legitimate account – access which he uses to carry out nefarious activities such as initiate a fraudulent payment or wire transfer, steal sensitive data, …

Credential Stuffing

Credential stuffing is the automated injection of stolen username (typically emails) and password pairs in order to gain unauthorized access to user accounts. Using automation tools, large numbers of compromised credentials are automatically entered into an application (typically a Web application) until success is achieved. Once account takeover is achieved, account data can be stolen, fraudulent transactions initiated, or the account …

Golden Ticket

A Golden Ticket attack is when an attacker has complete and unrestricted access to an entire domain – all computers, files, folders, and most importantly the access control system itself. Golden Ticket attacks can be carried out against Active Directory domains, where access control is implemented using Kerberos tickets issued to authenticated users by a Key Distribution Service. The attacker gains …

Shoulder Surfing

Shoulder surfing refers to the act of obtaining personal or private information through direct observation, for example, by looking over a person’s shoulder. It is also possible to observe a target using binoculars, video cameras (hidden or visible), and other optical devices. Typically the objective of shoulder surfing is to catch things like username and password combinations that can be later …

Advanced Persistent Threat (APT)

Advanced persistent threat (APT) is a general term that refers to sophisticated and persistent efforts to breach a computing device or network. The attack is often targeted at a specific resource or user, and perpetrated by very capable and well-funded attackers (e.g. government organizations). APT attacks can employ various attack tools and techniques that exploit known or zero-day vulnerabilities, including infected …

Address Resolution Protocol Poisoning (ARP Poisoning)

Address Resolution Protocol (ARP) poisoning is when an attacker sends falsified ARP messages over a local area network (LAN) to link an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is linked to an authentic IP address, the attacker can receive any messages directed to the legitimate MAC …

Man-in-the-Browser Attack (MitB)

Man-in-the-browser is a form of man-in-the-middle attack where an attacker is able to insert himself into the communications channel between two trusting parties by compromising a Web browser used by one of the parties, for the purpose of eavesdropping, data theft and/or session tampering. Man-in-the-browser is often used by attackers to carry out various forms of financial fraud, typically by manipulating …

Password Spraying (Low and Spray)

Password spraying is an attack that that attempts to access a large number of accounts (usernames) with a few commonly used passwords. Traditional brute-force attacks attempt to gain unauthorized access to a single account by guessing the password. This can quickly result in the targeted account getting locked-out, as commonly used account-lockout policies allow for a limited number of failed attempts …

Meterpreter

Meterpreter is a Metasploit attack payload that provides an interactive shell from which an attacker can explore the target machine and execute code. Meterpreter is deployed using in-memory DLL injection. As a result, Meterpreter resides entirely in memory and writes nothing to disk. No new processes are created as Meterpreter injects itself into the compromised process, from which it can migrate …

HTTPS spoofing

HTTPS websites can’t be spoofed. But that doesn’t mean hackers can’t create websites whose domains look very similar to that of the targeted website. HTTPS spoofing, also known as homograph attacks, replace characters in the targeted site’s domain with other non-ASCII characters that are very similar in appearance. The attack exploits a feature called Punycode, a standard that enables the registration …

Session Hijacking (Cookie side-jacking)

Session hijacking, also known as cookie side-jacking, is another form of man-in-the-middle attack that will give a hacker full access to an online account. When you sign into an online account such as Facebook or Twitter, the application returns a “session cookie,” a piece of data that identifies the user to the server and gives them access to their account. As …

Wi-Fi Eavesdropping (Evil Twin)

Also known as an “evil twin” attack, hackers perform Wi-Fi eavesdropping is a type of man-in-the-middle attack that tricks unsuspecting victims into connecting to a malicious Wi-Fi network. To perform Wi-Fi eavesdropping, a hacker sets up a Wi-Fi hotspot near a location where people usually connect to a public Wi-Fi network. This can be a hotel, a restaurant or your local …

Email hijacking

Email hijacking is another form of man-in-the-middle attack, in which the hacker compromises and gain access to a target’s email account. The attacker then silently monitors the communications between the client and the provider and uses the information for malicious purposes. For instance, at an opportune moment, the attacker might send a message from the victim’s account to their bank and …