Password Attacks

Systems(attack vectors)
can be attacked via social engineering
or technical attacks

Technical attacks
are direct attacks on
software, system/networks,
hardware

Instead of physical attack like
phishing, attacker can attack
via malware

Viruses infects system,
by spreading copies of itself

Executed by some kind of
action, (opening infected file)

Every copy uses up
system resources,
makes system unusable
(like DoS)

resides or lives in the memory
hence Resident

Trys to Replicate outside of the
system

Deploys itself in hard drives
first sector,
and spreads via floppy disk
so when the machine
is booting up

not always active/available,
doesn't live in memory but copies itself
elsewhere (other networks), non-local
hence its non-resident

To avoid detection,
viruses have evolved to be more evasive
i.e. viruses have different defenses
or protections,
different ways of hiding

Layer of amour, makes functions
difficult to analyse (with heuristic)

Whenever it infects,
may hide the size, so
it appears like hasn't changed

Infects multiple areas/parts,
to make things difficult

Basically combines
different(multiple) attributes

Similar to boot sector
virus

More advanced
memory resident,

other types of malware,
that don't replicate
but instead just hides itself in plain sight

once its deployed on machine
it can self-replicate, continuously
copy itself

spreads itself to other machines,
across network and internet

Does this by exploiting
vulnerabilities, e.g. email attachments,
malicious links, file sharing.
Any feasible way of passing itself

Instead of replicating, they
hide in a popular tool

When Tool is sent to others,
those machines are also infected

like a trojan horse,
hides itself, and gives backdoor
access to originator

Lets say remote access
trojan is used for backdoor,
attacker may want
more access(permissions)

trojan downloads
malicious code for more permissions

used to give the attacker
root or admin privileges

basically performs privilege
escalation

like viruses, and trojans,
rootkit's like to hide themselves
to escape detection.

May find them in system processes
or outgoing network traffic.
They can attach to other processes
via process hooking

trigger
actions after an event
or after certain logic has
happen

allows
control of system (similar to RAT)

System becomes a robot
that is controlled by attacker

attacker(botnet master) can send
commands to bot and instruct bot
to perform the action

So it can be used to
do DDoS and distrupts
a service

malware that aims to stop or prevent
valuable files from being used.

valuable files
are encrypted,
and requires key to decrypt

to decrypt and regain access to
encrypted files, a ransom must be paid

Alternative malware
not used for attacks,
but a nuisance

comes in different forms
aka has different behaviours

Spy on the user,
collect personal info (PII) from machine,
websites they visit, location etc

tracks user activity and
reports back to originator
(like a trojan)

it changes browser homepage,
adds a bunch of sites to favourites

can say
adware is type of spyware
but more for advertising

basically tracks user interests,
like sites you visit.
aka web surfing habits

based on interests,
it displays associated ad,
so if browsing shoe sites,
will display show ad

ads might popups

Another type of
crypto malware
used for mining

Attackers use targets system
to mine crypto currencies

similar to other types of malware,
it hides within the system, unknown the user
and uses systems resources to mine

system resource usages
slows down the systems,
increases electricity use and
shortens device life span

a direct attack on
physical device,
(like shoulder surfing
in social engineering),

different physical
devices

A specially modified
swipe mechanism on ATM

could be installed over
the legit one
and used to steal the cards data

once card data is skimmed
the card can be cloned

training data for
autonomous vehicle can be tainted/changed
by modifying road signs

vehicle now uses incorrect
data to process,
this disrupt the vehicles functionality

Similar attack on
fraudulent detection system

Instead of disruption and manipulation,
or after trying those two,
attacker may try to gain access
via attack on login

if password is too simple,
aka, short, or is a common word pass,
could be vulnerable

weak pass, could allow
attacker to attempt login
trying every word in dictionary as password

there's More advance
type of attack,
relies on crypto analysis and
advanced algorithms

So using crytpo analysis,
and mathematical methods
to generate different combinations of
passwords

combinations make it
slower

combine both
brute-force and dictionary
into tool

basically an automated attack
uses a list of words (words list) and
attempts login with each word

Builds upon dictionary word list,
by adding various characters
and numbers for different
combinations.

So wordlist is combined
with the cryptanalysis to
generate different
pass combinations

Attacker doesn't have
plain passwords,
but has password hashes

Hash can be used
to retrieve password via
finding
pass in precomputed hash database

essentially cracking hash
to get password

use hashes to look up
pass within table and chains.
(More details in comments)

All attacks can be made easier
using older versions

For web protocols,
recent versions have latest
fixes applied. Older versions
will not, therefore has more vulnerabilities

Maybe possible to downgrade,
by using older browser,
as older browser wont have
update protocols

instead of password,
attack attempts login
using hash

Vulnerability found
in NTLM
(NT LAN Manager)

opposite

Bots could be used
to mine crypto

spraying(or trying) a single password
across different accounts
to avoid account lockout

instead of repeatedly trying different passes
for one account, try
the same pass for different login account

So instead of looking for
one specific hash match(collision),
this attack looks for any match(collision)

So putting some value
through hash function,
there is more likely to be a collision