1.4 potential indicators associated with network attacks.

Question 1

Wireless Disassociation

Answer 1

DoS attack on the wireless network
sends forged deauthentication frames to a wireless access point or client device, causing the device to disconnect from the network
802.11 management frames are unencrypted
802.11w encrypted the frames

Question 2

Initialization vector (IV)

Answer 2

Cryptographic Nonce
a random number that’s used to provide a high level of security during encryption and decryption.
salt to hash

Question 3

on-path browser attack

Answer 3

a type of interception attack where an attacker places themselves between two devices and intercepts or modifies communications between the two.

The attacker can:
* Alter messages
* Insert malicious content
* Redirect the communication to a different destination
* Collect information
* Impersonate either of the two agents

Question 4

DNS Poisoning

Answer 4

modifies the DNS records
entering false information into a domain name server’s cache. This causes DNS queries to produce incorrect responses, which can send users to the wrong website.

Question 5

Domain Hijacking

Answer 5

Changes DNS Settings
* Denying the owner administrative access
* Spreading malware
* Conducting phishing attacks
* Redirecting traffic to other websites

Question 6

Powershell

Answer 6

.ps1
cmd for system admins
Active Directory

attackers can access files in AD and administer in the system

Question 7

Python

Answer 7

.py general purpose scripting language
works across all OS

attack scripting and infrastructure

Question 8

Shell/Bash Script

Answer 8

Linux cmd
#! shebang
control the OS

Question 9

Macros

Answer 9

application specific and is designed to make the application easier to use

attackers can create automated exploits within the application

Question 10

VBA

Answer 10

Visual Basic for Applications
Microsoft Office specific
automates processes within office applications

attackers gain access to OS