pain points module 4: cryptographic attacks Flashcards
(35 cards)
BIRTHDAY ATTACK
1) what is attacker trying to gain
2) core exploit/how it works
3) how to mitigate/protect from it
1) trying to trick a system by producing a hash collision, possibly tring to fake a signature or match a digital fingerprint. Faster than brute force.
2) core exploit: mathematical probability that 2 different inputs can generate the same hash in weak hashing algorithms. based on birthday paradox (you only need 23 people in the room for a 50% chance that 2 people will have the same bday)
3) mitigation: use strong, collision-resistant hash functions
What is credential stuffing?
1) attacker’s goal
2) core exploit/how it works
3) how to mitigate/protect from it
1) gain unauthorized access to accounts by reusing known leaked credentials.
2) user behavior: password reuse across different sites/services
3) Mitigate: MFA, monitor login anomalies, credential monitoring (eg haveibeenpwned.com)
Password spraying
1) attacker’s goal
2) core exploit/how it works
3) how to mitigate/protect from it
1) unauthorized access to user accounts
2) 1 password → many users (same system). bypass lockouts by trying a few known passwords for many accounts on the same system, not brute-forcing one user.
3) enforce account lockouts after a low number of tries; require strong passwords; monitor for multiple login attempts across many accts
Known plaintext attack
1) attacker’s goal
2) core exploit/how it works
3) how to mitigate/protect from it
1) learn key or encryption method by analyzing known plaintext + ciphertext
2) attacker’s access to both encrypted and unencrypted message and studies patterns. They may reverse-engineer the key, the algorithm behavior, or implementation flaws, allowing them to decrypt future messages
3) modern, strong encryption algos; don’t reuse keys; padding & initialization vectors
What’s the difference between hashing and encryption?
Hashing is one-way: input → hash. It’s used to verify integrity (e.g., password checks).
Encryption is two-way: plaintext ↔ ciphertext. You need a key to decrypt and read the message.
COLLISION ATTACK
1) attacker’s goal
2) core exploit/how it works
3) how to mitigate/protect from it
1) goal: find 2 different inputs that produce the same hash value, then use whatever files collide to shape the nature of your attack
2) exploits weak hash functions by generating two different inputs that produce the same hash output. This can let attackers substitute malicious files or bypass identity checks.
3) use strong hash functions; avoid using hashes for sensitive data without digital signatures
TYPES OF ATTACKS MNEMONIC
ARP POISONING
1) attacker’s goal
2) core exploit/how it works
3) how to mitigate/protect from it
address resolution protocol (arp)
1) goal: become a man-in-the-middle to intercept or manipulate network traffic on a LAN
2) core exploit: ARP doesn’t authenticate, it’s trust-based. anyoe can claim to be any IP/MAC
3) use dynamic arp inspection (DAI) on switches; implement static arp tables on critical systems; use VPNs or encrypted protocols to protect data in transit
RAINBOW TABLE
1) goal: crack a hashed password using precomputed hash values
2) core explit: hashes generated without salt can be reversed by matching to a table
3) strong hash algos + SALTING + strong passwords
TLS
transport layer security
- modern version of SSL
- provides encryption, data integrity
DNS
Domain name system
DNS server
a computer that responds to domain lookups
MAC address
Meda Access Control address
- unique hardware address burned into your computer’s NIC (network interface card)
- for devices on a LAN
NIC
network interface card
what is the global body that controls domains?
ICANN
what is cache?
temporary storage for data you’ve already used – so you can access it faster next time. faster and more specialized than ram.
explain DNS poisoning
- attacker trying to gain access to web traffic and credentials
- done by redirecting victim to a malicious site that looks leigit
- can also damage reputation
explain ARP poisoning
- attacker trying to gain access to local network traffic.
- they trick other devices into thinking their device is the router or another host
what happens when you click a url? (6 steps)
- Your browser asks itself: do i already know the IP for this domain?
- Recursive resolver (your ISP or public eg Google) asks root DNS server (managed by ICANN, etc): “who has the IP for tythedoghouseguy.com?”
- Root DNS server asks itself/TLD server: ‘where are .com domains managed?” sends answer to recursive resolver
4.TLD server asks itself/authoritative DNS “where is the DNS for this domain?” sends answer to recursive resolver
- Authoritative DNS Server (eg namecheap, cloudflare) asks itself (lookup zone file): “what’s the IP for tythedoghouseguy.com?” sends answer to recursive resolver
- recursive resolver sends answer to your browser. browser now asks web server: “can i get the webpage for / or /shop for this IP?” web server returns it
explain TLD
top-level domain
what is a recursive resolver
- a DNS server running DNS software
- job is to keep asking questions on your behalf until it gets a final answer, then send it back to your browser
- ask root server -> get referral to .com
- ask .com server -> get referral to DNS
- ask authoritative DNS -> get actual IP address
- return answer to your browser
DOS attack
1) attacker’s goal
2) core exploit/how it works
3) how to mitigate/protect from it
denial-of-service
1) attacker’s goal: make system/service unavailable to legit users
2) core exploit: overwhelm’s server’s finite resources (CPU, memory, bandwidth, ports) w junk traffic or malicious requests
2.5 ) how it works: sends a flood of requests so server spends all its time responding to junk and can’t serve real users
3) how to mitigate: rate limiting; web app firewalls (waf) intrustion prevention systems (ips), moitoring for unusual traffic
SLOWLORIS ATTACK
1) attacker’s goal
2) core exploit/how it works
3) how to mitigate/protect from it
1) goal: tie up web server’s available connections to block real users
2) core exploit: exploits how HTTP servers keep connections open waiting for full requests
2.5) how it works: sends incomplete HTTP requests, drip-feeding them slowly. server holds each connection open, thinking more data is coming….until it hits the limit of simultaneous connections
3) mitigate: timeout settings for HTTP headers/body; max concurrent connections per IP; reverse proxies/load balancer software
DDOS ATTACK
1) attacker’s goal
2) core exploit/how it works
3) how to mitigate/protect from it
distributed denial of service
1) goal: take down a service by overwhelming it with massive amounts of traffic from many sources
2) core exploit: volume and distribution – uses a botnet to send coordinated traffic attacks
2.5) how it works: many zombie computers flood a target with junk traffic. hard to block without also affecting real users bc it comes from everywhere
3) mitigation: cloud-based DDOS protection; geo0blocking or IP reputation filtering; traffic anomaly detection and blackholing
