adam's notes

Network Vectors

An exploit technique for any given software vulnerability can be classed as either remote or local:

  • Remote
    • vulnerability can be exploited by sending code to the target over a network
    • does not depend on an authenticated session with the system to execute
  • Local
    • exploit code must be executed from an authenticated session on the computer
    • attack could still occur over a network, but
      • threat actor needs to use some valid credentials or hijack an existing session to execute it

An unsecure network is one that lacks the attributes of confidentiality, integrity, and availability:

  • lack of confidentiality
    • threat actors are able to snoop on network traffic and recover passwords or other sensitive information
    • described as eavesdropping attacks
  • lack of integrity
    • threat actors are able to attach unauthorized devices
    • described as on-path attacks
  • lack of availability
    • threat actors are able to perform service disruption attacks
    • described as denial of service (DoS) attacks

A secure network uses an access control framework and cryptographic solutions to identify, authenticate, authorize, and audit network users, hosts, and traffic.

Unsecure Network Threats

  • Direct Access
    • threat actor uses physical access to the site to perpetrate an attack
    • e.g.,
      • getting access to an unlocked workstation
      • using a boot disk to try to install malicious tools
      • physically stealing a PC, laptop, or disk drive
  • Wired Network
    • threat actor with access to the site attaches an unauthorized device to a physical network port, and the device is permitted to communicate with other hosts
  • Remote and Wireless Network
    • attacker either:
      • obtains credentials for a remote access or wireless connection to the network
      • or cracks the security protocols used for authentication
    • Alternatively, the attacker spoofs a trusted resource, such as an access point, and uses it to perform credential harvesting
      • then uses the stolen account details to access the network
  • Cloud Access
    • attacker finds one account, service, or host with weak credentials to gain access to cloud
    • likely to target the accounts used to develop services in the cloud or manage cloud systems
    • may try to attack the cloud service provider (CSP) as a way of accessing the victim system
  • Bluetooth Network
    • threat actor exploits a vulnerability or misconfiguration to transmit a malicious file to a user’s device over the Bluetooth personal area wireless networking protocol
  • Default Credentials
    • attacker gains control of a network device or app because it has been left configured with a default password
  • Open Service Port
    • threat actor is able to establish an unauthenticated connection to a logical TCP or UDP network port

Graph View

Backlinks