Attack
From MgmtWiki
Full Title or Meme
A program that attempts to exploit a Vulnerability
Models
Threat models are assessed according models like the ISO 29115 standard (ISO/IEC JTC 1/SC 27 2013), which describes standardized attack vectors for an IT system: ● Online/offline guessing (repeatedly trying out the credentials or keys) ● Credential duplication (copy of credentials and their keys) ● Phishing (interception of credentials via fake websites/emails and social manipulation) ● Eavesdropping ● Replay attack (reuse of recorded messages) ● Session hijacking ● Man-in-the-middle attack (MitM; active attacker positions himself between the communication partners and pretends to be the respective counterpart) ● Credential theft ● Spoofing and masquerading
