Attack

From MgmtWiki
Revision as of 12:23, 19 January 2024 by Tom (talk | contribs) (Models)

Jump to: navigation, search

Full Title or Meme

A program that attempts to exploit a Vulnerability

Models

Threat models are assessed according models like the ISO 29115 standard (ISO/IEC JTC 1/SC 27 2013), which describes standardized attack vectors for an IT system:

  • Online/offline guessing (repeatedly trying out the credentials or keys)
  • Credential duplication (copy of credentials and their keys)
  • Phishing (interception of credentials via fake websites/emails and social manipulation)
  • Eavesdropping
  • Replay attack (reuse of recorded messages)
  • Session hijacking
  • Man-in-the-middle attack (MitM; active attacker positions himself between the communication partners and pretends to be the respective counterparty)
  • Credential theft
  • Spoofing and masquerading

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Attack&oldid=19649"