Difference between revisions of "Attack"
From MgmtWiki
(→References) |
(→Full Title or Meme) |
||
| Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
| − | A program that attempts to exploit a [[Vulnerability]] | + | A program that attempts to exploit a [[Vulnerability]] in individual devices or programs typically thought a network connection. |
Note that the wiki page [[Attacks]] details some of the attacks that are know to have been exploited. | Note that the wiki page [[Attacks]] details some of the attacks that are know to have been exploited. | ||
Revision as of 15:17, 13 March 2024
Full Title or Meme
A program that attempts to exploit a Vulnerability in individual devices or programs typically thought a network connection.
Note that the wiki page Attacks details some of the attacks that are know to have been exploited.
Models
Threat models are assessed according models like the ISO 29115 standard (ISO/IEC JTC 1/SC 27 2013), which describes standardized attack vectors for an IT system:
- Online/offline guessing (repeatedly trying out the credentials or keys)
- Credential duplication (copy of credentials and their keys)
- Phishing (interception of credentials via fake websites/emails and social manipulation)
- Eavesdropping
- Replay attack (reuse of recorded messages)
- Session hijacking
- Man-in-the-middle attack (MitM; active attacker positions himself between the communication partners and pretends to be the respective counterparty)
- Credential theft
- Spoofing and masquerading
