Professional Documents
Culture Documents
Week 1 Attack Vectors Slides
Week 1 Attack Vectors Slides
The attack surface refers to all the possible vulnerabilities or potential entry points, an
unauthorised user (an attacker) can exploit to gain unauthorised access to an environment.
1. Compromised credentials
2. Weak and stolen credentials
3. Malicious insiders
4. Misconfiguration
5. Vulnerabilities
6. Malware
An attack vector can be classified as either:
An attacker captures the message from the sender and changes its contents
before sending the misleading message to the receiver.
Forms of active attacks
1. Masquerade
The main goal is identity and data theft. An attacker impersonates a
legitimate user to gain unauthorized access to network resources.
2. Repudiation
A user can deny having executed a certain action or initiated a malicious
transaction that caused a loss. It can be by the sender or receiver.
3. Replay
A threat actor eavesdrops on secure network communication, intercepts
it then delays or resends it to misdirect the receiver into doing what the
hacker wants.
4. Denial of Service
An attacker prevents a legitimate user from accessing network resources
such as a school management system or student portal.
Passive attack vector
1. Message Release
An attacker monitors the contents of data in transmission. The information could be in the
form of a telephonic conversation, an e-mail message or a transferred file.
2. Traffic Analysis
An attacker examines traffic coming and leaving the network without making any
changes. From the information, the attacker can guess the nature of the activities and
communications happening in the network. The attacker can further determine the
location and identity of the host in the network.
3. Eavesdropping
Eavesdropping is a common type of passive attack in which an attacker listens in on
conversations between two parties. This type of attack can be conducted through various
methods, such as packet sniffing, and allows attackers to gain sensitive information such
as passwords, credit card details, and other personal information.
4. Port Scanning
Port scanning is a passive attack in which an attacker examines a system to determine
which ports are open and what services are running on them. This information can help
attackers identify system vulnerabilities and plan attacks accordingly.
Social engineering attacks
Passive attacks can be conducted through various social engineering
attacks, such as;
1. Dumpster diving
2. Shoulder surfing
3. Baiting
4. Piggybacking and Tailgating
Similarities between active and passive attack vectors