2. When You have Network , You have given Access of your Social Life to that Network .
3. Top Network Attacks
• Ransomware - Attackers manages to get a malicious file onto
your servers with the use form of phishing . Using phishing
keystroke logging files also managed .
• IOT - It is a growing field . no. of devices are increasing and
attack on that can cause chaos on enormous scale due to
unsecured digital devices or old protocols used .
• Social Engineering - It implies deceiving someone with
purpose of acquire sensitive information , like passwords ,
credit cards . Clone Phishing is used in this
• MIM Attacks - Session Hijacking . Spoofing .
4. • DOS - Denial of service attack , it is malicious attempt to
make a server or network resource unavailable to users ,
usually by suspending the services of hosts .
• DDOS - Distributed Denial of Service Attack
• SQL Injection - It is an SQL code injection technique ,
used to attack data driven app , in which malicious queries
are inserted into entry field for execution .
6. • SSL(Secure Sockets Layer ) is protocol for establishing
encrypted links b/w server and browser .
• It is the predecessor to TLS .
• When server return pages with https links , attacker
changes them to http and when browser uses links , MITM
intercepts and creates its own https con with server
• Result MITM sees all the packets in that network .
• Using nectar and OpenSSL , 2 line proxy can be created .
• listen on 80 port on host and redirect requests to port 443.
SSL Stripping
7. • URL Misinterpretation - Web servers fails to parse the
URL properly . eg - Unicode/ Superflous decode attack .
• Directory Browsing - ability to retrieve complete directory
listing within directories on web server . usually happens
when default document is missing .
• Reverse proxy server - proxy that typically sits behind the
firewall in private network and direct client to backend
server and provides an additional level of abstraction .
eg Compaq Insight manager .
• Java Decompilation - Java Byte code can be decompiled
quite effectively and disclose sensitive info like password.
8. • Source Code Disclosure - Ability to retrieve app files in
unparsed manner and can recover code . the code then
can be used to find further loopholes/trophies.
• Input Validation - Root cause of most web attacks .
Tampering with hidden fields , Bypassing client side
checking eg javascript .
• Butter Overflows - flaw that occurs when more data is
written to buffer , can cause DOS . Application Input Fields
eg - ColdFusion Dos .
• Fragrouter - network intrusion detection evasion toolkit . It
implements Insertion , Evasion and DOS attack .