Kerberos is a strong authentication protocol that can be used in an open unprotected network. Despite it’s strength, there are some attacks that can be done against Kerberos which are as follows: Kerberoasting is post-exploitation attack technique. In this attack, the attacker has a compromised authenticated user’s account in a domain and targets Service Accounts…
Category: Ethical Hacking
MITRE ATT&CK
MITRE ATT&CK® is a knowledge base of adversary tactics and techniques based on real world observations published by MITRE. This knowledge base can be used as the foundation for understanding the Cyber Attack patterns. The MITRE Attack Matrices covers the following categories The MITRE Attack chain has 14 Tactics that will be executed in order by…
Buffer Overflow
Buffer Overflow is a vulnerability in software due to improper boundary checks, where an attacker exploits the target system by writing overwhelming data to the software memory buffer to overflow the buffer’s capacity and then making the malicious data to be written in the adjacent memory location giving un-authorized access. There are two types of…
Password Hacking
Password Hacking is the process of breaking or cracking and obtaining passwords stored in the target system or when being transmitted between systems. The obtained passwords are used to access accounts on the target system to gain access and privilege access. Password Cracking, Password Breaking, Password Attack are other terms used for Password Hacking. The…
Tactics, Techniques and Procedures (TTPs)
Tactics, Techniques and Procedures (TTPs) are the attributes that depicts the patterns and behavior of a cyber security attack. It helps cyber security professionals to understand how threat actors perform attacks on a target. A cyber security attack is done in multiple stages across a period of time which can some days or months. The…
System Hacking
System hacking is where the attacker proceeds towards the ultimate goal after performing footprinting, scanning, enumeration, and exploitation. The goal can be to bring the service down and make it un-available or steal data or manipulate data. The general stages of System Hacking are as following: Stage 1 – Gaining Access Stage 2 – Privilege…
Difference between Vulnerability Analysis and Vulnerability Assessment
Vulnerability Analysis and Vulnerability Assessment are the same but the difference is that in Vulnerability Analysis, the attacker finds the vulnerabilities to exploit while in Vulnerability Assessment, an Ethical Hacker does the Vulnerability Analysis to help the organization to find the vulnerabilities and fix them to protect the organization from cyber security attacks.
Vulnerability Analysis
Vulnerability Analysis is process where an attacker discovers the various vulnerabilities that can be used to gain access of the target and then exploit to attain the attack objective.
Privilege Escalation
Privilege Escalation is the process where the attacker gains un-authorized access rights or higher-level privileges of software/program, network or system. This is the next phase of a cyber security attack after the Footprinting, Scanning, Enumeration, Vulnerability Analysis and Exploitation. Horizontal Privilege Escalation is where the attacker tries to gain the access other users like file…
Footprinting
Footprinting is the process in which an attacker gathers information about the target (a person or organization). It is the initial sub-phase of Reconnaissance phase of a Cyber Security attack. Types of Footprinting Passive Footprinting is process of gathering information about target without direct contact with the target from Internet, Open Source Intelligence (OSIN), Social Network…