Attack and Hack 2019 - Úvod Databáze Abecedně ATT&CK Matrix for Enterprise PRE-ATT&CK Techniques Mobile Techniques
ALL 2021 2020 2019 2018 2017 2016 2015 2014
Datum | Název | Typ | Info | |
24.12.19 | 2FA | Pokud vás dokáže útočník využívající útok MITM (Man-In-The-Middle, člověk uprostřed) podvést, abyste navštívili jeho podvrženou stránku, a vyzve vás k zadání vašich přihlašovacích údajů 2FA, je to v podstatě konec. | ||
24.12.19 | 2FA | Podobně jako u útoků MITM, pokud dokáže hacker dostat svůj škodlivý software do vašeho počítače, může upravit software, který se používá ve vašem procesu 2FA, a to buď k odcizení tajemství chráněných tokenem 2FA, nebo k použití již schválené autentizace pro přístup k něčemu v zákulisí. | ||
24.12.19 | 2FA | Specializovaný útok typu „člověk v koncovém bodu“ může mít podobu kompromitace softwaru souvisejícího se zařízením 2FA. Například k použití čipové karty v zařízení je potřebný software pro čipové karty, který čipovou kartu obsluhuje a rozumí jí. | ||
24.12.19 | 2FA | Mnoho hardwarových a softwarových tokenů 2FA generuje jednorázový kód, který je pro daného uživatele a zařízení jedinečný. | ||
24.12.19 | 2FA | Mnoho služeb včetně populárních webových stránek, které umožňují používat 2FA, ji nevyžadují, což ale samotný účel zavedení 2FA sabotuje. | ||
24.12.19 | 2FA | Existuje malé špinavé tajemství, které před vámi chtějí dodavatelé čipových karet tajit – každé zařízení/software 2FA jsou svázané s identitou uživatele/zařízení. Tato identita musí být v rámci autentizačního systému jedinečná. | ||
24.12.19 | 2FA | Vaše atributy biometrické totožnosti (např. otisky prstů nebo sken sítnice) lze ukrást a opakovaně používat. Přitom je velmi těžké bránit útočníkovi, aby je používal. | ||
24.12.19 | 2FA | Dnes jsou populární sdílená integrovaná autentizační schémata, jako je například oAuth, která umožňují uživateli přihlásit se jednou a znovu použít toto pověření (často v pozadí) k přihlášení k dalším službám a webovým stránkám. | ||
24.12.19 | 2FA | Jak stále více webových stránek umožňuje nebo vyžaduje 2FA, hackeři se naučili, jak to vyřešit pomocí sociálního inženýrství. | ||
24.12.19 | 2FA | Ztráta 2FA tokenů a jejich získání hackery není nic nového. Pokud web nebo služba používající přihlášení 2FA nepoužívá kontrolu špatných pokusů o přihlášení, mohou se útočníci pokoušet uhádnout PIN kód pro 2FA opakovaným zkoušením, dokud se netrefí. | ||
24.12.19 | 2FA | Je realističtější předpokládat, že je více webů a softwaru s přihlašováním 2FA, které obsahují chyby umožňující obejít 2FA, než webů, jež jsou zcela bezpečné. Zde je příklad (www.zdnet.com/article/uber-security-flaw-two-factor-login-bypass/), ale existují stovky dalších příkladů implementací 2FA s chybami. | ||
11.12.19 | CPU | Modern processors are being pushed to perform faster than ever before - and with this comes increases in heat and power consumption. To manage this, many chip manufacturers allow frequency and voltage to be adjusted as and when needed. But more than that, they offer the user the opportunity to modify the frequency and voltage through priviledged software interfaces. | ||
20.11.19 | CPU | iTLB multihit is an erratum where some processors may incur a machine check error, possibly resulting in an unrecoverable CPU lockup, when an instruction fetch hits multiple entries in the instruction TLB. This can occur when the page size is changed along with either the physical address or cache type. A malicious guest running on a virtualized system can exploit this erratum to perform a denial of service attack. | ||
20.11.19 | CPU | Starting with the second-generation Intel® Core™ Processors and Intel® Xeon® E3-1200 Series Processors (formerly codenamed Sandy Bridge) and later processor families, the Intel® microarchitecture introduces a microarchitectural structure called the Decoded ICache (also called the Decoded Streaming Buffer or DSB). | ||
13.11.19 | CPU | Trusted Platform Module (TPM) serves as a root of trust for the operating system. TPM is supposed to protect our security keys from malicious adversaries like malware and rootkits. | ||
13.11.19 | CPU | A new speculative vulnerability called ZombieLoad 2, or TSX Asynchronous Abort, has been disclosed today that targets the Transactional Synchronization Extensions (TSX) feature in Intel processors. | ||
13.11.19 | CPU | The RIDL and Fallout speculative execution attacks allow attackers to leak private data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your data to malicious websites. | ||
25.10.19 | DDoS Attack | Cache-Poisoned Denial-of-Service (CPDoS) is a new class of web cache poisoning attacks aimed at disabling web resources and websites. | ||
12.9.19 | SIM Attack | Following extensive research, AdaptiveMobile Security has uncovered a new and previously undetected vulnerability. This vulnerability is currently being exploited and is being used for targeted surveillance of mobile phone users. | ||
11.9.19 | CPU | NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). | ||
15.8.19 | Bluetooth |
A vulnerability tracked as CVE-2019-9506 and referred as Key Negotiation
of Bluetooth (KNOB) attack could allow attackers to spy on encrypted
connections. | ||
7.8.19 | CPU | The SWAPGS Attack, as they call it, circumvents the protective measures that have been put in-place in response to earlier attacks such as Spectre and Meltdown. Still, there is plenty of good news: Microsoft has already released Windows patches for the flaw that makes the attack possible and, even though feasible, the researchers don’t expect the attack to be exploited for widespread, non-targeted attacks. | ||
16.7.19 | App Attack | Below, I will describe two ‘app-in-the-middle’ attacks, where a malicious app is installed in the personal profile and acts as an agent to steal information from (and even control) the Work profile and hand it off to an attacker’s Command & Control server. | ||
12.6.19 | RAM Attack | The Rowhammer bug is a reliability issue in DRAM cells that can enable an unprivileged adversary to flip the values of bits in neighboring rows on the memory module. Previous work has exploited this for various types of fault attacks across security boundaries, where the attacker flips inaccessible bits, often resulting in privilege escalation. It is widely assumed however, that bit flips within the adversary’s own private memory have no security implications, as the attacker can already modify its private memory via regular write operations. | ||
15.5.19 | CPU Attack | After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them. | ||
14.5.19 | CPU Attack | New attacks extract data from CPU buffers. Two attacks dubbed RIDL and Falloutexploit a set of four vulnerabilities collectively known as Microarchitectural Data Sampling (MDS) vulnerabilities - a name given by Intel. The flaws affect Intel CPUs released since 2008, the researchers say. | ||
14.5.19 | CPU Attack | Researchers from VUSec - the Systems and Network Security Group at Vrije University in Amsterdam, and from the Helmholtz Center for Information Security (CISPA) have developed the RIDL (short for Rogue In-Flight Data Load) attack. | ||
12.4.19 | WPA 3 Attack | In this section we show how to perform password partition attacks, using the information obtained from our timing and cache attacks. This enables an adversary to recover the password of a target. 8.1 Partitioning a Dictionary In the first attack variant, our goal is to recover the password from a given dictionary. We accomplish this by repeatedly partitioning the dictionary into correct and incorrect password candidates. Practically, this is implemented by removing incorrect passwords from the dictionary during each partitioning step. | ||
12.4.19 | WPA 3 Attack | In this section we demonstrate that implementations of the hashto-curve algorithm of SAE may be vulnerable to cache-based sidechannel attacks. Similar to the timing attack against MODP groups, this will later on enable an adversary to recover a target’s password. 7.1 Background and Attack Goal The goal of our attack is to learn if the Quadratic Residue (QR) test in the first iteration of the hash-to-curve algorithm succeeded or not. | ||
12.4.19 | WPA 3 Attack | In this section we empirically show that the hash-to-group method that converts a password into a MODP element is vulnerable to timing attacks. The obtained info will later on be used in password partitioning attacks, allowing one to recover the victim’s password. 6.1 Background Up to this point, we assumed the SAE handshake is executed using elliptic curves. | ||
12.4.19 | WPA 3 Attack | To mitigate our downgrade to dictionary attack, a client should remember if a network supports WPA3-SAE. That is, after successfully connecting using SAE, the client should store that the network supports SAE. From this point onward, the client must never connect to this network using a weaker handshake. | ||
12.4.19 | WPA 3 Attack | The SAE handshake can be run using different elliptic curve or multiplicative groups mod p (i.e. ECP or MODP groups). The “Group Description” of gives an overview of supported groups. Additionally, the 802.11 standard allows station to prioritize groups in a user-configurable order | ||
12.4.19 | WPA 3 Attack | Our first attack is against WPA3-SAE transition mode. Recall from Section 2.2 that in this mode the AP is configured to accept connections using both WPA3-SAE and WPA2. This provides backward compatibility with older clients. Moreover, WPA2’s 4-way handshake detects downgrade attacks, meaning an attacker cannot trick a WPA3-capable client into successfully establishing a connection using WPA2. | ||
9.4.19 | ICS Attack | The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development teams are pushed to deliver highly advanced applications in record time — which means that writing every single line of code from the ground up is often not a sustainable practice. As the NIST puts it, “This ecosystem has evolved to provide a set of highly refined, cost-effective, reusable ICT solutions.” | ||
29.3.19 | LTE Attack | Every commercial eNB has a maximum capacity of active user connections based on their hardware and software specifications. The purpose of the BTS resource depletion attack is to deplete this capacity of the active RRC Connections, thereby preventing other users from connecting to the target eNB. | ||
29.3.19 | LTE Attack | Unlike the aforementioned attack that denies multiple users in an eNB, the Blind DoS attack denies a targeted UE by establishing RRC Connections spoofed as the victim UE. 1) Attack model: The attacker performs the attack within the area covered by the victim’s serving eNB. The attacker also knows the victim’s S-TMSI that can be obtained in three ways | ||
29.3.19 | LTE Attack | During our experiments, we discovered that operational MMEs have several implementation flaws that cause them to unnecessarily de-register the victim UE without notification. The detailed attack scenario is as below. 1) Adversary model: An adversary should be able to send malicious NAS messages to the MME in which the victim UE is registered. Typically, an MME manages a number of eNBs which are distributed throughout large geographical regions. | ||
29.3.19 | LTE Attack | 1) Adversary model: In this scenario, the adversary sends an SMS message to victim UE1 by spoofing the message sender using the phone number of victim UE2. To this end, the adversary knows the S-TMSI of UE2 to spoof the sender. The phone number of UE1, to which the actual SMS message is sent, is also known. In addition, we assume that the target LTE network provides the SMS through the NAS layer. 2) Attack procedure: ➀ The adversary starts by establishing a spoofed RRC Connection using the S-TMSI of UE2 | ||
29.3.19 | LTE Attack | 1) Adversary model: The adversary is located sufficiently close to the victim UE to trigger handover from an existing eNB to the adversary’s rogue LTE network. To this end, the rogue LTE network transmits an LTE signal with higher transmission power than commercial eNBs. Additionally, the adversary would have to know the list of Tracking Areas (TAs) to masquerade the rogue LTE network as a commercial one. A valid TA Code (TAC) can easily be captured in two ways | ||
29.3.19 | LTE Attack | In the case of a BTS resource depletion attack, it is impossible for an eNB to distinguish the adversary’s RRC Connection requests from benign RRC connection requests. A possible mitigation to this attack could be to reduce the inactivity timer value to allow an RRC Connection that is unresponsive to the Authentication request to expire. | ||
29.3.19 | LTE Attack | As discussed in Section V, both the Remote de-register attack and SMS phishing attack are rooted from incorrect implementation of the operational MMEs. Thus, these MMEs should be carefully implemented by strictly following the 3GPP standard. The AKA bypass attack is also rooted in the UE handling the mandatory security procedure incorrectly. Therefore, the UE should not proceed with any control plane procedures before completing the mandatory security procedure successfully. | ||
29.3.19 | LTE Attack | Many previous studies, employed a rogue BTS in a 2G/3G network. However, the Man in the Middle (MitM) attack in LTE networks received less attention . Rupprecht et al. showed that an LTE dongle could be used for eavesdropping and tampering if the dongle incorrectly allows null integrity to both the control and data plane. Hussain et al. demonstrated an Authentication relay attack to eavesdrop a victim UE’s data communication if the carrier uses null encryption to the data plane. | ||
29.3.19 | LTE Attack | Previous studies introduced DoS attacks that exploit vulnerabilities in LTE control plane procedures. Shaik et al. presented DoS attacks using plain reject messages (NAS TAU reject, Service reject and Attach reject). Raza et al. demonstrated two types of DoS attacks that were able to detach a user from the network: the first uses a plain NAS Detach request message and the other uses Paging with the user’s IMSI. Both studies showed that certain unprotected plain messages may cause denial of service to users. | ||
9.3.19 | Password | Password Spray Attack is quite the opposite of Brute Force Attack. In Brute Force attacks, hackers choose a vulnerable ID and enter passwords one after another hoping some password might let them in. Basically, Brute Force is many passwords applied to just one ID. | ||
4.3.19 | Hardware | Direct Memory Access (DMA) attacks have been known for many years: DMA-enabled I/O peripherals have complete access to the state of a computer and can fully compromise it including reading and writing all of system memory. With the popularity of Thunderbolt 3 over USB Type-C and smart internal devices, opportunities for these attacks to be performed casually with only seconds of physical access to a computer have greatly broadened. In response, commodity hardware and operatingsystem (OS) vendors have incorporated support for Input-Ouptut Memory Management Units (IOMMUs), which impose memory protection on DMA, and are widely believed to protect against DMA attacks. | ||
25.2.19 | Mobil/GSM | Short for "TRacking via Paging mEssage DistributiOn," TorPEDO is the most concerning attack that leverages paging protocol, allowing remote attackers to verify a victim device’s location, inject fabricated paging messages, and mount denial-of-service (DoS) attacks. | ||
25.2.19 | Mobil/GSM | The PIERCER (Persistent Information ExposuRe by the CorE netwoRk) attack, which enables an attacker with the knowledge of the victim’s phone number, a sniffer, and a fake base station in the victim’s geographical cell to associate the victim device’s IMSI with its phone number. | ||
25.2.19 | Mobil/GSM | In addition, the ToRPEDO attack also opens a door for two other new attacks—the PIERCER and IMSI-Cracking attacks, leading to the full recovery of the victim device's persistent identity (i.e., IMSI).Exist due to a design flaw, PIERCER (Persistent Information ExposuRe by the CorE netwoRk) attack enables an attacker to associate the victim device's unique IMSI with its phone number. | ||
14.1.19 | Protocol | Similar to ARP spoofing and all other spoofing attacks. In here attacker pretend to be a valid DHCP server. What attacker does is he reply for the hosts DHCP request before real DHCP server does. In the reply attacker defines a IP address to the host and false default gateway(could be attacker’s IP address). | ||
14.1.19 | Protocol | MAC address tables or CAM(Content Access Memory) tables are used on switches to track where to send traffic it received. When switch receives a frame it look its cam table for destination mac address. If mac address can be find in cam table packet will forward to the port(interface) assigned to that mac address. | ||
14.1.19 | Cloud | These types of threats occur when customers move one of their workloads into a public cloud environment, such as Amazon Web Services or Microsoft Azure, and use Direct Connect (or any other VPN tunnel) to move between the public cloud into the private cloud. An attacker who breaches one of the environments can then move laterally, under the radar of security tools. | ||
14.1.19 | Cloud | Malware injection attacks are done to take control of a user’s information in the cloud. For this purpose, hackers add an infected service implementation module to a SaaS or PaaS solution or a virtual machine instance to an IaaS solution. If the cloud system is successfully deceived, it will redirect the cloud user’s requests to the hacker’s module or instance, initiating the execution of malicious code. | ||
14.1.19 | Cloud | We’ve discussed some of the most common cloud computing attack vectors malicious actors use to achieve their goals. | ||
14.1.19 | Cloud | Insider attacks remain one of the top threats for various organizations, even if you don’t use cloud infrastructure. While most employees are trustworthy, it’s always a good idea to have a clear understanding of who has access to certain files and documents. | ||
13.1.19 | Web | Unicode characters can look the same to the naked eye but actually, have a different web address. Some letters in the Roman alphabet, used by the majority of modern languages, are the same shape as letters in Greek, Cyrillic, and other alphabets, so it’s easy for an attacker to launch a domain name that replaces some ASCII characters with Unicode characters. | ||