|
|
Hackers Capabilities
|
|
|
Hackers Capabilities
Introduction:
It is critical that we present in Image #1 a rough image of cloud, software, hardware,
internal hackers, security layers and external attacks. Images #2 is what we call analysis
of hackers attacks and the relationship of attacks and networks tiers. Sadly, hackers have
the upper hand since system are sitting docks for target practice. Not to mention there plenty of
items to attack at anytime or at attackers convenience. Coordination of attacks with the support of
Artificial Intelligence are growing, getting more sophisticated and have devastating damages and
lose of revenues.
Image #1
Image #2
Looking at Image #2, anyone can see that hackers did not leave any room without lunching
multiple level and types of attacks. Zero-Day Attack, Reverse-Engineer of Patch Code and Internal
Hackers are the toughest challenges which Cybersecurity must deal with.
Outside Networks:
Cyber Attack Name
|
Brief Description
|
Phishing on clients side
|
Phishing is the practice of sending fraudulent communications that appear to come
from a reputable source, usually through email. The goal is to steal sensitive data
like credit card and login information or to install malware on the victim’s
machine. Phishing is an increasingly common cyberthreat.
|
Spear Phishing
|
Spear phishing is an email aimed at a particular individual or organization, desiring
unauthorized access to crucial information. These hacks are not executed by random
attackers but are most likely done by individuals out for trade secrets, financial gain,
or military intelligence.
|
Pharming
|
Pharming is online fraud that involves the use of malicious code to direct victims to spoofed
websites in an attempt to steal their credentials and data. Pharming is a two-step process that
begins with an attacker installing malicious code on a victim's computer or server.
|
Malware
|
Malware is a term used to describe malicious software, including spyware, ransomware,
viruses, and worms. Malware breaches a network through a vulnerability, typically
when a user clicks a dangerous link or email attachment that then installs risky software.
Once inside the system, malware can do the following:
Blocks access to key components of the network (ransomware)
Installs malware or additional harmful software
Covertly obtains information by transmitting data from the hard drive (spyware)
Disrupts certain components and renders the system inoperable
|
Cross-site scripting (XSS)
|
Cross-site scripting attacks are quite similar to SQL injection attacks, although instead of
extracting data from a database, they are typically used to infect other users who visit the
site. A simple example would be the comments section on a webpage.
If the user input isn’t filtered before the comment is published, an attacker can publish a malicious
script that is hidden in the page. When a user visits this page, the script will execute and
either infect their device, or be used to steal cookies or perhaps even be used to extract
the user’s credentials. Alternatively, they may just redirect the user to a malicious website.
|
Ransom-ware
|
Ransomware is a type of malware that blocks access to the victim’s data and threatens to publish
or delete it unless a ransom is paid. While some simple computer ransomware can lock the system
in a way that is not difficult for a knowledgeable person to reverse, more advanced malware
uses a technique called cryptoviral extortion, which encrypts the victim’s files in a way that
makes them nearly impossible to recover without the decryption key.
|
Spoofing
|
IP spoofing is used by an attacker to convince a system that it is communicating with a known,
trusted entity and provide the attacker with access to the system. The attacker sends a packet
with the IP source address of a known, trusted host instead of its own IP source address
to a target host. The target host might accept the packet and act upon it.
|
Malvertising
|
Malvertising or malicious advertising is a technique that cybercriminals use to inject
malware into users' computers when they visit malicious websites or click on an ad
online. Malvertising may also direct users to a corrupted website where their data can
be stolen or malware can be downloaded onto their computer.
|
Rogue Security Software
|
Rogue software – also known as rogue malware – is software used in internet fraud
that relies on malicious code to trick users into believing that their device is
infected by a virus and gets them to pay for a fake malware removal service.
|
Drive-by
|
A drive-by attack, also known as a drive-by download attack, refers to a cyberattack in
which a malicious script causes a program to download and install itself on a user
device, without explicit permission from the user. It can happen on any user device,
running any operating system.
|
Drive-by-Downloads Attack
|
A drive-by attack, also known as a drive-by download attack, refers to a cyberattack in
which a malicious script causes a program to download and install itself on a user
device, without explicit permission from the user. It can happen on any user device, running
any operating system.
|
Internet:
Cyber Attack Name
|
Brief Description
|
Distributed Denial of Service
|
A Distributed Denial of Service (DDoS) attack is designed to force a website, computer,
or online service offline. This is accomplished by flooding the target with many requests,
consuming its capacity and rendering it unable to respond to legitimate requests.
|
Botnets
|
A botnet is a network of devices that has been infected with malicious software, such
as a virus. Attackers can control a botnet as a group without the owner’s knowledge
with the goal of increasing the magnitude of their attacks. Often, a botnet is used to
overwhelm systems in a distributed-denial-of-service attack (DDoS) attack.
|
Smurf
|
Sends Internet Control Message Protocol (ICMP) echo requests to the victim's IP address. The
ICMP requests are generated from 'spoofed' IP addresses. Attackers automate this process and
perform it at scale to overwhelm a target system.
|
TCP SYN Flood
|
Attacks flood the target system with connection requests. When the target system attempts
to complete the connection, the attacker's device does not respond, forcing the target system
to time out. This quickly fills the connection queue, preventing legitimate users from connecting.
|
Teardrop
|
Causes the length and fragmentation offset fields in IP packets to overlap. The targeted system
tries to reconstruct packets but fails, which can cause it to crash.
|
Ping of Death
|
Pings a target system using malformed or oversized IP packets, causing the target system to crash or freeze.
|
Man in the Middle
|
When users or devices access a remote system over the internet, they assume they are communicating
directly with the server of the target system. In a MitM attack, attackers break this assumption, placing
themselves in between the user and the target server. Once the attacker has intercepted communications, they
may be able to compromise a user's credentials, steal sensitive data and return different responses to the user.
|
Session Hijacking
|
An attacker hijacks a session between a network server and a client. The attacking computer substitutes
its IP address for the IP address of the client. The server believes it is corresponding with the client
and continues the session.
|
IP spoofing
|
IP Spoofing - use some else (trusted) IP address instead of yours (attacker):
An attacker convinces a system that it is corresponding with a trusted, known entity. The system thus provides
the attacker with access. The attacker forges its packet with the IP source address of a trusted host, rather
than its own IP address.
|
Replay
|
A cybercriminal eavesdrops on network communication and replays messages at a later time, pretending to
be the user. Replay attacks have been largely mitigated by adding timestamps to network communications.
|
Eavesdropping
|
Attackers leverage insecure network communication to access information transmitted between client and
server. These attacks are difficult to detect because network transmissions appear to act normally.
|
AI-Powered
|
Artificial intelligence can be easily dismissed as another tech buzzword. However, it is
already being employed in everyday applications through an algorithmic process referred to
as machine learning. Machine learning software is aimed at training a computer to perform
particular tasks on its own. They are taught to accomplish tasks by doing them repeatedly
while learning about certain obstacles that could hinder them.
AI can be used to hack into many systems including autonomous vehicles and drones, converting
them into potential weapons. AI makes cyber attacks such as identity theft, password cracking,
and denial-of-service attacks, automated, more powerful and efficient. It can also be used to
kill or injure people, steal money, or cause emotional harm. Larger attacks can as well be
used to affect national security, shut down hospitals, and cut power supplies to entire regions.
|
Internal System:
Cyber Attack Name
|
Brief Description
|
Password Attacks
|
A password attack, as you may have already guessed, is a type of cyber-attack where
an attacker tries to guess, or “crack” a user’s password. There are many different
techniques for cracking a user’s password, although an explanation of these different
techniques is beyond the scope of this article.
However, some examples include the Brute-Force attack, Dictionary attack, Rainbow
Table attack, Credential Stuffing, Password Spraying and the Keylogger attack. And
of course, attackers will often try to use Phishing techniques to obtain a user’s password.
|
Brute force
|
A brute force attack is a hacking method that uses trial and error to crack passwords,
login credentials, and encryption keys. It is a simple yet reliable tactic for gaining
unauthorized access to individual accounts and organizations' systems and networks.
|
Phishing internal
|
Phishing is a type of social engineering attack where an attacker poses
as a legitimate entity, such as a bank or email provider, and sends fraudulent
emails or messages to trick users into sharing sensitive information, such as
login credentials.
For example, data breaches caused by employees mishandling sensitive information
or unauthorized access to confidential data can be considered internal threats. On
the other hand, external threats are risks that arise from outside the organization.
|
Business Email Compromise
|
A BEC attack is where the attacker targets specific individuals, usually an employee
who has the ability to authorize financial transactions, in order to trick them into
transferring money into an account controlled by the attacker.
BEC attacks usually involve planning and research in order to be effective. For
example, any information about the target organization’s executives, employees,
customers, business partners and potential business partners, will help the attacker
convince the employee into handing over the funds.
BEC attacks are one of the most financially damaging forms of cyber-attack.
|
Ransomware
|
Ransomware is a type of malware that locks and encrypts a victim's data, files, devices
or systems, rendering them inaccessible and unusable until the attacker receives a ransom
payment. The first iterations of ransomware used only encryption to prevent victims from
accessing their files and systems.
|
Spyware
|
Spyware is malicious software that enters a user's computer, gathers data from
the device and user, and sends it to third parties without their consent. A commonly
accepted spyware definition is a strand of malware designed to access and
damage a device without the user's consent.
|
Viruses
|
A computer virus is a type of malicious software, or malware, that spreads between
computers and causes damage to data and software. Computer viruses aim to disrupt
systems, cause major operational issues, and result in data loss and leakage.
|
Macro Viruses
|
A macro virus is a computer virus written in the same macro language used to create
software programs such as Microsoft Excel or Word. It centers on software applications
and does not depend on the operating system (OS). As a result, it can infect any computer
running any kind of OS, including Windows, macOS and Linux.
An example of a macro virus is the Melissa virus, which was first discovered in 1999. The
Melissa virus was written in the Visual Basic for Applications (VBA) macro language and was
spread through infected Microsoft Word documents.
|
Trojan
|
A Trojan Horse Virus is a type of malware that downloads onto a computer disguised
as a legitimate program. The delivery method typically sees an attacker use social
engineering to hide malicious code within legitimate software to try and gain users'
system access with their software.
|
Worms
|
In this definition of computer worms, the worm virus exploits vulnerabilities in your
security software to steal sensitive information, install backdoors that can be used to
access the system, corrupt files, and do other kinds of harm. Worms consume large volumes
of memory, as well as bandwidth.
A computer worm is a standalone malware computer program that replicates itself in order
to spread to other computers. It often uses a computer network to spread itself, relying
on security failures on the target computer to access it. It will use this machine
as a host to scan and infect other computers.
|
RootKit
|
A rootkit is a type of malware designed to give hackers access to and control
over a target device. Although most rootkits affect the software and the operating
system, some can also infect your computer's hardware and firmware.
A rootkit is a program or a collection of malicious software tools that give a threat
actor remote access to and control over a computer or other system.
|
Remote Access
|
Remote access trojans (RATs) are malware designed to allow an attacker to remotely
control an infected computer. Once the RAT is running on a compromised system, the
attacker can send commands to it and receive data back in response. 2022 Security Report
Demo Endpoint RAT Protection.
What are the characteristics of remote access Trojan?
Remote Access Trojans often mimic similar behaviors of keylogger applications by allowing
the automated collection of keystrokes, usernames, passwords, screenshots, browser history,
emails, chat lots, etc.
|
Blended Threat
|
A blended threat is a software exploit that involves a combination of attacks against
different vulnerabilities. Blended threats can be any software that exploits techniques
to attack and propagate threats, for example worms, trojan horses, and computer viruses.
Blended threats are bundles of malicious programs that combine the functionality of
different types of malware such as Trojans, worms, and backdoors. A blended threat
often involves an infection chain that begins with a user visiting a website and then
diverted to a malicious URL.
|
SQL Injection
|
A Structured Query Language (SQL) injection occurs when an attacker inserts malicious code
into a server that uses SQL and forces the server to reveal information it normally would
not. An attacker could carry out a SQL injection simply by submitting malicious code into
a vulnerable website search box.
|
DNS Tunneling
|
DNS tunneling utilizes the DNS protocol to communicate non-DNS traffic over port 53. It sends
HTTP and other protocol traffic over DNS. There are various, legitimate reasons to utilize
DNS tunneling. However, there are also malicious reasons to use DNS Tunneling VPN services. They
can be used to disguise outbound traffic as DNS, concealing data that is typically shared
through an internet connection. For malicious use, DNS requests are manipulated to exfiltrate
data from a compromised system to the attacker’s infrastructure. It can also be used for
command and control callbacks from the attacker’s infrastructure to a compromised system.
|
Crypto mining Malware
|
Cryptomining malware, or 'cryptojacking,' is a malware attack that co-opts the
target's computing resources in order to mine cryptocurrencies like bitcoin. This
malware uses a systems CPU and sometimes GPU to perform complex mathematical
calculations that result in long alphanumeric strings called hashes
|
Crypto jacking
|
Cryptojacking is where cyber criminals compromise a user’s computer or device and use it
to mine cryptocurrencies, such as Bitcoin. Cryptojacking is not as well-known as other
attack vectors, however, it shouldn’t be underestimated.
Organizations don’t have great visibility when it comes to this type of attack, which means
that a hacker could be using valuable network resources to mine a cryptocurrency without
the organization having any knowledge of it. Of course, leaching resources from a company
network is far less problematic than stealing valuable data.
|
Zero-Day Exploit
|
A zero-day exploit hits after a network vulnerability is announced but before a patch or
solution is implemented. Attackers target the disclosed vulnerability during this window
of time. Zero-day vulnerability threat detection requires constant awareness.
|
Birthday Attack
|
A birthday attack is a brute-force collision attack that exploits the mathematics
behind the birthday problem in probability theory. This attack can be used to abuse
communication between two or more parties.
During a birthday attack, the attacker tries to find two different input messages that
produce the same hash value, called a collision. By finding a collision, the attacker
can deceive a system into believing that two other notes are identical. For instance,
they can forge a digital signature or crack a password hash.
|
Wiper Malware
|
In computer security, a wiper is a class of malware intended to erase the hard
drive or other static memory of the computer it infects, maliciously deleting
data and programs.
What is the difference between wiper malware and ransomware?
Wiperware's objective isn't financial gain—it's destruction.
Ransomware encrypts a victim's files or locks them out of their system but
offers a decryption key or restored access for a ransom. Wiperware, on the other
hand, was created to destroy or "wipe" data on a targeted system or network.
|
Insider Attacks
|
An insider attack is a malicious attack perpetrated on a network or computer
system by a person with authorized system access.
An insider threat is a perceived threat to an organization that comes from people
within the organization, such as employees, former employees, contractors or
business associates, who have inside information concerning the organization's s
ecurity practices, data and computer systems.
|
Advanced Persistent Threats
|
An advanced persistent threat is a stealthy threat actor, typically a state or
state-sponsored group, which gains unauthorized access to a computer network and
remains undetected for an extended period.
An advanced persistent threat (APT) is a prolonged and targeted cyber attack in
which an intruder gains access to a network and remains undetected for an extended
period. APT attacks are initiated to steal highly sensitive data rather than cause
damage to the target organization's network.
|
Data Breach
|
A data breach is a security violation, in which sensitive, protected or confidential
data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized
to do so. Other terms are unintentional information disclosure, data leak, information
leakage and data spill.
A data breach is any security incident in which unauthorized parties gain access to sensitive
or confidential information, including personal data (Social Security numbers, bank account
numbers, healthcare data) or corporate data (customer data records, intellectual property,
financial information).
|
Data poisoning
|
Data poisoning, as its name suggests, involves the deliberate and malicious contamination
of data to compromise the performance of AI and ML systems. Unlike other adversarial
techniques that target the model during inference (e.g., adversarial perturbations),
data poisoning attacks strike at the training phase.
For example, Google's artificial intelligence algorithms have been tricked into seeing
turtles as rifles, a Chinese firm convinced a Tesla to drive into oncoming traffic, and
countless more.
|
Drive-by-Downloads Attack
|
Can hack websites and insert malicious scripts into PHP or HTTP code on a page. When users visit the page, malware
is directly installed on their computer; or the attacker's script redirects users to a malicious site, which performs
the download. Drive-by downloads rely on vulnerabilities in browsers or operating systems.
|
Application Vulnerabilities - Exploit Kit
|
An exploit kit is a toolkit that bad actors use to attack specific vulnerabilities
in a system or code. Once they take advantage of these vulnerabilities, they perform
other malicious activities like distributing malware or ransomware.
Difference between Vulnerability and Exploit
Vulnerability: A vulnerability is a weakness in a system, network or application.
Exploit: A tool used to take advantage of the vulnerability.
In simple terms, a vulnerability can be defined as a weakness or flaw in a system
or software that can potentially be exploited to compromise its security.
|
OS Command Injection
|
OS command injection vulnerabilities arise when an application incorporates user data into
an operating system command that it executes. An attacker can manipulate the data to cause
their own commands to run.
What is OS command injection vulnerability?
OS command injection is also known as shell injection. It allows an attacker to execute
operating system (OS) commands on the server that is running an application, and typically
fully compromise the application and its data.
What is command injections?
Command injection is an attack in which the goal is execution of arbitrary commands on the
host operating system via a vulnerable application. Command injection attacks are possible
when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.)
to a system shell.
What is an example of code injection?
Code injection is the malicious injection or introduction of code into an application. Some
web servers have a guestbook script, which accepts small messages from users, and typically
receives messages such as: Very nice site! If another user views the page then the injected
code will be executed.
|
What are common security threats OS?
Cyber Attack Name
|
Brief Description
|
Trap Door
|
Trap Door – A trap door is a defect in the computer code that allows malicious actors
to exploit the flaw and gain access to valuable information. Trojan Horse – A Trojan
Horse traps and stores user login credentials, to send to malicious hackers who can
use them to log in by impersonating the real and authorized user.
What are the different types of trapdoors?
In general, there're three types of trapdoors: one-way, two-way, and one-time trapdoors.
|
Logic Bomb
|
A logic bomb is a piece of code intentionally inserted into a software system that will
set off a malicious function when specified conditions are met. For example, a programmer
may hide a piece of code that starts deleting files, should they ever be terminated from
the company.
What is meant by logic bomb?
A logic bomb is a type of malicious code embedded in software that remains dormant until
specific conditions are met. When triggered, a logic bomb virus executes a destructive
action, such as deleting files or disrupting critical systems.
|
Stack and Buffer Overflow
|
In software, a stack buffer overflow or stack buffer overrun occurs when a program
writes to a memory address on the program's call stack outside of the intended data
structure, which is usually a fixed-length buffer.
What is the difference between stack overflow and buffer overflow?
What is a stack overflow error?
A stack overflow is a type of buffer overflow error that occurs when a computer
program tries to use more memory space in the call stack than has been allocated to that stack.
|
Viruses
|
A computer virus is a type of malicious software, or malware, that spreads between
computers and causes damage to data and software. Computer viruses aim to disrupt
systems, cause major operational issues, and result in data loss and leakage.
What is virus in operating system?
A computer virus is a program that spreads by first infecting files or the system
areas of a computer or network router's hard drive and then making copies of
itself. Some viruses are harmless, others may damage data files, and some may
destroy files.
|
Password Assault
|
A password attack is any attempt to exploit a vulnerability in user authorization
within a digital system. And just as there are a near-infinite number of possible
passwords, there are many different methods that a cybercriminal may employ to
maliciously authenticate into a secure account.
|
Hypervisor:
List of Hypervisor Vulnerabilities
Cyber Attack Name
|
Brief Description
|
Denial of Service
|
A denial-of-service attack floods systems, servers, or networks with traffic to
exhaust resources and bandwidth. As a result, the system is unable to fulfill
legitimate requests. Attackers can also use multiple compromised devices to launch
this attack. This is known as a distributed-denial-of-service (DDoS) attack.
|
Code Execution
|
Remote code execution attacks generally occur via vulnerabilities in web applications
and network infrastructure. Remote code execution vulnerabilities are flaws in software
that allow an attacker to run malicious code on a target system.
|
Running Unnecessary Services
|
These flaws can lead to the device being compromised or to Denial of Service (DoS) attacks
rendering the device and/or services unavailable. Therefore, network services unnecessary
for the intended purpose or operation of that device should be removed or disabled to
reduce the overall risk.
|
Memory Corruption
|
Memory corruption occurs in a computer program when the contents of a memory location are
modified due to programmatic behavior that exceeds the intention of the original programmer
or program/language constructs; this is termed as violation of memory safety.
Memory corruption can be described as the vulnerability that may occur in a computer system
when its memory is altered without an explicit assignment. The contents of a memory location
are modified due to programming errors which enable attackers to execute an arbitrary code
|
Non-updated Hypervisor
|
the virtualized environment relies on the hypervisor for a robust security posture. Any
issues affecting the hypervisor will impact all virtual machines running on top of
it. So, it's essential to use a hypervisor with built-in safeguard measures to secure
the workload's integrity.
Improved security:
Virtual machines run on the same host computer, but are logically isolated from each
other, and therefore have no dependence on other virtual machines. Any crashes, attacks, or
malware on one VM will not affect others. Hypervisors are extremely secure.
Enables the ability to create virtual machines instantly. Improves efficiency by only
needing one physical server instead of multiple. Allows you to be hardware-agnostic
since the hypervisor separates the operating system from the underlying hardware.
|
PC and Hackers:
Keyboard Strokes
|
Hackers can track every single keystroke you enter through computer system
keyboard, including passwords and usernames.
For example, keylogger Trojan
virus is a program that logs keystrokes. Keyloggers are a form of spyware
where users would not know that their keystrokes are being tracked.
Another aoftware is SpyAgent PC which is an activity tracker.
It can track computer activities such as keypresses, clicks, software used, browsing history, and more.
|
Screenshots
|
Can hacker see your screen?
Hackers can gain access to your computer monitor and monitor and manipulate what you see on your screen.
Screenshot:
There is a malware which has been named Zacinlo and first it appeared in 2012. It allows
attackers to take screenshots of infected machines' desktops. Zacinlo is delivered
by rootkit, a malicious form of software which can manipulate the operating
system. It makes the computer oblivious to its existence.
|
Packet Interception
|
What is a Web packet?
A packet is a small amount of data sent over a network, such as a LAN or the Internet. Each
packet includes a source (the starting Router) and destination (the end router) as well
as the content (data) being transferred.
How do hackers intercept packets?
Packet sniffers work by intercepting and logging network traffic via the wired or wireless
network interface on its host computer.
Inbound and Outbound Packets:
Inbound refers to connections coming-in to a specific device (host/server) from a remote location.
Any packet going out of the router is considered as outbound.
A Web Browser connecting to your Web Server is an inbound connection (to your Web Server).
Outbound refers to connections going-out to a specific device from a device/host.
Regardless of inbound or outbound packets, hackers can still get a copy of each.
What can hacker do with packet?
Once a packet is captured in real-time, it is stored for a period of time so that it can be
analyzed, and then either be downloaded, archived or discarded. Hackers use packet sniffers
to spy on network user traffic and collecting personal data such as passwords.
|
Cache
|
What is Cache Data?
Cached data (text, images and forms) is information stored on your computer or device after you
visit a website. Developers use cached data to improve-speed your online experience.
Can cache be used to hack?
Hackers could use Cache data to launch an attack which is a security risk.
Web Cache Poisoning Attacks:
Hackers use such method to divert traffic from legitimate
web servers to their own malicious ones, where unsuspecting users can be re-routed to
booby-trapped websites and served with malware.
Can cache history leak private data?
Cached images pose a threat of leaking personal and private information to hackers.
|
Cookies
|
What is a Cookie?
An HTTP cookie is a small piece of data (string) sent from a site (web server) to a user's web
browser. Every time the user visits the site, the browser sends the cookie back to the server
to notify the user's previous activity. In a nutshell, a cookie is a string of information
that a site's web server stores on the browser's side and gets it back when the user visits the site.
Misuse of Cookies:
Cookies' developers have been loading cookies with data to make their tasks easier. Sadly loaded
cookies with data can be used by hackers to gain information about users and site servers. Third-party
tracking cookies are commonly used as ways to compile long-term records of individuals' browsing
histories; which is a potential privacy concern. Third-party tracking cookies are shared by different
vendors for personalizing and customizing web pages.
Issues with Cookies?
The problem is cookies are being misused and mobile vendors are restricting the number of cookies
and usage on mobile platforms. Not to mention Apple and Google have their own unique approach, Apple
has Universal Device Identifiers (UDID) and Google has an identifier all of its own.
|
System Control
|
Can hackers run their code on your computer?
Unless your computer is turned off, hackers' program installed on your system
will run your system with or without your approval.
Hackers have been known to store their software programs on their victims' computers.
Hackers are coming through your computer ports and network connections.
|
Attack Other Computers
|
Your computer can be used to attack other computers.
Hackers have the ability to take over a computer or thousands of them, to
launch an attack on a website they have targeted.
This is known as Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks.
|
Operating System
|
Operating systems can also be hacked and rendered helpless.
|
Reverse Engineering
|
What is Decompiling code?
A decompiler is a software which turns an executable program into source code.
The conversion is usually not a perfect one and sometimes reconstructing or restructuring
the source may require a lot of effort, talent and time. With patience, time and team
work, the result can be rewarding especially for hackers who need to know how to add their
code without detection.
What is Reverse Engineering?
Reverse Engineering is the analysis of a device or program to determine its function or
structure, often with the intent of re-creating or modifying it. Reverse engineering can
be used by hackers to add their malicious code without detection, while Cybersecurity
specialists use reverse engineering to detect malicious code. It is a never-ending cycle
of outsmarting each other.
|
To summarize what is listed in the table, hackers have a lot of options, tools, code,
tricks, ..etc to access and cause damages to any system.
Therefore hackers can:
1. Have a copy of the Cookies
2. Intercept packets
3. Track user's keystrokes
4. See users' screens
5. Run users' system
6. Run operating system,
7. Educate themselves on users' habits and history of users' actions using Cache
8. Use users' computer to attack other system
9. Use Reverse engineering to learn about application plus add their malicious code
10. Use Artificial Intelligence to hack
11. Use Machine Learning to hack
Assumption and Methodology:
With the assumption that hackers can:
1. See (screenshots) what users are doing
2. Listen (keyboard strokes)
3. Run the show (run their code)
4. Know how your applications and operating systems work and manipulate them (Reverse Engineering)
5. Know your habits and tendencies (tracking Cache and Cookies)
6. Track data (Packets stiffening)
7. Hide within victims' systems
8. ..etc
|
|