8.1 - System Hacking

 8.1 - System hacking 

 

Key Terms: 

    • Brute force – A password cracking technique where the hacker tests for every possible combination until the password is cracked. 
    • Rainbow attack – A hash cracking technique where a pre-computed wordlist is used along with their hashes for quick comparison and authentication. 
    • Dictionary attack – A password cracking technique that uses words from the dictionary. It can also include extensions such as common passwords and symbol substitutions. 
    • Password salting – Adding random bits of data to a password before it is stored as a hash to make hash cracking much harder. 
    • Keylogger A malicious program that records and stores every keystroke on a computer. 

 

Non-Technical Password Attacks 

    • Dumpster diving – An attacker can search through physical rubbish discardation sites to find paper that has passwords and other sensitive information on it. 
    • Social engineering – This is when ana attacker relies on human error to extract passwords and sensitive information from insider stakeholders. 
    • Shoulder surfing – An attacker watches someone physically type their password in to gain access to their system. 

 

Technical Password Attacks 

    • Dictionary attack – This is when a word list is created from a dictionary and tested against passwords. Non-technical people may create easy-to-remember passwords with pet’s names, date of birth, random objects, etc... This makes it easy for a hacker to guess these passwords. 
    • Brute force attack – A hacker (usually running a hacking program) cycles through all combinations for a pin code/set character password. This ensures the password is found. 
    • Rainbow attack – Like a dictionary attack but it uses pre-computed wordlists and their hashes to compare with the final hashed password. 
    • Pass the hash – An attacker will first gain access to an individual computer. The hacker can then access the memory for stored hashes for any user that has also used that workstation. They can then check the other workstations in the hope of finding a hash to a higher-level administrator account. 
    • Sniff passwords – A sniffing tool is used to intercept passwords being transmitted in a LAN. It is a type of man-in-the-middle attack. 
    • Keyloggers – Keyloggers can be both hardware and software. A hardware keylogger is a device that looks like a regular USB drive. It is installed between the keyboard plug and the USB socket which stores every keystroke made on the computer. A software keylogger is a type of malware that logs keystrokes made on the computer and can be accessed by remote viewing. 

 

Countermeasures 

    • Salting – This is when bits of data are added to a hash to increase its security and make it harder to crack. 
    • Complexity – Password should be random and complex. Using a password manager can help to store passwords that you won’t remember. 
    • Social engineering – Research and identify social engineering attempts so you don’t fall for them. 

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 3 GUIDE

Image
  OSA Assignment 1 – Task 3 Guide     Exam parameters   Time length – 5 hours (2x 2 ½ sessions)   Marks available – 28     Task 3: Design – Communication Equipment   In this task you are required to submit :   A technical proposal covering the switches, wireless infrastructure and specifications   Justification of planned network architecture and considerations for security, resilience, performance and redundancy   Evidence print screens   Annotated floor plan/network diagram     Technical Proposal   The technical proposal in task 3 follows a similar format as task 2. It's another large document detailing the requirements and recommendations for the company. In task 3, however , it should discuss communication and other digital equipment such as switches, CCTV and APs.   You should recommend multiple hardware solutions and justify between them.   Here are some examples of tables and information ...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more