- Brute force
- Advanced Persistent Threat (APT)
- Multi-vector, polymorphic attacks
- Denial of Service
- Buffer Overflows
- Mobile Code: ActiveX, JavaApplet, Flash, JavaScript
- Malicious Software (Malware)
- Drive-by download attacks
- Spyware
- Trojan Horse
- Keyloggers
- Password Crackers
- Spoofing/Masquerading
- Sniffers, Eavesdropping, and Tapping
- Emanations and TEMPEST
Spontaneous emission of electromagnetic radiation” (EMR) subject to TEMPEST eavesdropping - Shoulder Surfing
- Tailgating
- Piggybacking
- Object Reuse
- Data Remanence
- Unauthorized Targeted Data Mining
- Dumpster Diving
- Backdoor/Trapdoor
- Maintenance Hook
- Logic bombs
- Social Engineering
- Phishing
- Pharming
A cyber attack intended to redirect a website’s traffic to another, fake site. - Covert Channel
Unauthorized channel for data transportation - IP Spoofing/Masquerading
IP Spoofing is malicious, while Masquerading is a specific form of Network Address Translation (NAT) and can be valid. - Elevation of privilege/Privilege escalation
- Tampering
- Sabotage
- SQL injection
- Cross-Site Scripting (XSS)
- Session Hijacking and Man-in-the-Middle Attacks
- Zero-day exploit
A zero-day exploit hits after a network vulnerability is announced or discovered but before a patch or solution is implemented. - Race condition
- TOC/TOU
- Aggregation and Inference
- Data diddling
- Salami attack
- Frequency analysis (against classical ciphers)
- Cryptanalytic attacks: Ciphertext only, Known plaintext, Chosen ciphertext, *Chosen plaintext (CPA)
- Implementation attacks: Side-Channel Analysis (active or passive) and Fault Analysis (active), e.g., Timing attack and Differential fault analysis
- Man-in-the-Middle (MITM)
- Meet-in-the-Middle
- Birthday attack
- ARP poisoning
- DNS cache poisoning/spoofing
Pingback: CISSP PRACTICE QUESTIONS – 20200929 by Wentz Wu, CISSP-ISSMP,ISSAP,ISSEP/CCSP/CSSLP/CISM/CISA/CEH/PMP/CBAPWentz Wu
Pingback: 常見攻擊(Common Attacks) – Choson資安大小事