Attacks

Network Attacks

Categories	Attack Name	Depictions/Characteristics
DoS/DDoS	SYN Flood	Withholds the client's ACK packet during TCP's three-way handshake
	Reflected DoS	Spoofs the victim's IP address and triggers third-party servers to direct SYN/ACK and open connections with the victim's devices
	DNS Amplification	Passes an argument such as “ANY” in DNS queries in order to receive the largest response possible
	NTP Amplification	Exploits a NTP server's monlist command by sending REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests
	Tear Drop	Sends oversized or malformed echo request packets to a target system which will be crashed when resembling the oversized packets.
	Ping to Death	The attacker sends overlapping fragmented packets with incorrect offsets. The target system tries to reassemble them but fails, causing crashes or instability.
On-Path (MitM)	ARP Poisoning	Broadcasts unsolicited ARP reply packets to poison victim's host ARP cache table
Naming Service attacks	DNS Client Cache Poisoning	Corrupt the hosts file's content
	DNS Server Cache Poisoning	Corrupts the records held by the DNS server
	DNS-Based On-Path attack	ARP poisoning, then masquerades as an authoritative name server to respond to DNS queries
Wireless attacks	Rogue Access Points	Installed AP without authorization, whether with malicious intent or not
	Evil Twin	Unauthorized AP masquerades as a legitimate one Same or similar SSID or DoS/Poisoning the genuine AP
	Wireless Replay	Capture the hashes used when a wireless station associates with an access point, then offline brute force and dictionary cracking
Wireless DoS	DoS AP	Prevent clients from connecting to the legitimate access point
	Disassociation attack	DoS wireless client by spoofing disassociation notifications to cause clients to be disconnected from the network.

Password & Cryptography Attacks

Categories	Attack Name	Depictions/Characteristics
Password attacks	Online Password attack	Interacting with the authentication system
	Offline Password attack	Offline cracks hashes from password-storing files (%SystemRoot%\System32\config\SAM; %SystemRoot%\NTDS\NTDS.DIT; /etc/shadow)
	Brute Force	Attempts every possible combination in the output space
	Dictionary	A dictionary of hash values from possible passwords
	Password Spraying	Chooses one or more common passwords (for example, password or 123456 ) and tries them in conjunction with multiple usernames.
	Credential Replay	Uses a captured authentication token to start an unauthorized session without having to discover the plaintext password.
Cryptographic attacks	Downgrade	Force to use a lower specification protocol with weaker ciphers and key lengths
	Collision	Same hashing digest value for two different inputs. (Forge a digital signature)
	Birthday attack	Brute force a same hashing value for two different inputs

Application Attacks

Categories	Attack Name	Depictions/Characteristics
Privilege Escalation	Vertical privilege escalation	Higher permissions
	Horizontal privilege escalation	Multiple users' permissions
Replay attack	Session Sniffing	Capture cookies by sniffing network traffic via an on-path attack re-establish a session
	Session Prediction	Identifies possible weaknesses in the generation of tokens establish a session
Forgery attack	Cross-Site Request Forgery (CSRF)	Hijack the session Take advantage of a user's legitimate session
	Server-Side Request Forgery (SSRF)	Hijack the session Take advantage of a server's trust relationship with another servers
Injection attack	XML Injection	Input validation vulnerability
	LDAP Injection	Input validation vulnerability; input an always Ture parameter
	Directory Traversal	Request a file out of the web server's root directory by using ../
	Canonicalization attack	Disguise URL request in encoded version
	Command Injection	Cause the server to run OS shell commands