Time
33 hours 23 minutes
Difficulty
Beginner
CEU/CPE
33

Video Transcription

00:01
Hello and welcome back to Sai Berries. 2019 Comp Tia Security Plus Certification Preparation course.
00:09
This is a continuation off margin on the one
00:12
and the top of discussing domain one. Threats, attacks and vulnerabilities.
00:18
This is a continuation from the previous video, where we actually begin the price of discussing one point to compare and contrast types of attacks.
00:27
Here again are the topic discussion, which encompasses this particular video, ranging from applications, services, attack men and browser. Zero day replay passed a hash hijacking related attacks. Clip jacking session. Hijacking your ill
00:45
Hi jacket Typo squatting.
00:48
So let's forget by first taking a look at the applications service, the types attacks the first item Arjuna is defining. What is a man in the browse attack that is a form of Internet threat related to man In the middle is a proxy Trojan horse that infects a Web browser by taking advantage of vulnerabilities
01:04
in the browser security to modify the well.
01:10
Then we have zero day is computer software. Vulnerability is unknown to or unaddressed by those who should be interested in mitigating the vulnerability.
01:19
Replay is a form of network attack in which the valid data transmission is maliciously or frigidly repeated or delayed
01:27
past the hash is an Explorer in which an attacker what essentially what they do. They still the house user credential and without cracking it. And we use it to trick
01:38
Edwards D authenticates assistant to create a new authentication session on the same network,
01:45
continuing without hijacking, really a type of tax
01:48
click jacking. It's one a cyber criminal. What he does he or she does. They tricked a using to click in a link that it seemed he takes them toe one place, but instead routes them to the attacker chosen destination most often for malicious purposes.
02:02
Session hijack. And it occurs when a session tokens sent to a client browser from a Web server following the success with indication of a client log on
02:13
your air hijacking is a process by which a your, in other words, your universal resource located is wrong. Wrongly removed from the search engine index and replaced by another Iorio,
02:25
typo squatting is a type of cyberattack which attacker tries to create websites. Who's your l other word? Your universal resource located is also similar or possible to the similar as possible to a legitimate or popular one. In other words,
02:44
continue on with some additional objectives are topics which in conference this particular objective
02:50
we will discuss driver manipulation, skimming,
02:53
re factoring Mac spoofing as well as I p spoofing. So without further, let's highlight these particular definition, the 1st 1 I we're gonna take a look at seeming.
03:04
They refers to attack, which that capture data by tapping directly into a E V W chip. A small flat device containing microprocessors and flash memory is inserted inside the car Ried itself.
03:19
It's almost similar to, for example, when someone, for example, gets your credit card and made the you know the Senate Able
03:23
basis scan your information. For example, you could reach your credit card information able to go back. And what make an identical one
03:32
re factory is the prices of changing the computer programs internal structure without modifying his external functional behavior or existing functionality.
03:43
Max Boot for is whether and true, to sniff the network for Valent Mac address and attempt to act as one of the Valent Mac addresses.
03:51
Eyepiece pooping is the creation of in that protocol package with a false source happy address for the purpose of impersonate another computer system
04:01
here again in some additional topic, which encompasses this particular objective comparing address the type of attacks we could be in my taking. A look at Wallace attacks Replay Ivy
04:13
Evil Twin Row Access point jamming,
04:16
WPS blue Jacking
04:18
blue snarling R F I. D in FC as well as disassociation.
04:28
So replay is basically, is a man in middle attack that replace a mess between two days at a later date.
04:34
Ivy. This is an arbitrary number that could be you along with a secret key for data encryption. This number, also called a nonce, is a ploy only one time in any session.
04:46
Evil Twin is a fraudulent Wallace access point that appears to be legitimate, but it's set up to eavesdrop on wireless communication
04:56
a row. A PR worst access point is a wireless access point that has been installed on a secure network without explicit authorization from the local network administrator. Whether added by a well meaning employees or by a malicious attacker
05:12
jamming, anyone with a trans receiver can eavesdrop on ongoing transmission, injects Spiritus, sir petitions, messages, in other words, or block the transmission off legitimate ones.
05:25
WPS is a WiFi protected set up, which allows users to configure a wireless network without typing in a pass phrase. Instead, Uses can configure devices by pressing buttons or by in a short, personal other words. Pin identification number.
05:43
A de bps is suspicious to a brute force attack. Other words acceptable. In other words, security expert recommend this. Saving the GPS on all devices
05:53
continue on without discussing waters Attack. We have blue jacket. It's where attacker take from show off a Bluetooth device. So just a form they then able to make phone calls and sent text messages
06:09
blue snarling. It occurs when attacker hijacks a Bluetooth phone, but in this scenario they expect contact details and any sensitive information.
06:20
Or, if I D is a former wildest communication that incorporates the use of electromagnetic or electrostatic coupling in the radio fixed portion off the electromagnetic spectrum to uniquely identify an object animal or person item.
06:35
NFC caught term is called near. Field communication is used to make a wireless payment, but a credit card needs to be within four centimeters off. The reader
06:47
disassociation is an attack referred to when you are using your WiFi network and then all of a sudden you are disconnected and can no longer see your wallets Access point. This is similar to a DOS attack where every time you connect, you are in fact disconnected.
07:05
Continue on what I
07:08
topic of discussion or worse, the objective comparing it traps. Let's take a look at some cryptographic type of tax, ranging from birthday all way down to what we call week impersonation.
07:18
The first woman highlight is a birthday. It is a kind of cryptographic attack that exploits the mathematic max behind the birthday problem in a probability theory
07:30
known plane or sigh Protects is an attack model for CYP Cyprus analysts, where the attacker has access to both the plain text called a crip and is encrypted version or Cyprus text.
07:44
A rainbow table is a type of hacking way, and the perpetrator tries to use. A rainbow has table to crack. The password stored in a database system
07:57
dictionary, is a method of breaking into a password protected computer or server by systematically in an every word in a dictionary as a pass phrase
08:07
Brute force online versus offline is Attack, which consists of attacker, has been many password or pass phrases with the hope of eventually gassy but or against in the correct password
08:20
and all on attack Attacker. What it does he or she does. They use the same end interference
08:24
as a regular used to try to gain access to accounts. All attack it needs is a
08:31
could create a list off likely password to perform an offline dictionary. Attack hackers Still a password stores five from that target system.
08:43
Collision is an attack on a cryptographic alehouse.
08:46
I was trying to find two inputs, but using the same hash value. This is known as pass Collision.
08:52
Downgrade is an intact way when you abandoned a high level security for older, low level security system. In this case, we are downgrading the computer browser to an older version of a browser, SSL three point using again CBC
09:09
Replay. It's the type of Manimal attack that an intercept data but replace it at a later date. Curveballs, which is the Microsoft Indication Protocol camp event as this as each changes, updated sequential numbers and Time Steps
09:24
Week impersonation is prevailing, and many other areas, such as weak passwords
09:30
using the most common passwords. A low number of characters less than seven characters.
09:35
Simple passwords such as 12345 or A, B, C, D, e and f
09:43
other words, Default password for your devices. At this point in time, we have our post assessment quiz, and the question is as follows.
09:50
You are a security administrator for airline company whose systems suffer a loss available early last month.
09:58
Would your following types of most likely affect developing of your I T system is a spear? Phishing? Be replay.
10:05
See men in the middle type attack or D dolls attack.
10:11
If you said let the day,
10:13
you're absolutely correct because a DDOS or dolls attack attacks developing of your I T systems as they both came to take them down.
10:22
At this point, we have some key takeaways from this particular
10:24
objective, and they are as follows
10:28
fishing. This primary is primary, similar to fishing on lake. But instead of trying to capture fish, the Fisher attempt to steal your personal information. They send out emails that appear to come from legitimate wraps that, such as eBay, PayPal, other banking institution,
10:46
spearfishing, is a variation offish in which Attackers sent emails to a group of people with specific comment characterise all other identifies. Spirit Phishing email appears to come from a trusted source but are designed to help hackers attained trade secrets or other classified information
11:03
where fishing is term used to describe a phishing attack. This specifically aimed at wealthy, powerful, are prominent individuals because of their status. If such a user becomes a victim of a fish intact, he can be considered a big fish or are terribly a whale. In other words,
11:20
vision is a attack which involved the use of voice over I, p phone, another telephone or someone leaving enforcement a try to extort information
11:31
and our upcoming video wicker t on what I mix objective
11:35
within the domain one. Threats, attacks and vulnerably type presentation or domain. In other words, we will begin the process of explaining threat at the types and attributes I say You're in very next video.

Up Next

CompTIA Security+

Interested in the cybersecurity industry? The CompTIA Security+ is the gold standard for those looking to enter the cybersecurity industry. Join thousands of professionals who have gained this certification through this course and launched their careers in information security.

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor