Cyber Criminals & Hacking Groups
Malware
Attack Types
OWASP
Red VS Blue
100
After the HBGary Federal hack of 2011, this group formed as an Anonymous spinoff. It’s slogan was “Laughing at your security since 2011.” The group announced itself with a hack against Fox.com, then Sony Pictures in 2011. The group took the CIA website offline.
Who are LulzSec?
100
This type of Malicious software essentially holds a computer system captive by encrypting files while demanding a fee to decrypt.
What is Ransomeware?
100
This type of attack uses social engineering to deceive its victims using email as an attack vehicle.
What is phishing?
100
This occurs when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
What is an Injection?
100
This technique is used by attackers to over-complicate and cloud the human eye's ability to read code.
What is Obfuscation?
200
A decentralized group of hackers with no true membership or hierarchy. Anybody can act in the name of this group.
What is Anonymous?
200
This type of malicious software designed to remotely access or control a computer without being detected by users or security programs. It must be installed while the operating system is inactive.
What is a rootkit?
200
In this attack, an attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
What is a man-in-the-middle attack?
200
This occurs when an application takes untrusted data and sends it to a web browser without proper validation or escaping. It allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
What is XSS (Cross-site-scripting)?
200
The existence TCP port 6667 in firewall logs is indicative of this type of malicious command and control network.
What is a Botnet?
300
This group performed the DDoS attack on Facebook that lowered the popular social media network as well the cyber attacks on Malaysia Airlines website that directed visitors to a page which read “404 – plane not found”. The FBI arrested the group after their attacks on the XBOX and SONY PlayStation Networks.
Who are the Lizard Squad?
300
This type of malware that disguises itself as a normal file or program to trick users into downloading and installing it.
What is a Trojan?
300
This attack leverages usernames and passwords stolen from a previous breach of a 3rd party.
What is credential reuse?
300
This flaw occurs when application functions related to user validation and connection management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.
What is Broken Authentication and Session Management?
300
The following types are behavior are used for this type of malicious activity: Unapproved port activity High-volume email activity to non-corporate domains Host sending excessive email Excessive DNS queries Web uploads to non-corporate sites by users
What is Data Exfiltration?
400
This hacker started off as the leader of a hacker group called ShadowCrew. In addition to stealing and selling credit card numbers, ShadowCrew also fabricated fraudulent passports, health insurance cards, and birth certificates for identity theft crimes. He famoulsy stole over 170 million credit cards partial from 7-11 store ATMs using WEP encryption.
Who is Albert Gonzalez?
400
This malware specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. One of 3 modules contains a worm that executes all routines related to the main payload of this attack.
What is Stuxnet?
400
This attack leverages legitimate websites with security vulnerabilities to serve malicious software to unsuspecting victims.
What is a Drive-by-download?
400
This category includes attacks involving redirecting victims to phishing or malware sites, or using forwards to access unauthorized pages on web applications that allow untrusted data to determine the destination pages.
What is Unvalidated Redirects and Forwarders?
400
This technique can be used to evade IDS/IPS and Firewall detection.
What is fragmentation?
500
I was a hacker in the 90s well known for social engineering and phreaking. I was later arrested by the FBI with the aid of Tsutomu Shimomura.
Who is Kevin Mitnick?
500
This malware turns networked devices running Linux into remotely controlled "bots" that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers.
What is Mirai?
500
This attack modifies an encrypted wireless packet during transmission. Once an attacker learns the plaintext of one packet, the attacker can compute the RC4 key stream generated.
What is an Initialization Vector attack?
500
This attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.
What is a Cross Site Request Forgery (CSRF) attack?
500
Sandbox aware malware uses this technique to identify the existence of a sandbox to stop execution before an analysis can occur.
What is CPU Core Detection?
M
e
n
u