Gimme the Creds
In this offline attack, the attacker uses a pre-computed database of values to check against a list of password hashes
What is a Rainbow Table attack?
This method of obtaining MITM involves sending gratuitous ARP packets to both the victim and its default gateway
What is ARP poisoning
In this wireless attack method, the attacker uses a wireless sniffer you capture traffic that is already in transit
What is eavesdropping?
The attacker can masquerade as a victim by stealing their 48-bit address
What is MAC address spoofing?
This tool "is a complete suite of tools to assess WiFi network security." It allows for replay and de-authentication attacks and offers the ability to crack WPA PSK
What is Aircrack-NG
This attack uses a stored version of a password in order to initiate a new session, usually on a different machine within the same network (as a means of lateral movement). Not cracking required.
What is pass the hash?
This form of gaining MITM involves a malicious actor setting up an access point that mimics the target access point with a similar SSID to fool the victim into joining the malicious access point
What is Rogue Access Point (also known as Evil Twin)
In this wireless attack method, the attacker sends a spoofed packet to the access point in order to force legitimate users to disconnect
What is a De-authentication attack?
The attacker pretends to be a network device with trunking capability in order to read data from multiple virtualized networks
What is switch spoofing? (this is also a form of VLAN hopping)
This type of attack is carried out by tools such as HULK, LOIC, and SlowLoris.
What is DoS?
In this online attack, the attacker uses only a few common password but tries the same password against multiple users or servers
What is password spraying?
This method of gaining MITM involves compromising the target DNS server and replacing a legitimate resolution with a malicious one that redirects the victim to a server under control of the attacker
What is DNS spoofing
In this wireless attack method, the attacker transmits a strong signal tuned to the frequency of the intended receiver to prevent that victim from creating a connection
What is jamming?
The attacker sends a high volume of spoofed addresses to the switch to fill the table that maps addresses to ports, effectively turning the switch into a hub.
What is CAM table flooding?
This tool is a network detector, packet sniffer, and intrusion detection system for 802.11 networks.
What is Kismet?
The attacker takes advantage of the Windows challenge-response mechanism by intercepting a legitimate authentication request and then forwarding that to the server. The attacker must also intercept the response from the victim and forwards that as well.
What is a NTLM relay attack?
This method of obtaining MITM involves an attacker using social engineering to obtain the email credentials of a victim and then silently monitoring the victim's email until an opportunity arises to take advantage of the victim
What is email hijacking
The attacker targets a 802.15-enabled device without the user's knowledge to steal data
What is Bluesnarfing?
The attacker exploits vulnerabilities in the system that detects initial connections and prevents unauthorized users from accessing the network in order to gain access
What is NAC bypass?
This tool will allow you to set up Evil Twin attacks in an automated way, can perform captive portal attacks, and specifically targets WPA2 Enterprise networks.
What is EAPHammer?
this technique follows a 4-step process:
1. Scan Active Directory for user accounts with Service Principal Name (SPN) set
2. Request a service ticket using the SPN
3. Extract the service ticket from memory (using something like Mimikatz)
4. Conduct an offline attack against the passwords in the service ticket
What is Kerberoasting?
In this means of obtaining MITM, the attacker enacts a DOS on the valid DHCP server and then sets up a malicious DHCP server which tells victims that the attacker is the actual default gateway
What is DHCP spoofing
Taking advantage of this "dumb" technology's propensity to communicate without authentication, an attacker can steal data from a short distance away and copy it over to a blank card, thus giving them unauthorized access
What is RFID cloning?
The attacker adds malicious routes into a routing table by posing as a legitimate routing process and takes advantage of the lack of authentication on forming neighborships.
What is route injection or route poisoning?
This physical tool, developed by Hak5, was intended to enable wireless pen testing and to help administrators audit wireless network security. It can act as an Evil Twin and conduct MITM attacks, remaining transparent to the end user.
What is a Wi-Fi Pineapple?