Session Hijacking Basics
What is Session Hijacking?
This attack occurs when an attacker takes control of a valid user session.
What is the TCP Sequence Number?
Attackers use this value to maintain synchronization in TCP communication.
What is a Denial-of-Service (DoS) Attack?
This attack overwhelms a server to make services unavailable.
What is a Botnet?
A collection of compromised devices controlled remotely is called this.
What is Session Hijacking?
Encrypting communication using HTTPS helps prevent this attack.
What is Transport Layer Hijacking?
This layer hijacking involves stealing TCP session information.
What is taking one party offline?
In transport hijacking, attackers first disable this to gain control.
What is a SYN Flood Attack?
This flooding attack abuses the TCP three-way handshake.
What is a Trojan?
This malware commonly spreads to create botnets.
What are Security Countermeasures?
Firewalls and IDS/IPS systems are examples of these.
What is Application Layer Hijacking?
Attackers capture cookies or tokens to impersonate users in this hijacking method
What is a Man-in-the-Browser Attack?
This browser-based malware modifies transactions within the browser.
What are Bandwidth Attacks?
These attacks consume network capacity using huge traffic volumes.
What are Command-and-Control (C2) Servers?
Attackers use these servers to control infected bots.
What are Bot Attacks?
CAPTCHA mechanisms help prevent this automated threat.
What is Session Sniffing?
This technique listens to network traffic to steal session information.
What are Predictable Session Tokens
Weakly generated session IDs are vulnerable because they are this.
What are Program and Application Attacks?
Crashing vulnerable software using malformed inputs is an example of this type of attack.
What is a Botnet?
Mirai is a famous example of this type of network.
What is Session Token Renewal?
This security practice regenerates session IDs after login.
What is a Man-in-the-Middle Attack?
This attack intercepts communication between two parties secretly.
What are Client-side Attacks?
XSS attacks are examples of these attacks targeting user browsers.
What is Distributed Denial of Service (DDoS)?
This attack uses multiple compromised systems against one target.
What is a Reflection/Amplification DDoS Attack?
This attack sends amplification traffic using misconfigured servers.
What are DoS/DDoS Attacks?
Rate limiting and traffic filtering help defend against these attacks.