Questions tagged [attack-vector]
Attack vectors are methods and channels used by attackers during a hacking attempt.
156
questions
0
votes
1
answer
273
views
CVSS attack vector adjacent vs network
I am trying to calculate a CVSS score for a vulnerability. In my case, to exploit the vulnerability you should have network access to the server, which is sitting behind a firewall. This server is ...
- 67
2
votes
2
answers
144
views
Attack surface when no incoming port is open [closed]
Let's assume that the only attack to be feared on a computer is one via the network in which the machine is embedded.
What options does an attacker have if the machine has no open incoming ports?
(For ...
- 21
0
votes
1
answer
138
views
Does enabling hardware acceleration increase the attack surface of software?
For software that process untrusted data and have an option to use hardware acceleration, does enabling hardware acceleration increase the attack surface of the software? Examples of situations where ...
- 923
1
vote
1
answer
208
views
Malware infection to wifi router from android phone
Suppose a wifi router has strong admin password, updated firmware and no vulnurability then -
Is the router safe from malware infection from android phones connected to it?
Can malware from an ...
- 41
0
votes
1
answer
178
views
Is HTTP Request Smuggling domain/subdomain wide or directory wide?
I have a pretty good understanding of HTTP Request Smuggling vulnerabilities but one thing I still need some clarification on is if they are domain/subdomain wide or directory wide?
Here's what I mean:...
- 50
-1
votes
1
answer
107
views
Cyber Security skills development advice [closed]
I'm looking to shift my job / skillset over to the cyber security field. I'm currently in the script kiddy stages of my knowledge and wanted to move past this and locate/identify vulnerabilities ...
- 9
0
votes
1
answer
232
views
Common attack vectors for Microsoft Exchange Server?
What are the common attack vectors for a Microsoft Exchange Server?
My online searches only yield discussion into various APT groups, and technical write-ups of different 0day exploits. There does not ...
- 211
1
vote
0
answers
100
views
Does Google Update perform cryptographic checks against releases?
My company is looking to allow Google Chrome to self-update, a necessity as we are finding it difficult to keep up with their release cycle in order to mitigate vulnerabilities.
On the pro side, ...
- 179
4
votes
2
answers
6k
views
Difference in attack vectors between Bash Bunny and USB Rubber Ducky
Can someone please explain to me the difference between the USB Rubber Ducky and the Bash Bunny? I understand that the Bash Bunny can emulate more trusted devices then just the keyboard like the USB ...
- 597
0
votes
2
answers
171
views
What type of attack does WPS prevent?
There are many talks about why someone should not use WPS because of the attacks it allows. But does it also prevent attacks? For example, if guests want to join my network instead of giving these ...
- 1
1
vote
2
answers
548
views
Malicious payload in raw media file content
As with anything to do with software, there have been many documented security vulnerabilities that relate to media files. While many of these exploits take advantage of attributes or variables of ...
- 11
0
votes
1
answer
212
views
Does limiting size of images prevents buffer overflow?
I am writing an app that serves images to clients.
The app is written mostly in python. I store the images in AWS s3 and serve the clients them directly from there.
Am I vulnerable to buffer overflow ...
- 1
2
votes
0
answers
2k
views
Can someone impersonate you on WhatsApp?
Well I'm not a developer so I'm here to resolve a specific question.
I have been investigating this subject for a while now and I need and opinion from experts or developers which really understand ...
0
votes
0
answers
246
views
What happens if a sender changes the TCP window size over multiple packets that have the same ACK number?
I'm currently doing research on evasion attacks that seek to bypass a Deep-learning based Network Intrusion Detection System.
In order to achieve this, I need to know what the constraints are for the ...
2
votes
2
answers
226
views
Website attack: What is the attacker's goal?
A bot network(?) has been after my website for quite a while now. Here is a breakdown of what they do:
They register several accounts using random characters for building a first and last name which ...
