Overview#

Attack is an intentional act by which an attacker attempts to violate another entity's privacy or security. RFC 4949.

Attacks Classifications#

All? Attacks may be broadly classified as either:

• Opportunistic Attack
• Targeted Attack

Classification of the Attack is a useful first step in understanding and responding to an information security incident.

Attack types#

• Birthday Attacks (Cryptographic Collision Attack)
• Password Spraying (Password Guessing)
• Meet-in-the-Middle Attack
• Phishing
• Side-channel attacks
• Pass-the-ticket
• Pass-the-hash
• Code injection
• IP spoofing
• Key Reinstallation AttaCKs (KRACKs)
• Malicious PAC
• Malicious Endpoint
• SIM Swap
• Homograph attack
• Length extension attack

Some Attack Examples:

• BEAST
• CRIME
• Poodle
• Heartbleed
• Logjam
• BREACH (security exploit)

More Information#

There might be more information for this subject on one of the following:

• AWS Shield
• Active attacker
• Advanced Persistent Threat
• Attack Effort
• Attack Orchestrator
• Attack Service
• Attack Surface
• Attribution
• BCP 36
• Best Practices OpenID Connect
• Best Practices for LDAP Security
• Birthday Attack
• Bot
• Botnet
• CIA
• Certificate Algorithm ID
• Certificate Validation
• Cipher Block Chaining
• Cloud Native
• Code injection
• Computational Hardness Assumption
• Content-Security-Policy
• Covert Redirect Vulnerability
• Credential Leakage
• Credential Leaked Databases
• Credential stuffing
• Cross-site request forgery
• Cross-site scripting
• Cryptanalysis
• CryptoAPI
• Cryptographic Collision
• Cryptographic Key
• Cryptographic Primitive
• Cyber Attack as a Service
• DNS cache poisoning
• Demonstration of Proof-of-Possession
• Deprecating Secure Sockets Layer Version 3.0
• Domain-based Message Authentication, Reporting & Conformance
• Elliptic Curve
• Elliptic Curve Menezes-Qu-Vanstone
• Encrypted Server Name Indication
• Explicit Endpoint
• Exploit
• Exploitability Metrics
• Extended Protection for Authentication
• FAPI Read Write API Security Profile
• FREAK
• Glossary Of LDAP And Directory Terminology
• Golden Ticket
• Heuristic Attacks
• How To Crack SSL-TLS
• IDN homograph attack
• IDSA Integration Framework
• IP spoofing
• Impersonation-resistant
• Internationalized Resource Identifiers
• Issues and Requirements for SNI Encryption in TLS
• Kerberos
• Kerberos Forged Ticket
• Kerberos Pre-Authentication
• Key Reinstallation AttaCKs
• Key size
• LONGHAUL
• Length extension attack
• LibraBFT
• Logjam
• Lucky 13
• MD5
• Malicious Endpoint
• Malicious PAC
• Malicious Software
• Man-In-The-Middle
• Meet-in-the-Middle Attack
• Multi-Factor Authentication
• NIST Cybersecurity Framework
• NIST.SP.800-53
• NIST.SP.800-63B
• NIST.SP.800-63C
• NIST.SP.800-70
• OAuth 2.0 Mix-Up Attack
• OAuth 2.0 Security Best Current Practice
• OAuth 2.0 Threat Model and Security Configurations
• OAuth 2.0 Vulnerabilities
• Offset Codebook Mode
• OpenID Connect Back-Channel Logout
• Operation Aurora
• Pass-the-hash
• Pass-the-ticket
• Password Anti-Pattern
• Password Authentication is Broken
• Password Periodic Changes
• Password Reuse
• Password Spraying
• Password Validator
• Perfect Security
• Perspectives Project
• Phishing
• Presentation Attack Detection
• Prevention
• Privacy Considerations
• Privacy Policy
• Proxy Auto-Config
• Public Key Infrastructure Weaknesses
• Public Key Pinning Extension for HTTP
• Punycode
• QUANTUM
• RFC 7672
• Record Protocol
• Relative IDentifier
• Reputation System
• Risk Assessment
• Rowhammer
• Runtime Application Self-Protection
• SIM Swap
• SQL Injection
• SS7 hack
• SSL-TLS Interception
• Same-site Cookies
• Secure by design
• Session Management
• Side-channel attacks
• Social Engineering Attack
• State of the Internet-Security Report
• Strength of Function for Authenticators - Biometrics
• TLS 1.2
• TLS 1.3
• TURBINE
• Tailgating
• Ten Hundred Words
• Threat Model
• Token Binding Protocol
• Tokenization
• Transport Layer Security
• United States Office of Personnel Management
• Universal Declaration of Human Rights
• Unvalidated redirects and forwards
• Verizon Data Breach Investigations Report
• Vulnerability
• Web Authentication API
• Web Blog_blogentry_030817_1
• Web Blog_blogentry_150617_1
• Web Blog_blogentry_190617_1
• Web Blog_blogentry_230418_1
• Web Blog_blogentry_241018_1
• Web Proxy Auto-Discovery Protocol