Overview#

Attack is an intentional act by which an attacker attempts to violate another entity's privacy or security. RFC 4949.

Attacks Classifications#

All? Attacks may be broadly classified as either:

• Opportunistic Attack
• Targeted Attack

Classification of the Attack is a useful first step in understanding and responding to an information security incident.

Attack types#

• Birthday Attacks (Cryptographic Collision Attack)
• Password Guessing Attacks
• Meet-in-the-Middle Attack
• Phishing
• Side-channel attacks
• Pass-the-ticket
• Pass-the-hash
• Code injection
• IP spoofing
• Key Reinstallation AttaCKs (KRACKs)
• Malicious PAC
• Malicious Endpoint
• SIM Swap
• Homograph attack

Some Attack Examples:

• BEAST
• CRIME
• Poodle
• Heartbleed
• Logjam
• BREACH (security exploit)

More Information#

There might be more information for this subject on one of the following:

• Active attacker
• Advanced Persistent Threat
• Attack Effort
• BCP 36
• Best Practices OpenID Connect
• Best Practices for LDAP Security
• Birthday Attack
• CIA
• Certificate Algorithm ID
• Certificate Validation
• Cipher Block Chaining
• Code injection
• Computational Hardness Assumption
• Content-Security-Policy
• Covert Redirect Vulnerability
• Credential Leakage
• Credential Leaked Databases
• Cross-site request forgery
• Cross-site scripting
• Cryptanalysis
• Cryptographic Collision
• Cryptographic Primitive
• DNS cache poisoning
• Deprecating Secure Sockets Layer Version 3.0
• Elliptic Curve
• Elliptic Curve Menezes-Qu-Vanstone
• Explicit Endpoint
• Exploit
• Exploitability Metrics
• FREAK
• Glossary Of LDAP And Directory Terminology
• Golden Ticket
• Heuristic Attacks
• How To Crack SSL-TLS
• IDN homograph attack
• IDSA Integration Framework
• IP spoofing
• Impersonation-resistant
• Internationalized Resource Identifiers
• Kerberos
• Kerberos Forged Ticket
• Kerberos Pre-Authentication
• Key Reinstallation AttaCKs
• Key size
• Logjam
• Lucky 13
• MD5
• Malicious Endpoint
• Malicious PAC
• Man-In-The-Middle
• Meet-in-the-Middle Attack
• NIST Cybersecurity Framework
• NIST.SP.800-53
• NIST.SP.800-70
• OAuth 2.0 Mix-Up Mitigation
• OAuth 2.0 Security Best Current Practice
• OAuth 2.0 Vulnerabilities
• OpenID Connect Back-Channel Logout
• Operation Aurora
• Pass-the-hash
• Pass-the-ticket
• Password Anti-Pattern
• Password Authentication is Broken
• Password Guessing Attacks
• Password Validator
• Perfect Security
• Perspectives Project
• Phishing
• Presentation Attack Detection
• Privacy Considerations
• Privacy Policy
• Proxy Auto-Config
• Public Key Infrastructure Weaknesses
• Public Key Pinning Extension for HTTP
• Punycode
• RFC 7672
• Record Protocol
• Reputation System
• Risk Assessment
• Runtime Application Self-Protection
• SIM Swap
• SQL Injection
• SS7 hack
• SSL-TLS Interception
• Same-site Cookies
• Session Management
• Side-channel attacks
• Social Engineering Attack
• Strength of Function for Authenticators - Biometrics
• TLS 1.2
• TLS 1.3
• Threat Model
• Transport Layer Security
• Universal Declaration of Human Rights
• Unvalidated redirects and forwards
• Verizon Data Breach Investigations Report
• Vulnerability
• Web Blog_blogentry_030817_1
• Web Blog_blogentry_150617_1
• Web Blog_blogentry_190617_1
• Web Blog_blogentry_230418_1
• Web Proxy Auto-Discovery Protocol