There are 1 repository under infosecsimplified topic.
An adversary may utilize a sim swapping attack for defeating 2fa authentication
An adversary may utilize a sim swapping attack for defeating 2fa authentication
Threat intelligence or Cyber Threat Intelligence is the process of identifying and analyzing gathered information about past, current, and future cyber threats (Collecting information about a potential threat, then analyzing that information to learn more about the negative events)
Cyber Kill Chain is a model that Lockheed Martin created for understanding (Describe the sequence of events) and stopping cyberattacks
Digital Forensics is the process of finding and analyzing electronic data
Incident response is a set of steps that are used to handle the aftermath of a data breach or cyberattack
An adversary may inject malicious content into a vulnerable target
A threat actor may trick a victim into executing native template syntax on a vulnerable target
Cybersecurity is the measures taken to protect networks, devices, and data against cyberattacks
A threat actor may list files on a misconfigured server
A threat actor may inject malicious content into HTTP requests. The content is not reflected in the HTTP response and executed in the victim's browser.
A threat actor may send a malicious redirection request for a vulnerable target to a victim; the victim gets redirected to a malicious website that downloads an executable file
A threat actor may inject malicious content into HTTP requests. The content will be reflected in the HTTP response and executed in the victim's browser
Risk management is the process of identifying, assessing, treating, and monitoring any negative events that affect a company's ability to operate (Preventing them or minimizing their harmful impact)
A threat actor may perform unauthorized functions belonging to another user with a higher privileges level
A threat actor may gain access to data and functionalities by bypassing the target authentication mechanism
A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier
A threat actor may bypass the Completely Automated Public Turing test to tell Computers and Humans Apart (captcha) by breaking the solving logic, human-assisted solving services, or utilizing automated technology
A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks
Data compliance is the process of following various regulations and standards to ensure that sensitive digital assets (data) are guarded against loss, theft, and misuse
A threat actor may gain unauthorized access using the default username and password
A threat actor may perform unauthorized functions belonging to another user with a similar privileges level
A threat actor may trick a user into using a known session identifier to log in. after logging in, the session identifier is used to gain access to the user's account
A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier
A threat actor is any person, group, or entity that could harm to the cyber realm
A threat actor may lunch brute force to the two-factor authentication (2FA) logic causing unauthorized access to the target
A threat actor may interfere with an application's processing of extensible stylesheet language transformations (XSLT) for extensible markup language (XML) to read or modify data on the target
A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's files
Data classification defines and categorizes data according to its type, sensitivity, and value
Safeguarding your personal information (How your info is protected)
The practice of ensuring that people or objects have the right level of access to assets
A threat actor may tamper with a stream that gets deserialized on the target, causing the target to access data or perform non-intended actions
A threat actor may cause a vulnerable target to include/retrieve local file
A threat actor may inject arbitrary operating system (OS) commands on target
A threat actor may cause a vulnerable target to include/retrieve remote file
Countermeasures or safeguards for detecting, preventing, and mitigating cyber threats and attacks (Protect assets)