Shulou(Shulou.com)06/01 Report--

one,

Vulnerability scanning: use automated tools such as nessus and microsoft baseline security analuzer to find known vulnerabilities

* testing: attempts to actually exploit vulnerabilities, and * system

two,

Passive reconnaissance: reconnaissance carried out without actual connection to the target, such as the collection of information from a secure website

Active reconnaissance: design communication with the target network, such as vulnerability scanning

The main difference between the two: passive unconnected network, active connected network

three,

Pivot: springboard * *, which refers to * A, and uses An as the basis of * B.

four,

Shimming: means that the user places some malware between the application and other files and intercepts the communication to that file (usually to the library or system API)

five,

How to crack the password:

Raibow table Rainbow Table: is a pre-calculated hash table used to retrieve passwords.

Dictionary attack dictionary *: use a list of common or possible passwords.

Brute force cracking: use all possible passwords.

Collision: collision, where two different inputs produce the same hash.

six,

Bluejacking Bluetooth hijacking: send unsolicited information to Bluetooth devices when they are at a certain distance

Bluesnarfing: getting data from Bluetooth Devic

seven,

Wifi protected setup, referred to as wps, uses a pin to connect to an unlimited access point (wap). Wps attempts to intercept the pin in transit, connect to the wap, and then steal the wpa2's password.

IV attack: initial vector * *, a covert encryption used with stream ciphers, IV*** attempts to exploit vulnerabilities to use IV to publicly encrypt data

Evil twin: fake access points, propagated and ssid, just like unauthorized counting points

Jimmimg:wifi interference, blocking the wireless of wifi signals, preventing users from connecting to the wireless network

eight,

Dns poison:dns poisoning attempts to put fake dns records into the dns server.

Dns spoofing:dns spoofing, using the added dns information.

Amplification attack |: send too large fake DNS request, which is a highly specialized denial of service type *.

nine,

Multiple infections: infect both files and boot sectors in the operating system.

ten,

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.