<?xml version="1.0"?>
<rss version="2.0">
   <channel>
      <title>Bookmarks by rusini siyara</title>
      <link>https://padlet.com/rusinisiyarait/Bookmarks</link>
      <description>Made with swagger</description>
      <language>en-us</language>
      <pubDate>2022-05-17 18:58:49 UTC</pubDate>
      <lastBuildDate>2022-05-24 21:38:39 UTC</lastBuildDate>
      <webMaster>hello@padlet.com</webMaster>
      <image>
         <url></url>
      </image>
      <item>
         <title>01. Shoulder Surfing</title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2189193740</link>
         <description><![CDATA[<div><strong>What is a shoulder surfing attack -</strong> <br><br>A shoulder surfing attack describes a situation where the attacker can physically view the device screen and keypad to obtain personal information. It is one of the few attack methods requiring the attacker to be physically close to the victim to succeed.<br><br><strong>Example -</strong> <br><br>when someone watches over your shoulder to nab valuable information such as your password, ATM PIN, or credit card number, as you key it into an electronic device.<br><br><strong>How to prevent&nbsp;<br></strong><br></div><ul><li>Eliminate passwords</li><li>Add a privacy screen to your devices</li><li>Always be aware of your surroundings</li><li>Use biometric authentication instead&nbsp; &nbsp;</li></ul>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/bed1c384fda45041f5da930e47ae323d/The_shoulder_surfing_attack_situation.png" />
         <pubDate>2022-05-18 09:22:26 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2189193740</guid>
      </item>
      <item>
         <title>02. Dumpster Diving</title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2189198301</link>
         <description><![CDATA[<div><strong>What is a Dumpster Diving attack&nbsp; -</strong><br><br>“Dumpster diving” means searching the trash for useful information. The trash may be in a public dumpster or a restricted area requiring unauthorized entry. Dumpster diving depends on a human weakness: the lack of security knowledge. Many things can be found in dumpster diving <br><br><strong>Examples - </strong><br><br>CDs, DVDs, hard drives, company directories, and so forth. <br><br><strong>How to prevent - </strong><br><br></div><ul><li>Have a documented equipment decommissioning process.</li><li>Use the appropriate secure storage media deletion process.</li><li>Educate employees.</li><li>Use locked trash and recycling bins, or keep refuse in a secure area until it is ready to be picked up. Use trusted equipment recyclers.</li><li>Make shredding convenient.</li></ul><div><strong><br></strong><br><br></div>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/020e5da3ac3947d4843749de802ae8ee/images.jpg" />
         <pubDate>2022-05-18 09:26:22 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2189198301</guid>
      </item>
      <item>
         <title>03. Dictionary Attack</title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2189198841</link>
         <description><![CDATA[<div><br><br><strong>What is a dictionary attack -<br></strong><br>A dictionary attack is a method of breaking into a password-protected computer, network, or other IT resource by systematically entering every word in a dictionary as a password. <br><br><strong>Example - <br><br></strong>A website fails to ensure that its password length and complexity requirements are secure enough. As a result, some users select extremely easy to guess passwords , like “abc123” or “987654,” the first passwords often tried in a dictionary attack. In any attack, these accounts will be the first to be compromised.&nbsp;</div><div><strong><br>How to prevent -&nbsp;<br></strong><br></div><ul><li>Use a random password generator.</li><li>Use biometric identification if possible.</li><li>Change your passwords frequently.</li><li>Stay away from words and easy to guess number combinations.</li></ul><div><br></div>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/aa639fef3bb1bc956aad1edadc139d62/index.jpg" />
         <pubDate>2022-05-18 09:26:46 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2189198841</guid>
      </item>
      <item>
         <title>06. Wire sniffing</title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2189200218</link>
         <description><![CDATA[<div><br><br><br><strong>What is&nbsp; Wire sniffing attack -</strong> <br><br>Sniffing attacks refer to the theft or interception of data by capturing the network traffic using a packet sniffer. <br><br><strong>Examples -&nbsp; <br><br></strong>Active sniffing, Passive sniffing <strong><br><br>How to prevent -&nbsp;<br></strong><br></div><ul><li>Avoid unsecured networks.</li><li>Encrypt your message with a VPN.</li><li>Network scanning and monitoring.</li></ul><div><br><br><br><strong><br></strong><br><br></div>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/0acddb7732da8dce0296a11280874f97/ezgif_1_cbaa08873f_removebg_preview.png" />
         <pubDate>2022-05-18 09:28:01 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2189200218</guid>
      </item>
      <item>
         <title>05. Rule-Based Attack</title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2189201159</link>
         <description><![CDATA[<div><br><br><strong>What is Rule-Based Attack - </strong><br><br>A rule-based password attack is a way of focusing a password cracking technique when an attacker knows which rules passwords in a particular system are based on, such as “alphanumeric and eight characters long.”<br><br><strong>Example - <br></strong><br>Hashcat<br><br><strong>How to prevent - </strong><br><br></div><ul><li>Create strong, multicharacter passwords.</li><li>Use elaborate passphrases.</li><li>Create password-building rules.</li><li>Avoid common passwords.</li><li>Use unique passwords for every account.</li><li>Use password managers.&nbsp;</li></ul>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/1ca5cf206fdfa4b2779474d7443f5f68/images_removebg_preview__4_.png" />
         <pubDate>2022-05-18 09:29:01 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2189201159</guid>
      </item>
      <item>
         <title>04. Brute Forcing Attack</title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2189242730</link>
         <description><![CDATA[<div><br><strong>What is Brute Forcing Attack - <br><br></strong>A brute force attack is a hacking system that uses trial and error to crack passwords, login credentials, and encryption keys. It's a simple yet dependable tactic for gaining unauthorized access to individual accounts and organizations’ systems and networks. <br><strong><br>Examples - <br><br></strong>The hacker tries multiple usernames and passwords, frequently using a computer to test a wide range of combinations until they find the correct login information.<br><br><strong>How to prevent -&nbsp;<br></strong><br></div><ul><li>Create strong, multicharacter passwords.</li><li>Use elaborate passphrases.</li><li>Create password-building rules.</li><li>Avoid common passwords.</li><li>Use unique passwords for every account.</li><li>Use password managers.&nbsp;</li></ul>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/8bb37db90b581d5bd56229a17232e91c/ezgif_5_f9428bcd9b.jpg" />
         <pubDate>2022-05-18 10:04:08 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2189242730</guid>
      </item>
      <item>
         <title> 07. MITM</title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2197374406</link>
         <description><![CDATA[<div><strong>What is&nbsp; MITM - <br>&nbsp;<br></strong>A man-in-the-center attack is a type of eavesdropping attack, where attackers interrupt a current communique or statistics transfer. After placing themselves within the "center" of the transfer, the attackers pretend to be each legitimate participant. <br><strong><br>Examples - <br><br></strong>In 2017, credit score company Equifax removed its apps from Google and Apple after a breach resulted in the leak of personal data. A researcher found that the app did not consistently use HTTPS, allowing attackers to intercept data as users accessed their accounts.<br><strong><br>How to prevent -</strong><br><br></div><ul><li>Avoiding WiFi connections that aren’t password protected.</li><li>Paying attention to browser notifications reporting a website as being unsecured.</li><li>Immediately logging out of a secure application when it’s not in use.</li><li>Not using public networks (e.g., coffee shops, hotels) when conducting sensitive transactions.</li></ul><div><br><br></div>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/afb03ffa238b45e788c2395f50f4b0e7/download__3__removebg_preview.png" />
         <pubDate>2022-05-24 08:57:09 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2197374406</guid>
      </item>
      <item>
         <title>08. Replay Attacks</title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2197420218</link>
         <description><![CDATA[<div><strong>What is a&nbsp; Replay Attack - </strong><br><br>A replay attack happens once a cybercriminal eavesdrops on a secure network communication, and intercepts it, so fraudulently delays or resends it to misdirect the receiver into doing what the hacker desires. The additional danger of replay attacks is that a hacker does not even want advanced skills to decrypt a message when capturing it from the network.<br><br><strong>Examples - </strong><br><br>A staff member at a company asks for a financial transfer by sending an encrypted message to the company's financial administrator. An attacker eavesdrops on this message, captures it, and is now in a position to resend it.<br><br><strong>How to prevent - </strong><br><br></div><ul><li>Using&nbsp; OTP&nbsp;</li><li>Adding a timestamp that’s only valid for a short amount of time can also prevent a hacker from launching a replay attack.</li><li>Ensuring you only access websites that use HTTPS protocol helps protect data and avoiding public or free Wi-Fi also helps you stay protected online.</li></ul><div><br></div><div><br><br></div>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/859c3e74f8a9a36c973cdc237a3c8a1d/300px_Replay_attack_on_hash_svg_removebg_preview.png" />
         <pubDate>2022-05-24 09:35:52 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2197420218</guid>
      </item>
      <item>
         <title>09. Rainbow Table Attack</title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2197432740</link>
         <description><![CDATA[<div><strong><br>What is&nbsp; Rainbow Table Attack - <br><br></strong>A rainbow table attack is a password cracking method that uses a special table to crack the password hashes in a database.<br><strong><br>Examples -&nbsp;<br><br></strong>A hacker finds a vulnerability in a company’s Active Directory and is able to gain access to the password hashes. Once they have the list of hashes they execute a rainbow table attack to decrypt the hashes into plaintext passwords.&nbsp;</div><div><strong><br>How to prevent it - <br><br></strong>Eliminate passwords.<br>Use salting.<br>Use biometrics.<br>Monitor your servers.<br>Don’t use outdated hashing algorithms.</div>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/8d4b3d6ef42d53f976daa82b83cc4b78/Rainbow_table_attack.jpg" />
         <pubDate>2022-05-24 09:47:47 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2197432740</guid>
      </item>
      <item>
         <title>10. Distributed Network Attack</title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2197443710</link>
         <description><![CDATA[<div><br><strong>What is Distributed Network Attack - </strong><br><br>This type of attack takes advantage of the specific capacity limits that apply to any network resources.&nbsp; Such as the infrastructure that enables a company’s website. The DDoS attack will send multiple requests to the attacked web resource, with the aim of exceeding the website’s capacity to handle multiple requests and preventing the website from functioning correctly.<br><br><strong>Examples&nbsp; - </strong><br><br>Volume Based Attacks, Protocol Attacks, Application Layer Attacks <br><br><strong>How to prevent -&nbsp;</strong></div><div><br></div><ul><li>Monitor and analyze network traffic.</li><li>Strengthen their security posture.</li><li>Monitor traffic.</li><li>Establish a DDoS attack response plan.</li></ul>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/56aabae7bf4aef501270e29155f79ff4/Distributed_Network_Attack__DNA___1_.jpg" />
         <pubDate>2022-05-24 09:58:33 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2197443710</guid>
      </item>
      <item>
         <title>11. Credential Stuffing </title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2198289651</link>
         <description><![CDATA[<div><br><strong>What is Credential Stuffing&nbsp; attack - <br><br></strong>Credential stuffing is a cyber-attack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service.<br><strong><br>Examples - <br></strong><br>According to an FBI security advisory obtained by ZDNet, between January and August 2020, hackers used a bulk load of credential pairs to conduct more than $3.5 million fraudulent check withdrawals and ACH transfers from a mid-sized financial institution in the US.&nbsp;</div><div><strong><br><br>How to prevent -&nbsp;<br></strong><br></div><ul><li>Use Multi-Factor Authentication (MFA).</li><li>Use a CAPTCHA.</li><li>Use device Fingerprinting.</li><li>Use Rate-Limit Non-Residential Traffic Sources.</li><li>Block Headless Browsers.&nbsp;</li></ul><div><strong><br></strong><br></div>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/1bc603efd42f86d04998cc3ef74e0225/credential_stuffing.png" />
         <pubDate>2022-05-24 20:42:51 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2198289651</guid>
      </item>
      <item>
         <title>12. Keyloggers</title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2198298563</link>
         <description><![CDATA[<div><strong><br>What are Keyloggers - <br><br></strong>A keylogger is software or hardware capable of recording input from a computer keyboard and intercepting keystrokes without the user’s knowledge.<strong><br><br>Examples - <br><br></strong>Revealer Keylogger, Ardamax Keylogger<strong><br><br>How to prevent it - </strong><br><br></div><ul><li>Use a 2-Step Verification.</li><li>Install Software Updates.</li><li>Use Key Encryption Software.</li><li>Avoid Downloading Crack Software.</li><li>Avoid Downloading Crack Software.</li></ul><div><br><br></div>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/b382b314561e5b53344f49ae266c1644/advanced_keylogger.png" />
         <pubDate>2022-05-24 20:54:15 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2198298563</guid>
      </item>
      <item>
         <title>13. Phishing </title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2198308709</link>
         <description><![CDATA[<div><strong>What is&nbsp; Phishing -<br><br></strong>Phishing is a type of social engineering attack in which cybercriminals trick victims into handing over sensitive information or installing malware. <strong><br><br>Examples - <br><br></strong>Email phishing, Spear phishing, Whaling attacks, Smishing and vishing<br><strong><br>How to prevent -&nbsp;</strong></div><ul><li>Thinking Twice Before Clicking.</li><li>Installing An Anti-Phishing Toolbar.</li><li>Verifying A Site’s Security.</li><li>Checking Online Accounts Regularly.</li><li>Using Firewalls.</li></ul>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/b4317263efa5a63f267e91f21bbcb3f9/download__1__removebg_preview__2_.png" />
         <pubDate>2022-05-24 21:07:03 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2198308709</guid>
      </item>
      <item>
         <title>15. Traffic Interception</title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2198311877</link>
         <description><![CDATA[<div><strong>What is a Traffic Interception attack - <br></strong><br>Interception attacks allow unauthorized users to access our data, applications, or environments and are primarily an attack against confidentiality. Interception might take the form of unauthorized file viewing or copying, eavesdropping on phone conversations, or reading e-mail, and can be conducted against data at rest or in motion. <strong><br><br>Examples - <br><br></strong>Eavesdropping on communication, Wiretapping telecommunications networks, Obtaining copies of messages for later replay. <br><strong><br>How to prevent - </strong><br><br></div><ul><li>Using Encryption</li><li>Traffic Padding</li><li>Use Firewalls</li><li>Keeping backups of system configuration data properly.</li></ul><div><br><br><br></div>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/0dc800540f963ac4270f4ccba1b49bda/download.png" />
         <pubDate>2022-05-24 21:11:01 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2198311877</guid>
      </item>
      <item>
         <title>16. Password Spraying</title>
         <author>rusinisiyarait</author>
         <link>https://padlet.com/rusinisiyarait/Bookmarks/wish/2198323552</link>
         <description><![CDATA[<div><strong>What is&nbsp; Password Spraying&nbsp; -<br><br>Password spraying is a type of brute force attack. In this attack, an attacker will brute force logins based on a list of usernames with default passwords on the application.<br><br>Examples- <br><br></strong>An attacker will use one password (say, Secure@123) against many different accounts on the application to avoid account lockouts that would normally occur when brute forcing a single account with many passwords.<br><strong><br>How to prevent -&nbsp;</strong></div><div><br></div><ul><li>Brute force presentation should be on both field.</li><li>Use multi-factor authentication.</li><li>The admin managed application should force users to change their password on first login with default password.</li></ul><div><br><br></div>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/1704225159/8cfd5784f77d84168ce5d9296b92a76c/1_4zK8queZwOvS_UJSf4IxnA_removebg_preview.png" />
         <pubDate>2022-05-24 21:26:17 UTC</pubDate>
         <guid>https://padlet.com/rusinisiyarait/Bookmarks/wish/2198323552</guid>
      </item>
   </channel>
</rss>
