1.4 Analyze potential indicators associated with network attacks.

6. IV, RFID, NFC Attacks

In this video, I'm going to be going over three attacks: IV attacks, RFID attacks, and NFC. So let's get started. The first thing we're going to talk about is the anIV attack, also known as an initialization vector attack. Yeah So what exactly is this? Now, this is against cryptography. This is mostly against the cryptographic encryption of wireless protocols. So, if you remember the previous video, I cracked Web. And if you watch that video, it should have been fun to watch and try. WeP was cracked relatively fast and easily. I think in that video I captured 102,000 packets. I had to capture them in order to crack the web. Now let's talk about this.

So how was that possible and why was it that easy? So the way the algorithm works, right, the way the Web was working, the protocol, I should say, the protocol was working, was that it tookan IV, which is just a number. IV is just a number, combining it with the key that helped create the encryption. But what happens when Web is WebPused at a small IV at 24 bits? And what that meant was that every time the packets came out, it could use a new IV. But, in theory, it couldn't because the number was so small, and there weren't many IVs available. So when you capture in a good set of these packets,you are able to get the IV and, in other words,get the IV and then get the key itself. That's how weapons crack, and that's an IV attack. Now, IV attacks are really against this wireless encryption, especially weapons. So we're a good example of that. So remember, an IV is basically an attack against some kind of cryptographic algorithm or cryptographic protocol used to encrypt data.

No, that's for your exemption. The next one we're looking at is the RFID radio frequency identifier. Now these things are all over the place. RFID tags are put on the inventory. They're put on even for your pets, right? My little dog has an RFID tag in her. We got her from a store like that. And if she's ever lost, the cops can scan her and they will see that she belongs to this household. But businesses put them on different inventory, different parts,and they're able to keep track of them. I'll show you guys right now. So here is a set of RFID tags.

I just went to Amazon and I literally just had RFID tags. Here is a bag of 100 RFID pieces that you can put on different things. And you can put these tags on different inventory,different devices that you want to keep track of. Now there will be a reader that can keep track of these devices. So these are basically RFID tags, and there are a whole bunch of different RFID tags. Then came RFID readers. Here's a tag with readers and so on. So you can notice they're not very expensive, these particular things. So they're very popular. Now come the attacks against them. So I want to go take a look here at the attacks. So there were three attacks. We want to talk about sniffing or ears droppin', replay, and denial of service attack.

So sniffing our ears drop in is when the attacker is able to sniff the RFID signal between the tag and the reader, grabbing the data right off of it. A replay attack is when they can thenreplay what they captured back to the reader, basically stealing the device. So let's say I tagged this mouse with an RFID tag reader because I want to make sure that it's secure and it can't leave the actual network. So what happens is that they go out, they sniff the data, they steal the data right off the tag information, and then they now have the tag information that's attached to the device. They can basically steal the device right off the network and no one will know because they can just leave the fake tag on the ground. No one will know this device is gone. Denial of service is when they keep pushing requests to the actual readers and they don't function properly or normally and the RFID tags don't work anymore. OK, the next one here we're talking about is going to be on your phone. NFC, or near-field communication. You guys are probably using this on your phones. I don't use it, but it's getting pretty popular. This is when you store your credit card on your phone and when you want to pay somewhere, you just walk up to it. You enabled the NFC on the phone, and you just tapped it.

NFC is near-field communication. It's not a very long distance. It's only, I think, one and a half inches or 4 CM, something like that is the maximum distance. So it has to be very clear to the reader to work that way. I could make mobile payments using my cell phone. So there are some attacks against it. Of course, there are some attacks against it. Let's go back into this. As a result, ears drop. So this is dangerous because now they can hear drop and get information between the NFC device, the phone, and the reader. It's a very difficult thing to do, and they may not be able to get all the data, but they may be able to get some of your personal information right off of it.

Data modification is when they're able to get in there and modify the data, causing corruption or maybe causing the payment systems to fail. And then a replay attack is when they're able to capture the information between the NFC device and the reader and replay it. Basically, buying things with your credit card for things you don't even know. Okay? So with all these things, you've got to be careful when using them. You want to make sure that you secure your RFID readers. You want to make sure you secure your NFCs and maybe turn them off when you're not using them. Alright, so in this video we covered three important things. In IV, the attack is primarily directed at algorithms, such as RFID. Be careful with those tags. Make sure you secure the tags. Make sure you use secure channels, especially NFC. NFC does have a secure channel that you can use that helps to stop things like ears dropping,data modification, and replay attacks on NFC.

7. MAC Flooding and Cloning

In this video, I'm going to be showing you how to do Mac flooding and Mac cloning. There are basically two attacks that could cause a lot of damage, especially the flood part. So here's what this is. You guys can understand how switches work, right? So a switch passes data based on what? based on a Mac address, right? So a switch has a table of all the Mac addresses on the corresponding port. One of the attacks that people like to do is to flood the switch with a whole bunch of frames,basically, and turn the switch into a hub. So let me explain why you want this. Okay, so when you're on a network and you want to sniff data on the network, switches are a problem because switches don't allow me to see data between those two computers over there talking.

Why? Because the switch technically switches data between the two ports, I don't get a copy of it because I'm on another port somewhere else. So what I could do is I could flood the entire switch, Mac, flood in with a whole bunch of random frames into the switch, basically using up the entire Mac address table or curing the content address table. Some people call them cam tables. Basically, flood the switch table.

And you know what happens when the switch gets its table flooded? It turned into a hub. And that allows me to not sniff traffic on the whole network because now everybody's talking to everybody. And traffic is going everywhere because the switch doesn't have any entries in its table. So, this is a pretty good attack to do. I'm going to show you guys how to do it. I'm going to turn it on. I'm going to shut it off because I want to bring down my network here. So we're going to put it on really quickly. You're going to see it flood very fast, and then I'm going to shut it off. So let's go take a look at that. OK, so I just want to make sure I've run the command already, so I have it all saved there so I don't have to come type it here.

But I'm just going to show you guys the interface here. I have all my Kali Linux here. I'm going to do if config and you will notice that I have an Ethernet here. I want you guys to notice that it's a Mac address because we're going to do Mac address changing there. all right? As a result, ethernet zero. So I'm going to run a command here. Here it is. No, that's mac. Address changing.It will come back to that. Here it is. So Mac and I'm just going to put a dash for the interface and this is the one that just creates the flood. Just a small, simple, just a small, simple command is this. Now, I'm not going to keep this on for long. If you do this on your network, you can basically create a whole lot of traffic on your network and flood all your switches, so you can start sniffing data on your network. So I don't need the incredible traffic. This number doesn't have an ID on it.

It's about to light up right now. Let's go. Press Enter and you can see a whole bunch of stuff start. This crazy, crazy frame is being injected into the switches here. So we're going to control Cedar to stop that because I don't want that running. But that's basically how you would do it. Basically, you would run that command and it would flood the entire switch table. So if you had the Cecil switch in the network, which I don't have right here, but if you had a Cisco switch, you would see that its entire table gets flooded with all the entries.

So if the table supported 8000 entries,we would have flooded that very fast. You saw how many frames we pumped out of here. Okay, the next thing I'm going to show you guys is how to change your Mac address. And there is a command in Kali for that. Also, of course, Kali is the best operating system in order to change your Mac address. Let's go see this. So this is going to be Mac Cloning. This is basically a spoof of a Mac address like this. I'm just going to change it to a random Macaddress so you can see how easy it is.

And the command to spoof a Mac address to get someone else's Mac address onto your Mac,onto your net card would be very similar. Let's go back here to Kylie Linux. And I'm just going to do that ifconfig one more time so we can get that if configuration. And I'm going to see that. So the Mac address I have right now is 8000kay.

So this is the Mac address I have right now. And I'm going to tell you this, I'm going to run a command here. It's literally called "Mac Changer." That's how easy it was, right? So I'm going to say Mac Changer with a dash R for random and Ethernet 0. So this is the port. So look at this one here, and then we're going to just run that command. And so this is my old one. This is the permanent Mac, just like the Mac address on the card. This is the current one, and this is a new one. It just generates a random Mac address.

So if you ever do an attack on the network and you think that you might be detected doing it, change your Mac address. It's just one command. It's pretty easy to get your random Mac address. So even if they have log files and they're tracking and keeping track of the logfiles, they're not going to know it's your computer because the Mac address has changed. If you want to change it back,say, look at if I do if configuration. You'll notice that the Mac address is changed, and that three things are generated. If I want to put it back, I would just run the command with the P this time, and it would put back the permanent Mac address that was on the card, which I want to continue using this machine. I don't need a fake Mac address. And let's make sure that works. Yes, that does work. Okay, so that is all I needed there. Okay, So you can see how easy it was to flood an entire Mac table there. And you saw how easy it was to change your Mac address on your neck. Art.

8. DDOS Attacks

In this video I'm going to be talking about Distributed Denial of Service attacks, or DDoS attacks. These attacks are really, really famous across the world, and I'm pretty sure what is happening right now as you're watching this video. As I'm filming this video, there's probably one going on right now that's taken out a major website.

So let's do a quick definition quickly. DDoS stands for Distributed Denial of Service. In its most basic form, a denial of service is simply one computer attempting to disconnect from a specific server on the Internet. Maybe this computer I have that has a tonne of resources also has a one gigabit internet connection. Maybe I can take out a small server on the Internet just by myself. How would I do it? Well, maybe I could ping flood. This would be a network layer attack where I would use ICMP, which is a network layer, which is a network layerprotocol to ping the machine, ping it to death. Basically, I would send a whole bunch of ping packets to it and keep doing that and use up all its resources. That would be just a standard denial of service. A distributed denial of service attack is different.

This is when you have bots roaming the internet, generating a lot of traffic. Instead of using one computer, let's use a whole bunch of computers around the Internet in order to target one particular host. Now, your exam does look at three different DDoS attacks. Take a look. So the first one that they have is this one, known as a network-based denial of service. So a network denial of service attack would target things in the network layer. This would be targeted network layer protocols such as using ICMP, which I just mentioned. Like a ping flood targets the network layer,the networking stack of your OSI model. Using an ICMP, for example, is well-known.

People use this in what's called "Smurf attacks." We can also use this. Ping floods are very popular when trying to bring down servers. So you can imagine you get a whole bunch of computers and they start pinging a lot of different computers. A whole bunch of machines are bots pinging one server. The other one is the application. It's targeting the applications on the victim's machines this year would be like targeting a web application. So this would be in the application there.

So targeting a web application, particularly like HTTP applications, especially like websites,is what they would target. So they would send a lot of traffic to a particular website using the HTTP protocols on the system. And the other one mentioned here is called operational technology. As a result, this target or uses operational technology will typically be things like video surveillance systems. That organisation has industrial equipment systems, things that didn't used to be on a network before, IoT, different types of Internet of things devices that this year would use or target. So, for example, they would create a whole botnet of different IoT devices, such as video surveillance systems, particular camera systems, or even baby monitors, with the Mari botnet that they had used. So these are some of the different ways that they could utiliseDDoS. Now, I'm going to show you guys some interesting things here to take this a little bit further. So I have here what's known as a live cyber threat map. And I like this one. This one is from Checkpoint.

Checkpoint.com is a threat map. And what this is doing is that it's showing me a taxi that is happening throughout the world at this particular time. So, as of right now, there have been 30 million cyber attacks and showing you as. It's going across the world right now. And this is Checkpoint, the famous firewallmaker, security software maker, actually showing it to you as it's happening live. There's a variety of these different websites that would show you this, right? These are all the different datasets. So you can see how many Dos attacks and threats are happening throughout the day. I did want to talk about this video, just so you understand. There are a lot of very famous ones. I'll talk about two very famous Dos attacks.

And this is Cloudflare. If you just go to Google, it's that famous DDoS attack. You guys can read up on this. The second link here is the cloudflare one that I'm looking at. One of the most famous ones was in 2018, the GitHub DDoS attack. And just to give you an understanding of how big a DDoS attack can happen, GitHub was one of the largest ones that ever took place. GitHub is basically a repository for coders. Programmers store their codes, right?

It's like a big code library. GitHub was one of the biggest. It reached 1.3 terabytes per second. At one point, it had peaked, and that's a lot of data. Consider the size of a computer: 1.3 terabytes. I mean, I thought I had a fast internet with 1 GB. How many devices would it take in order to generate that much traffic? In 2016, there was one againstDiana DNS with the Mariah botnet. This year they used Internet of Things devices such as cameras, smart TVs, printers, and babymonitors to take out Dinah DNS. Dinah DNS hosts is a host of DNS services for places like Airbnb, Netflix, PayPal, Amazon, so on.

So this would generate a lot of traffic towards the Dinah DNS servers and take the entire server down, taking out all these different websites. So, yes, it could get pretty dangerous. It could get pretty nasty out there with a DDoS attack. Here's the thing: When it comes to DDoS attacks, if they want to take out your website, they could. All they've got to do is get botnets and just try to keep refreshing your page, sending your traffic towards your website. So the question would be, how do we mitigate these things right now? A long time ago, I once spoke to a very smart security person a long time ago.He had told me, Andrew, there was no winning with a DDoS attack. I said, really? Is there no way to win? He said, "Yeah, here are some ways you can do it."

So you could, let's say, you're being DDoS attacked. What you could do is shut your service down and the bots would stop. They may think that the service is down completely and stop the connection. But if you shut your own service down,it's like doing the dolphat against yourselves. In the end, you may have to shut it down for very small intervals of time instead of having this data attack last days, hours, or months. There's a Google one where it lasted like six months from the Chinese hittingthe bunch of Google's IP addresses. Another thing you can do is hire Cloudflare or different types of companies to mitigate and absorb the traffic for you.

But in this one, you don't win either because it costs a lot of money. Your website will stay up, but it will cost you a lot of money. And then, of course, there are different types of firewalls that can detect certain types of DDoS attacks and shut them down. But once again, it's going to cost you money. So you're always going to spend money. So that's why you're always a loser in this situation. But that's part of being insecure and that's part of how this world works. It's not very nice, but that's the way it is. Okay, so there you go with DVOs, a very popular attack that attacks and takes out a lot of different websites. And these were the different types of DDoS attacks.

9. Malicious Code

In this video, I'm going to begoing over malicious code or script execution. What you should be familiar with when it comes to these particular malicious codes Malicious codes are bad software or codes that you can execute on your computer that can cause harm to your computer. Basically, it can cause things. Malicious code can do things like delete data from your computer or curve data on your computer. Some of them are ransomware, right? Hold your ransom. We talked about those when we did our malware section. So revert back to the malware section of this course to see the different malware that we have. Don't forget me executing somemalware on my own computer. That was pretty fun. But in this video, I want to talk to you guys about some malicious codes.

What are the different languages that you can write these codes in? Now, I'm not going to show you how to write malicious codes in this video, although in my Ethical Hacking Class, I do show you how to create some high-level malicious codes. But we'll keep that for another class. But you could do it with these codes. Let's take a look. So our exam mentions five different scriptexecution codes that we could use. So the first one we have is PowerShell. Oops, PowerShell, where is my line? So PowerShell This is based on Windows, right? So, you guys are probably familiar with PowerShell. You use this to run a lot of commands on your Windows boxes. Windows 710 basically allows an automation and configuration management framework for Microsoft. So whatever we're doing with different types of automation scripting on our computers, especially on Windows Server, and then different types of configuration options on your Windows Seven or Windows TenBox, we're going to be using PowerShell.

The other one here is Python. Now, this is The Almighty Powerful Python. Python is a high-level and general-purpose programming language. Python scripting is very popular. We do Python automation. For routers We do Python programming. And for applications, I do Python scripting for different forms of Linux, something I was very good at a long time ago. I'm not sure if I'm that good at it or I've forgotten a lot of syntax. I could read Python very well. To this day, I think I'm the best copy pasteur in Python. Because it's a high-level general-purpose language, you could write some pretty Moreover, there has been a lot of pretty malicious code written in Python. Now, Bash is the Unix shell command language. This is basically bash, which is what you're using on Linux.

This is what you see when you open your Unix shell. Basically, it's what it is. So you can automate A lot of commandors write malicious codes in these macros. Now a macro. People know this. Microsoft Office files are built into Microsoft Office documents. And to automate the description of Macros, people use VBA, so let me explain this. When you open an Excel sheet, you can automate tasks, perform specific calculations, or run specific commands. And we do that with VBA. visual basics for application. When you combine and you make these VBAcodes in Excel or PowerPoint, they get stored as macros in Microsoft Office. Now, Microsoft has gotten really precise about this. If anyone ever sends you a Microsoft Office document that has macros attached to it, it'll give you a warning. It will say, "Hey, you don't want to open this." It doesn't want to execute the macro, or you have to add the macro to a trusted list.

It has become difficult now because Microsoft knows that they were using macros to write malicious codes that could infect and corrupt people's te malicious So these were the different programming languages out there, scripting languages that we can use to write malicious code, for example. Just be familiar with these particular terms. Note that these programming languages or scripting languages were used to make malicious codes. And how do you stop them? People say, well, how do you stop these things? Well, it is malicious software. Having things like anti-malware on your computer and keeping your computer up to date would be ways of stopping these malicious codes.

Study with ExamSnap to prepare for CompTIA Security+ Practice Test Questions and Answers, Study Guide, and a comprehensive Video Training Course. Powered by the popular VCE format, CompTIA Security+ Certification Exam Dumps compiled by the industry experts to make sure that you get verified answers. Our Product team ensures that our exams provide CompTIA Security+ Practice Test Questions & Exam Dumps that are up-to-date.