diff --git a/tech/malware.wiki b/tech/malware.wiki index 9462c5c..a6f0ab7 100644 --- a/tech/malware.wiki +++ b/tech/malware.wiki @@ -3,92 +3,92 @@ == Types == -== Advanced Persistent Threat == +=== Advanced Persistent Threat === Cybercrime directed at a business and political targets, using variety of intrusion techs and malware, applied persistently Often state sponsored. -== Adware == +=== Adware === Advertising that is integrated into software. Makes popup ads or redirection of a browser to commercial site -== Attack kit == +=== Attack kit === Set of tools for generating new malware automatically using a variety of supplied propagation and payload mechanisms (metasploit) -== Auto-rooter == +=== Auto-rooter === Malicous tools to break into new machines remotely -== Backdoor (trapdoor) == +=== Backdoor (trapdoor) === Any mechanism that bypasses a normal security check; it may allow unauthorized access to functionality in a program, or onto a compromised system. -== Downloaders == +=== Downloaders === Code that installs other items on a machine that is under attack. Included in malware code first inserted onto a compromised system to import a larger malware system. -== Drive by download == +=== Drive by download === Attack using code on a comprisimised website that exploits a browser vulnerability to attack a client system when the site is viewed. -== Exploits == +=== Exploits === Code sepcific to a single vulnerability -== Flooders == +=== Flooders === Generate a large volume of data to attack a networked computer system, carrying out some DOS attack -== Keyloggers == +=== Keyloggers === Capture keystrokes on a compromised system -== Logic Bomb == +=== Logic Bomb === Code inserted into malware by intruder. Lies dormant until a condition is met, then code triggers some payload. -== Macro virus == +=== Macro virus === Virus using macro scripting code, typically embedded in a document or document template, and triggered when the document is viewed/edited, to run and replicate into other documents. -== Mobile code == +=== Mobile code === Software that can be shipped unchanged to a htereogenous colelctions of platforms and execute with identical semantics. -== Rootkit == +=== Rootkit === Tools used after a system has been compromised to gain root level access -== Spyware == +=== Spyware === Software that monitors keystrokes, screen data, and/or network traffic, or scans files for sensitive information, and sends it back to some Controler server. -== Trojan horse == +=== Trojan horse === Appears to have useful function, but has hidden and malicous purpose and evades security machanisms, sometimes by exploiting legit authorizations of system entity that invoked it -== Virus == +=== Virus === Malware that when executed, attempts to replicate itself and propigate itself. -== Worm == +=== Worm === Malware that can run independently and can propagate a complete working version of itself onto other hosts on a network, by exploiting software vulns in the diff --git a/tech/security.wiki b/tech/security.wiki index 3983525..78dd386 100644 --- a/tech/security.wiki +++ b/tech/security.wiki @@ -50,6 +50,8 @@ Hiding information == [[malware|Malware]] == +See [[malware]] + == Common attack vectors == Try setting the HTTP `Host` header value to `internal-ip:80` where internal ip