Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Similar documents
Endpoint Security - what-if analysis 1

Bank Infrastructure - Video - 1

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

Curso: Ethical Hacking and Countermeasures

Copyright

Ethical Hacking and Prevention

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

ELEC5616 COMPUTER & NETWORK SECURITY

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Question No: 2 Which identifier is used to describe the application or process that submitted a log message?

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services


Network Security. Thierry Sans

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

CIS 5373 Systems Security

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Certified Secure Web Application Engineer

Wireless LAN Security (RM12/2002)

Web Application Vulnerabilities: OWASP Top 10 Revisited

What is Eavedropping?

Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.

NETWORK SECURITY. Ch. 3: Network Attacks

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Solutions Business Manager Web Application Security Assessment

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

The Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Security and Authentication

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

SAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0

GUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.

CSC 574 Computer and Network Security. TCP/IP Security

Hacking by Numbers OWASP. The OWASP Foundation

Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM

EasyCrypt passes an independent security audit

Mobile Security Fall 2013

COMPUTER NETWORK SECURITY

Advanced Diploma on Information Security

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Security+ Practice Questions Exam Cram 2 (Exam SYO-101) Copyright 2004 by Que Publishing. International Standard Book Number:

C1: Define Security Requirements

Last time. Trusted Operating System Design. Security in Networks. Security Features Trusted Computing Base Least Privilege in Popular OSs Assurance

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Applications Security

GCIH. GIAC Certified Incident Handler.

RiskSense Attack Surface Validation for Web Applications

Systems and Network Security (NETW-1002)

Authentication Security

1 About Web Security. What is application security? So what can happen? see [?]

Web Application Whitepaper

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

CIS 700/002 : Special Topics : OWASP ZED (ZAP)

Course 834 EC-Council Certified Secure Programmer Java (ECSP)

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Question: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break.

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Smart Attacks require Smart Defence Moving Target Defence

CSWAE Certified Secure Web Application Engineer

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

VULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED

Wireless Network Security Spring 2016

Project 3: Network Security

Chapter 4. Network Security. Part I

When the Lights go out. Hacking Cisco EnergyWise. Version: 1.0. Date: 7/1/14. Classification: Ayhan Koca, Matthias Luft

Securing Internet Communication

Chapter 24 Wireless Network Security

Lecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015

Web Application Penetration Testing

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

Scan Report Executive Summary

Engineering Your Software For Attack

CNT4406/5412 Network Security Introduction

Network Intrusion Goals and Methods

9. Security. Safeguard Engine. Safeguard Engine Settings

How to perform the DDoS Testing of Web Applications

OWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Vidder PrecisionAccess

Vulnerabilities in online banking applications

Evaluating the Security Risks of Static vs. Dynamic Websites

PRESENTED BY:


The Protocols that run the Internet

Hacking challenge: steal a car!

Web Application Security Statistics Project 2007

What action do you want to perform by issuing the above command?

Host Website from Home Anonymously

CEH Tools. Sniffers. - Wireshark: The most popular packet sniffer with cross platform support.

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11

OWASP March 19, The OWASP Foundation Secure By Design

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

Transcription:

Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created

Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone: Insecure Communications Smart Devices Mobile Phone: Camera and or Mic Hijack Smart Devices Mobile Phone: Browser SSL Vulnerability Smart Devices Lifting Data Embedded in Client Distributions SatCom Counterfeit GPS Signals GPS Carry-Off GPS Attack GPS Protocol Manipulation SatCom Medium Password Recovery Exploitation SatCom Malware Infection into Product Software Camera Manipulate Resources SatCom Jamming SatCom Man in the Middle Attack Camera Malicious Software Download Firmware TCP RPC Scan TCP TCP SYN Scan TCP TCP Window Scan TCP TCP ISN Greatest Common Divisor Probe TCP TCP ISN Counter Rate Probe TCP TCP ISN Sequence Predictability Probe TCP TCP Sequence Number Probe TCP TCP Congestion Control Flag Probe TCP TCP Initial Window Size Probe TCP Content Spoofing 3G Medium Sniffing Attacks 3G Medium Action Spoofing 3G Sniffing Network Traffic 3G

Denial of Service through Resource Depletion 3G Medium Privilege Abuse 3G Resource Location Spoofing 3G Intent Spoof 3G Identity Spoofing - Impersonation 4G Medium Sniffing Attacks 4G Medium Cellular Traffic Intercept 3G Denial of Service 3G Exploitation of Authorization 4G Medium Denial of Service through Resource Depletion DSMx Medium Exploitation of Authentication 4G Denial of Service 4G Hijacking a privileged process DSMx Medium Protocol Manipulation DSMx Medium External Entity Attack DSMx Medium Mobile Phone: Camera and or Mic Hijack Camera Mobile Phone: Insecure Communications Camera Mobile Phone: Web App Vulnerabilities Camera Command Injection DSMx Medium DEPRECATED: Malware Propagation via USB U3 Autorun Remote Control DEPRECATED: Malware Propagation via Infected Peripheral Device Remote Control Leverage Alternate Encoding DSMx Medium Sniffing Attacks Remote Control Medium Man in the Middle Attack Remote Control Malware Propagation via USB Stick Remote Control Traceroute Route Enumeration DSMx Man in the Middle Attack GPS USB Memory Attacks Remote Control Identity Spoofing - Impersonation Smart Devices Medium

Man in the Middle Attack Smart Devices Add Malicious File to Shared Webroot Remote Control Shared Technology Issues Remote Control Targeted Malware Smart Devices Sensitive Data Exposure GPS Account Footprinting Smart Devices Bluejacking Smart Devices Bluesnarfing Smart Devices WiFi SSID Tracking Smart Devices Malware Propagation via USB Stick Smart Devices DEPRECATED: Malware Propagation via USB U3 Autorun Smart Devices DEPRECATED: Malware Propagation via Infected Peripheral Device Smart Devices USB Memory Attacks Smart Devices Man in the Middle Attack Antenna Sensitive Data Exposure Antenna Wi-Fi Jamming Smart Devices WiFi MAC Address Tracking Smart Devices Bluebugging Smart Devices Manipulating Web Input to File System Calls Create files with the same name as files protected with a higher classification Accessing, Modifying or Executing Executable Files Sensitive Data Exposure Weak Identity, Credential and Access Management Denial of Service

File Manipulation Authentication Bypass Dictionary-based Password Attack Sniff Application Code Password Recovery Exploitation Code Injection Reflected Cross Site Scripting - WASC Password Brute Forcing Medium Medium Overflow Buffers Exploit Common or default Usernames and Passwords Denial of Service through Resource Depletion Protocol Manipulation TCP SYN Scan Encryption Brute Forcing Medium Medium Cross Site Request Forgery Session Hijacking TCP ACK Scan Exploit Common or default Usernames and Passwords TCP ACK Ping TCP SYN Ping HTTP DoS TCP Connect Scan Unauthorized Use of Device Resources Denial of Service

WS: XML Denial of Service Reusing Session IDs aka Session Replay Session Hijacking Denial of Service through Resource Depletion Protocol Manipulation TCP SYN Scan TCP ACK Ping TCP SYN Ping TCP Connect Scan TCP ACK Scan Exploit Common or default Usernames and Passwords Medium Medium WS: XML Denial of Service Gather Information HTTP DoS ICMP Fragmentation Unauthorized Use of Device Resources Denial of Service Eavesdropping Reusing Session IDs aka Session Replay Session Hijacking Denial of Service through Resource Depletion Protocol Manipulation TCP SYN Scan Medium Medium

TCP ACK Ping TCP SYN Ping TCP Connect Scan TCP ACK Scan Exploit Common or default Usernames and Passwords WS: XML Denial of Service Gather Information HTTP DoS ICMP Fragmentation Unauthorized Use of Device Resources Denial of Service Gather Information ICMP Fragmentation Eavesdropping Eavesdropping Reusing Session IDs aka Session Replay Session Hijacking Denial of Service through Resource Depletion Protocol Manipulation TCP SYN Scan TCP ACK Ping TCP SYN Ping TCP Connect Scan Medium Medium TCP ACK Scan

Exploit Common or default Usernames and Passwords WS: XML Denial of Service Gather Information HTTP DoS ICMP Fragmentation Unauthorized Use of Device Resources Denial of Service Eavesdropping Reusing Session IDs aka Session Replay Exploiting Incorrectly Configured SSL Encryption Brute Forcing SQL Injection Blind SQL Injection Persistent Cross Site Scripting - WASC HTTP Response Splitting Open 03/20/2018 Open 03/20/2018 Open 03/20/2018 Open 03/27/2018 Clickjacking Open 03/27/2018

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback