threat_vectors
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| threat_vectors [2026/06/02 11:26] – reidjs | threat_vectors [2026/06/02 14:02] (current) – reidjs | ||
|---|---|---|---|
| Line 2: | Line 2: | ||
| The method an attacker uses to get access to the system | The method an attacker uses to get access to the system | ||
| - | Common methods: email, SMS, phishing | + | Common methods: email, SMS, [[phishing]] |
| embedded malware, e.g. javascript within an SVG image or within compressed zip file | embedded malware, e.g. javascript within an SVG image or within compressed zip file | ||
| Line 9: | Line 9: | ||
| war dialing - looking for unpublished numbers | war dialing - looking for unpublished numbers | ||
| + | |||
| + | bluetooth is a vector | ||
| Hardware Addition Attack - plugging a physical device into a machine on the network and gaining access | Hardware Addition Attack - plugging a physical device into a machine on the network and gaining access | ||
| * 802.1x (port based network access control) is important for protecting wireless networks to prevent this | * 802.1x (port based network access control) is important for protecting wireless networks to prevent this | ||
| + | |||
| + | Supply Chain - a third party vendor may have access to your systems temporarily | ||
| + | * happened to Target in 2013, hackers used the HVAC contractor' | ||
| + | * Counterfeit hardware may be an exampe of this, e.g., if some component is installed by a malicious party they may have access to the device communications | ||
threat_vectors.1780424803.txt.gz · Last modified: by reidjs