Attack Types

In offensive security, various types of attacks are employed to compromise systems, networks, and web applications.

System/Host-Based Attacks

These attacks target specific systems or hosts running particular operating systems, such as Windows or Linux. They come into play after gaining access to the network and are focused on exploiting vulnerabilities within servers, workstations, or laptops. System-based attacks exploit misconfigurations and inherent OS vulnerabilities, requiring a deep understanding of the OS.

Example: Exploiting the MS17-010 vulnerability on Windows (EternalBlue).

Network-Based Attacks

These attacks focus on compromising the communication channels between devices in a network. Attackers can exploit weaknesses in network services, protocols, or poorly secured devices, such as routers and switches. These attacks are often used for initial access or data interception.

Example: Man-in-the-middle (MITM) attacks, ARP spoofing, or DNS hijacking.

Web Application Attacks

Web attacks target the vulnerabilities in websites or web applications, exploiting weaknesses in the code or configurations. These attacks are common due to the widespread use of web applications.

Example: SQL Injection, Cross-Site Scripting (XSS), or Cross-Site Request Forgery (CSRF).