Victory or Valhalla?

February 17, 2024

image Some things are worth it, some aren’t. you gotta decide in-between of those two. Hey learners, This is the part-23, How was the day? hoping It was wonderful. Let’ see what we have in the bag for today!

  • Resource Hijacking I think we all know the term “hijacking”, for those who aren’t familiar with the word, It basically means, taking control of something which isn’t yours. Now, coming to the resource hijacking, It’s a method to gain illegal access and control the flow of a particular device’s resources. It can be used a variety of ways, for e.g. an attacker can leverage the great CPU/GPU capabilities of a compromised device and secretly do things which can exhaust the device’s resources such as Crypto-Mining. “*If It’s crypto-mining, why haven’t you said so in the heading?!” *crypto-mining is restricted to just the said task. I’ll try to explain and a go a bit more than that, resources are a crucial part of a system, the CPU and the OS work very hard to utilize the RAM/ROM and allocate them to the applications and software running on the user’s end. These are important, without proper CPU scheduling and memory allocation, everything inside the System goes Haywire, when such incidents happen, there would be little to no priority for daily day-to-day works, the attacker can manipulate the resources to give utmost priority to this “specific task”, this specific task can be performing a mass DOS requests (acting as a swarm), being part of a peer-to-peer hosting services, the attacker might be hosting an illegal web-application and rerouting the traffic from the victim’s end, the attacker can host a deep web forum and utilize the victim’s CPU for the server up/run time and many more. All the things I’ve said above are a set of plausible attack vectors, these are complex to launch but not impossible. The victim can never find about these things, It would feel like *“huh? My PC seems to be slow, I think I need to upgrade my CPU/GPU again”. *As I say, the real art is not in successfully compromising a system, It is in making the target feel like It just didn’t happen. 2. Service Stop Be It in any operating system, a few services are required to do some common things, such as booting up, providing necessary System/Software interaction, attackers can disrupt these services without compromising the entire system, such as creating specific applications which have the capabilities of stopping services(often by taking admin privileges), such attacks can make companies lose clients/stop critical infrastructure operations and can even disrupt their entire IT centre. Attackers do this out of political agendas, for ransom and personal goals. This isn’t a big threat, most companies can recover in no time, but this is still a threat that needs both mitigation and prevention! 3. System Shutdown/Reboot Attackers can remotely shutdown/reboot systems, or they can influence such operations by the help of pwned hardware. Hardware can be used to repeatedly abuse the system’s power eventually forcing it for a reboot. Just as we had discussed about the service stoppage above, the same can be applied in here too. These are done by internet trolls, often with the agenda of tomfoolery . It’s not that of a big deal. We just have to be careful when executing unknown scripts, some may damage our system, some may corrupt our system. 4. Network Denial of Service I’m very sure that you know what a DOS/DDOS is, so I don’t want to go into those details. Network DOS is similar to the traditional *Denial of Service, *In here the attack is done on network focused areas, such as employee shared drives, places with a constant employee traffic and fields requiring employee authentication. This is done to make the company unable to serve their employee needs(normal office tasks), the consequences are very minute( /maɪˈnuːt/), because obviously these days even a simple grocery store’s website is protected by WAF/WAP services. 5. Direct Network Flood Direct Network flood is a method used by attackers to completely make the company’s network down/inaccessible. When an application gets more requests than it can possibly serve, It crashes. Same thing can be applied to networks too. These are the places where good secure practices are required such as audit and review, protection by third parties and constantly upgraded technologies/software etc. Those are the minimal things for today, I’ve initially planned to deep dive more into them, but there are a lot things that needs to be done and sleep is literally my nemesis. I’ll see you tomorrow!