Skip to content

Latest commit

 

History

History
58 lines (50 loc) · 1.1 KB

SurfaceAttack.md

File metadata and controls

58 lines (50 loc) · 1.1 KB

Superfície de Ataque em Dispositivos Móveis

via Browser

  • Phishing
  • Buffer Overflow
  • Man-in-the-Middle
  • Clickjacking
  • Data Caching
  • Framing

via Sistema

  • Weak Passcodes
  • Passwords accesible
  • Weak Encryption
  • iOS Jailbreak
  • Android Rooting

via Phone

  • SMishing
  • Baseband Attacks

via Applications

  • Source Code
    • Vulnerabilities
    • Secrets Hardcoded
  • Weak Encryption
  • Misconfiguration (Permissions)
  • Sensitive Data Storage
  • Escalated Privileges
  • Config. Manipulation
  • Improper SSL Validation

via Network

  • Wi-Fi with no encryption or weak encryption
  • Pocket Sniffing
  • Man-in-the-Middle
  • Session Hijacking
  • DNS Poisoning
  • SSL Strip
  • SSL Certificate

via Webserver

  • Vulnerabilities
  • Misconfiguration
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (XSRF)
  • Weak Input Validation
  • Brute Force Attacks

via Database

  • SQL Injection
  • Privilege Escalation
  • Data Dumping
  • Command Execution (OS)