Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

Unit II Overview: Attack Tools & Methods Landscape

Lesson 6 of 15 in the free Cyber Security notes on Siksha Sarovar, written by Rohit Jangra.

Unit II Overview: Attack Tools & Methods Landscape

Unit II surveys the practical toolkit of cyber attackers — the specific techniques, tools, and methodologies used to compromise systems and steal data. Understanding attacks from the attacker's perspective is fundamental to building effective defenses. This unit covers phishing, password attacks, keyloggers, malware families (viruses, Trojans, backdoors), steganography, and denial-of-service attacks.

---

The Attack Kill Chain

Before diving into individual tools, it helps to understand attacks within the Lockheed Martin Cyber Kill Chain — a model describing the stages of a targeted cyber attack:

PhaseNameDescriptionAttacker ActionsDetection Opportunities
1ReconnaissanceGathering information about targetOSINT, LinkedIn scraping, port scanningUnusual queries, honeypots
2WeaponizationCreating the attack payloadBuilding phishing email, packaging exploitThreat intelligence feeds
3DeliveryDelivering the weapon to targetPhishing email, malicious USB, watering holeEmail gateway, URL filtering
4ExploitationTriggering vulnerabilityUser clicks link, application exploit firesAV, EDR, SIEM alerts
5InstallationInstalling persistent accessTrojan, backdoor, rootkit installationEDR behavioral detection
6C2Establishing command channelMalware connects to C2 serverNetwork anomaly detection, DNS monitoring
7Actions on ObjectiveAccomplishing attack goalsData exfiltration, ransomware encryptionDLP, UEBA, threat hunting

---

Attack Methods — Quick Comparison

Attack MethodPrimary TargetHow It WorksSkill RequiredDefense
PhishingHuman (user credentials)Fake email/website tricks userLow (kits available)Email filtering, user training
Password CrackingAuthentication systemsGuessing or computing passwordsLow–MediumStrong passwords, MFA, salting
KeyloggerUser input (credentials, messages)Records keystrokesLow (commercial tools)AV, behavioral monitoring
VirusFiles and programsAttaches to executable filesMediumAV, file integrity monitoring
WormNetworksSelf-replicates across networksMedium–HighNetwork segmentation, patching
Trojan HorseUser trustDisguises malware as legitimate softwareMediumCode signing, sandboxing
Backdoor / RATSystem persistenceHidden remote access channelHighNetwork monitoring, EDR
SteganographyData exfiltration, covert commsHides data inside innocent-looking filesMediumSteganalysis tools
DoS / DDoSAvailability of servicesOverwhelms target with trafficLow–Medium (botnets)Rate limiting, CDN, anycast

---

Mobile/Cell Phone Attack Landscape

Modern attacks increasingly target mobile devices:

Mobile Attack TypeVectorTargetExamplePrevention
SmishingSMS phishingCredentials, OTP theftFake bank SMS with linkDon't click SMS links
VishingVoice call social engineeringWire transfer authorization"Microsoft Support" callsCall verification, education
Malicious AppsApp stores (especially sideloading)Full device compromiseFake COVID apps with spywareOfficial stores only, AV
SIM SwappingSocial engineering carrierMFA bypass, account takeoverHigh-profile crypto theftsFIDO2 hardware keys
Bluetooth AttacksBluejacking, BluesnarfingData theft, spamAirport Bluetooth attackDisable Bluetooth in public
SS7 Protocol AttacksTelecom network vulnerabilitiesCall/SMS interceptionPolitical surveillanceApp-level encryption (Signal)
Wi-Fi EavesdroppingRogue access points, evil twinCredential interceptionHotel Wi-Fi attackAlways use VPN

---

Study Deep: The Modern Attack Ecosystem

  1. Cybercrime-as-a-Service (CaaS) democratizes attacks: Today, a criminal with no technical skills can purchase phishing kits ($50–200), RaaS access (20–30% of ransom), botnet rental, and DDoS-for-hire services on dark web forums. This has caused an explosion in attack frequency. The technical barrier is nearly zero.
  1. Dual-use tools dominate: The same tools used by attackers are used by defenders. Metasploit (penetration testing framework), Wireshark (network analyzer), Nmap (port scanner), Hashcat (password cracker) — all legitimate security tools misused by criminals. This creates legal complexity around tool possession.
  1. Living off the Land (LotL) attacks evade AV: Sophisticated attackers increasingly avoid custom malware that AV can detect. Instead they use native OS tools: PowerShell, WMI, scheduled tasks, PsExec. These "living off the land" techniques blend into normal system activity, making detection much harder.
  1. Phishing remains the #1 initial access vector: Despite being decades old, phishing is responsible for 91% of cyber attacks (PhishMe). This is not because phishing is technically sophisticated — it's because humans are naturally trusting and busy. The most sophisticated defense: FIDO2 hardware security keys that make phishing impossible for credential theft.
  1. Mobile has overtaken desktop as an attack surface: More than 50% of global web traffic is mobile. Attackers have adapted: mobile phishing via SMS (smishing), malicious apps on third-party stores, and exploitation of mobile OS vulnerabilities. Mobile endpoint protection (MDM/UEM) is now as critical as desktop AV.
Exam Tip: Unit II focuses on PRACTICAL attack methods. For each attack, know: (1) how it works mechanically, (2) what it targets, (3) real-world examples, (4) how to defend against it. The seven Cyber Kill Chain phases are important for understanding how attacks unfold sequentially and where defenses can be applied.