# Active v Passive Attacks


## Base Definitions

Passive: compromising a system but not necessarily doing anything apart from _watching_

Active: compromising a system while doing something to the system apart from infiltrating it

## Loosely speaking

_Passive_ can be just like listening in on a conversation(eavesdropping) where _active_ is like jumping into the conversation and trying to do something to it.


## When/How would either happen?


If the result of an attack is to actually trigger some code to run then usually we need to first gather the information required to understand how to make that happen.
The reasoning is straightforward: if you don't know how some system works then it's much harder to exploit that system.

Random example: Using a keylogger to log keystroke before sending those logs to a server for processing could be a passive attack since you're still in a _gathering data_ sort of mode.
Finally using that data to trying logging into some service would be the active portion of a full-scale attack.