1.3

Question 1

Privilege Escalation

Answer 1

Gain higher level access to a system, exploits a vulnerability to get more capabilities. These are high-priority vulnerability patches.

Question 2

Horizontal Privilege Escalation

Answer 2

Dose not move up into higher access, instead gets access to another user’s resources.

Question 3

Mitigating Privilege Escalation

Answer 3

Patch quickly, antivirus and anti-malware can block known vulnerabilities. Data execution prevention only allows data in executable areas to run. Address space layout randomization prevents a buffer overrun at known memory addresses.

Question 4

Cross Site Scripting

Answer 4

Cross Site Scripting (XSS) originally was associated with a browser vulnerability where information form one site would be shared with another. It is one of the most common web application dev errors and can take advantage of the trust a user has for a site.

Question 5

Non Persistent (Reflected) XXS Attack

Answer 5

Websites allows scripts to be run in user inputs (search boxes). Attackers emails a link that takes advantage of this vulnerability. Script embedded in URL executes in the victim’s browser.

Question 6

Persistent (stored) XXS Attack

Answer 6

Attacker posts a message to a social network, with no specified target as all viewers on the page are victims.

Question 7

Protect against XSS

Answer 7

Never click untrusted links, disable JavaScript (difficult in today’s web), keep your browser up to date, and developers should validate their input data.

Question 8

Code Injection

Answer 8

Attacker adding their code into a data stream, usually a vulnerability caused by bad programing.

Question 9

SQL Injection

Answer 9

A code injection attack targeting SQL - the most common relational database management system.

Question 10

XML Injection

Answer 10

Extensible Markup Language a set rules for data transfer. A code injection attack modifies the XML requests.

Question 11

LDAP Injection

Answer 11

A code injection attack that modifies LDAP requests to manipulate application results.

Question 12

DLL Injection

Answer 12

A code injection attack that utilizes the Dynamic-Link Library by injecting it to have an application run a program.

Question 13

Buffer Overflows

Answer 13

Attackers take advantage of poor programing by overwriting a buffer of memory by spilling over into other memory areas. This is a difficult exploit; it takes time to make it do what you want without crashing the application.

Question 14

Replay Attack

Answer 14

Attackers will take advantage of information transferred over network by accessing to the raw network data. (Network tap, ARP poisoning, Malware). The gathered information may be used by the attacker to replay the data across the network to appear as someone else.

Question 15

Pass the Hash

Answer 15

A type of replay attack where the attacker gains access to the hash, and they replay the hash back to the server to pretend to be the original workstation.

You can avoid the attack by salting the hash or encrypting the information sent over the server.

Question 16

Browser Cookies

Answer 16

Cookies can store information that could be used for replay attacks - personalization, session management.

Session IDs are often stored in the cookies, and attackers can use that to pose as someone else without needing a username or password.

Question 17

Prevent Session Highjacking

Answer 17

Encrypting end-to-end communication, use protocols like HTTPS over HTTP.

Encrypting end-to-somewhere with options like a personal VPN, while being in the clear for part of the journey, it will have some encryption

Question 18

Cross-site Requests

Answer 18

Cross site requests are common and legitimate, one web page may gather information for several other websites. Most of these are unauthenticated requests.

Question 19

Cross-Site request forgery

Answer 19

One-click attack or sessions riding (XSRF, CSRF), it will take advantage of the trust a web app has for the user. Significant web application development oversights will allow for these, to prevent a cryptographic token can be used.

Question 20

Server-side Request Forgery (SSRF)

Answer 20

Attacker finds a vulnerable web application, they send a request to the web server, and the server performs the request on behalf of the attacker. This attack occurs because of bad programming, the server should always validate the input and output from the user. These are rare but critical vulnerability.

Question 21

Zero Day Attack

Answer 21

A unknown vulnerability that can be exploited.

Question 22

Shimming

Answer 22

Windows Includes its own shim that allows backwards compatibility with previous Windows version. Malware authors write their own shims to get around security.

Question 23

Refactoring

Answer 23

Attackers can refactor (or change the appearance of the code) to make the malware look different and let it go undetected by anti-malware software.

Question 24

SSL Stripping/HTTP Downgrade

Answer 24

Combines an on-path attack with a downgrade attack, they will sit in the middle of the conversation to strip away the security measures on the conversation. Victim does not see any significant problem except for the browser page which isn’t encrypted. This is a client/server problem, everything needs to be up to date.

Question 25

SSL & TLS

Answer 25

• SSL 2.0 - ended 2011
• SSL 3.0 - ended 2015
• TLS 1.0 - upgraded SSL, can be downgraded to SSL 3.0 (less secure)
• TLS 1.1 - ended 2020
• TLS 1.2 & TLS 1.3 - Latest TLS standards

Question 26

Race Condition

Answer 26

A programing issue that occurs when multiple things are running at the same time, can be vulnerable if the programmer didn’t plan for it.

Question 27

TOCTOU

Answer 27

Time of check to time of use attack - an attack that takes advantage of a race condition.

Question 28

Memory Vulnerabilities

Answer 28

Memory leak, unused memory is not properly released, and it begins to grow in size. Eventually it will use all memory and the system will crash.

Question 29

Null Pointer Dereference

Answer 29

Programming techinique that refrences a portion of memory, attackers will have the refrence point to nothing

Question 30

Integer Overflow

Answer 30

Large number into a smaller sized space, you shouldn’t be able to manipulate memory this way. Programming oversite

Question 31

Directory Transversal

Answer 31

Read files from a web server that are outside of the website’s file directory.

Question 32

Improper Error Handling

Answer 32

Errors should show just enough information and avoid any sensitive data.

Question 33

Improper Input Handling

Answer 33

Many applications accept user input, and all input should be considered malicious. Always check and validate the user input.

Question 34

API Attack

Answer 34

Attackers look for vulnerabilities in the application programming interface.