1.3 Flashcards
Given a scenario, analyze potential indicators associated with application attacks.
Privilege Escalation
Gain higher level access to a system, exploits a vulnerability to get more capabilities. These are high-priority vulnerability patches.
Horizontal Privilege Escalation
Dose not move up into higher access, instead gets access to another user’s resources.
Mitigating Privilege Escalation
Patch quickly, antivirus and anti-malware can block known vulnerabilities. Data execution prevention only allows data in executable areas to run. Address space layout randomization prevents a buffer overrun at known memory addresses.
Cross Site Scripting
Cross Site Scripting (XSS) originally was associated with a browser vulnerability where information form one site would be shared with another. It is one of the most common web application dev errors and can take advantage of the trust a user has for a site.
Non Persistent (Reflected) XXS Attack
Websites allows scripts to be run in user inputs (search boxes). Attackers emails a link that takes advantage of this vulnerability. Script embedded in URL executes in the victim’s browser.
Persistent (stored) XXS Attack
Attacker posts a message to a social network, with no specified target as all viewers on the page are victims.
Protect against XSS
Never click untrusted links, disable JavaScript (difficult in today’s web), keep your browser up to date, and developers should validate their input data.
Code Injection
Attacker adding their code into a data stream, usually a vulnerability caused by bad programing.
SQL Injection
A code injection attack targeting SQL - the most common relational database management system.
XML Injection
Extensible Markup Language a set rules for data transfer. A code injection attack modifies the XML requests.
LDAP Injection
A code injection attack that modifies LDAP requests to manipulate application results.
DLL Injection
A code injection attack that utilizes the Dynamic-Link Library by injecting it to have an application run a program.
Buffer Overflows
Attackers take advantage of poor programing by overwriting a buffer of memory by spilling over into other memory areas. This is a difficult exploit; it takes time to make it do what you want without crashing the application.
Replay Attack
Attackers will take advantage of information transferred over network by accessing to the raw network data. (Network tap, ARP poisoning, Malware). The gathered information may be used by the attacker to replay the data across the network to appear as someone else.
Pass the Hash
A type of replay attack where the attacker gains access to the hash, and they replay the hash back to the server to pretend to be the original workstation.
You can avoid the attack by salting the hash or encrypting the information sent over the server.
Browser Cookies
Cookies can store information that could be used for replay attacks - personalization, session management.
Session IDs are often stored in the cookies, and attackers can use that to pose as someone else without needing a username or password.
Prevent Session Highjacking
Encrypting end-to-end communication, use protocols like HTTPS over HTTP.
Encrypting end-to-somewhere with options like a personal VPN, while being in the clear for part of the journey, it will have some encryption
Cross-site Requests
Cross site requests are common and legitimate, one web page may gather information for several other websites. Most of these are unauthenticated requests.
Cross-Site request forgery
One-click attack or sessions riding (XSRF, CSRF), it will take advantage of the trust a web app has for the user. Significant web application development oversights will allow for these, to prevent a cryptographic token can be used.
Server-side Request Forgery (SSRF)
Attacker finds a vulnerable web application, they send a request to the web server, and the server performs the request on behalf of the attacker. This attack occurs because of bad programming, the server should always validate the input and output from the user. These are rare but critical vulnerability.
Zero Day Attack
A unknown vulnerability that can be exploited.
Shimming
Windows Includes its own shim that allows backwards compatibility with previous Windows version. Malware authors write their own shims to get around security.
Refactoring
Attackers can refactor (or change the appearance of the code) to make the malware look different and let it go undetected by anti-malware software.
SSL Stripping/HTTP Downgrade
Combines an on-path attack with a downgrade attack, they will sit in the middle of the conversation to strip away the security measures on the conversation. Victim does not see any significant problem except for the browser page which isn’t encrypted. This is a client/server problem, everything needs to be up to date.
