1.3 Flashcards
Privileged escalation
Getting a normal user a high level access. Admin or root accounts usually.
Patch quickly updates anti virus software or data execution prevention so no info can be processed in the memory
Cross site scripting xss
Information from one browser
To an attacker. Takes advantage of trust in website using Java script
Non persistent reflected xss needs the victim to click a link to run scripts gain info and sent to attacker
Persistent stored xss, everyone gets the payload, no targeted person, a faster spread
Dont click links
Disable JavaScript
Keep browser updates
Injection attacks
Puts code in data stream or an input field such as html, sql, xml
Sql scripts goes around web front end ‘1=1’
XML injection modify the xml requests
LDAP injection (lightweight directory access protocol)
DLL injection (attach to victim, copy
DLL, execut and then act like
Victim
Buffer overflow
Overwriting of memory, that spills over into other areas.
Replay attacks
Gather network info such as network tap with physical access or ARt poisoning without physical access.
After capturing information the attacker can replay that info to access network
Pass the hash - hacker can replay hash sent prior to gain access
Same as session hacking whe. Hacking the session iD
Avoid with salt/encryption
Secure browser Cookies
Cross site requests
Loads text from a site, a video from YouTube and pics from ig. All need requests from browser. Most are unauthenticated not needed a log in
Cross site request
Forgery xsrf
Takes advantage of trust. Site trust ur browse and requests made without your consent
Client side
Sends a link to a victim computer and link sends request to their bank web server, the web servers sends cash to hacker
Server side r request forgery
Happens after finding app vulnerability. Sends request. I server on behalf of attacker
Need WAF web application firewall appropriately configured
Drivers attack
Hardware Drivers, trusted By system to gain control of system
Refactoring metamorphic malware
Downloading unique version of malware so anti virus doesn’t recognize the malware
SSL stripping / http downgrade
Sit on path of communication and modify communication. Must sit In Middle of convo with proxy server, arp spoofing rogue WiFi hotspots. Now browser is not encrypted with only http not https
Avoid to not respond to http
Race conditions
Time of check to time of use attack (toctou)
Memory Vulnerability
Memory leak, allocated for storage and returned when nothing to store. With leak, memory is not returned and keeps building.
Null pointer deference, pointing to nothing in memory or null values
Interfere overflow, where large number is placed in memory so the number
Overflows into other memory overflow
Directory traversal , allows to read files from a web server to allows to browse outside scope of software. Using ../.. to go back through directories
API attack
Manipulate the application program interface
Resource exhaustion
Zip bomb extracting a huge file making resources Slow.
DHCP starvation floods network with up address requestion, MAC address changes each time, dhcp server runs out of addresses,
