1.3 Analyzing Potential Indicators with Application Attacks Flashcards
An intruder monitors an admin’s unsecure connection to a server and finds some required data, like a cookie file, that legitimately establishes a session with a web server. Knowing the admin’s logon credentials, what type of attack can the intruder perform with the cookie file?
replay attack
An attacker modified the HTML code of a legitimate password-change web form, then hosted the .html file on the attacker’s web server. The attacker then emailed a URL link of the hosted file to a real user of the webpage. Once the user clicked the link, it changed the user’s password to a value the attacker set. Based on this information, what type of attack is the website vulnerable to?
Cross-site Request Forgery (XSRF)
An attacker submits a line of code in a text field of a website survey. When the web server processes the submission, the code is executed, and the output enumerates password hashes from an internal database. What type of application exploit did the attacker most likely implement?
SQL injection
After obtaining local administrator privileges on a machine, a hacker evaded antivirus detection using code refactoring and was then able to get the Windows machine to load a malicious binary package in memory. What type of attack is this?
Dynamic Link Library (DLL) injection
A registry has a code library added to it, to include its files to the system folder, which can intercept and redirect calls to enable legacy mode functionality. This is a way that malware, with local administrator privileges, can run on reboot. Which of the following represents this code library?
a shim
An attacker gained remote access to a computer by sending a malicious backdoor payload to a program that was too large for an area of memory, which the program reserves for storing expected data. What type of exploit did the attacker perform?
a buffer overflow
Through what method can malware evade antivirus software detection so that the software no longer identifies the malware by its signature?
Refactoring
A security engineer implemented once-only tokens and timestamping sessions. What type of attacks can this type of security prevent? (Select all that apply.)
a replay attack AND. a pass-the-hash-attack
An attacker escalated privileges to a local administrator and used code refactoring to evade antivirus detection. The attacker then allowed one process to attach to another and forced the operating system to load a malicious binary package. What did the attacker successfully perform?
Dynamic Link Library (DLL) injection
By compromising a Windows XP application that ran on a Windows 10 machine, an attacker installed persistent malware on a victim computer with local administrator privileges. What should the attacker add to the registry, along with its files added to the system folder, to execute this malware?
a shim
Using an open connection to a small company’s network, an attacker submitted arbitrary queries on port 389 to the domain controllers. The attacker initiated the query from a client computer. What type of injection attack did the attacker perform?
LDAP INJECTION
An attacker ran a modified uniform resource locator (URL) link to a website that eventually established connections to backend databases and exposed internal service configurations. The attacker did not hijack a user to perform this attack. This describes which of the following types of attacks?
Server-side request forgery
What can happen if program developers do not use logic statement tests before trying to use the software?
A malicious process can alter the execution environment to create a null point and crash the program.
