1.3 Application attacks

Question 1

What is privilege escalation?

Answer 1

gain higher level access (eg root) to a system by exploiting a vulnerability or bug

Question 2

How to mitigate privilege escalation?

Answer 2

• patch quickly
• update antivirus/antimalware
• ensure only data in executable area can run
• prevent a buffer overrun at known adress memory

Question 3

What is XXS (cross site scripting)?

Answer 3

attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user

Question 4

What is Non-persistent XSS?

Answer 4

website allows script to run in user input field (eg search field)

Question 5

What is a Persistent XXS attack ?

Answer 5

attacker posts a message to a social media that include a malicious payload

Question 6

How ro protect against XXS?

Answer 6

• never click on untrusted links
• keep the browser update
• consider disabling javascript (difficult to do)
• don’t allow users to add their own scripts to an input field

Question 7

What is an Injection attack?

Answer 7

• adding your own code (sql, htmpl, xml) into a data stream
• enable because of bad programming

Question 8

What is SQLi?

Answer 8

most famous type of injection attack that allows the hacker to modify SQL requests

Question 9

What is XML injection?

Answer 9

It is a category of vulnerabilities where an application doesn’t correctly validate/sanitize user input before using it in an XML document or query. XML, which stands for extensible markup language, is a language format that’s commonly used for structuring storing data.

Question 10

What is LDAP injection?

Answer 10

• Lightweight directory access protocol (LDAP) is a protocol that helps users find data about organizations, persons, and more. LDAP has two main goals: to store data in the LDAP directory and authenticate users to access the directory.
• LDAP injection is query to gain unauthorized access to information that could result in information disclosure, data manipulation, or theft.

Question 11

What is DLL injection?

Answer 11

DLL hijacking is a method of injecting malicious code into an application by exploiting the way some Windows applications search and load Dynamic Link Libraries (DLL). Only Microsoft operating systems are susceptible to DLL hijacks.

Question 12

What is a buffer overflow?

Answer 12

A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle. The extra information, which has to go somewhere, can overflow into adjacent memory space, corrupting or overwriting the data held in that space.

Question 13

What is a replay attack?

Answer 13

attack that involves the capture of transmitted authentication or access control information and its subsequent retransmission with the intent of producing an unauthorized effect or gaining unauthorized access

Question 14

What is the difference between man-in-the-middle and replay attacks?

Answer 14

Replay and Man-in-the-middle attacks -In general a replay attack refers to capturing legitimate traffic and reusing it at a later time without modification. On the other hand, a man-in-the-middle attack involves manipulating existing network packets or forging new ones.

Question 15

what is pass the hash attack ?

Answer 15

technique where an attacker captures a password hash (as opposed to the password characters) and then passes it through for authentication and lateral access to other networked systems. With this technique, the threat actor doesn’t need to decrypt the hash to obtain a plain text password. PtH attacks exploit the authentication protocol.

Question 16

Explain cross site requests forgery?

Answer 16

attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated

Question 17

How cross site request forgery works?

Answer 17

CSRFs are typically conducted using malicious social engineering, such as an email or link that tricks the victim into sending a forged request to a server. As the unsuspecting user is authenticated by their application at the time of the attack, it’s impossible to distinguish a legitimate request from a forged one.

Question 18

How to prevent CSRF?

Answer 18

by using anti-CSRF tokens. The developer should add such tokens to all forms that allow users to perform any state-changing operations. When an operation is submitted, the web application should then check for the presence of the correct token

Question 19

What is a SSRF?

Answer 19

It is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.

In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within the organization’s infrastructure. In other cases, they may be able to force the server to connect to arbitrary external systems, potentially leaking sensitive data such as authorization credentials

Question 20

What is driver manipulation?

Answer 20

Device drivers allow an operating system such as Windows to talk to hardware devices such as printers. Sophisticated attackers may dive deep into device drivers and manipulate them so that they undermine the security on your computer.

Question 21

What does an attacker do to a driver when shimming? (driver manipulation)

Answer 21

A driver shim is additional code that can be run instead of the original driver. When an application attempts to call an older driver, the operating system intercepts the call and redirects it to run the shim code instead

Question 22

What is a refactoring attack? (driver manipulation)

Answer 22

What is a refactoring attack?
Sophisticated attackers may reach down into device drivers and manipulate them in ways that undermine security. Refactoring : Refactoring is the name given to a set of techniques used to identify the flow and then modify the internal structure of code without changing the code’s visible behavior.

Question 23

What is SSL strinpping/HTML downgrade ?

Answer 23

SSL stripping attacks (also known as SSL downgrade or HTTP downgrade attacks) are a type of cyber attack in which hackers downgrade a web connection from the more secure HTTPS to the less secure HTTP

Question 24

How SSL strinpping/HTML downgrade works?

Answer 24

The SSL striping can be done by abusing the TCP Handshake, which is not encrypted. When a user browser requests access to a server, the Man-in-the-Middle attacker interferes and sends the handshake instead. Then they forward back to the user a malicious website connection

Question 25

What is race conditions attack?

Answer 25

Race condition attacks (also called Time of Check to Time of Use, or TOCTTOU attacks) take advantage of the need that computing systems must execute some tasks in a specific sequence. In any such sequence, there is a small period of time when the system has carried out the first task but not started on the second.

Question 26

What is the impact of SSRF ?

Answer 26

A successful SSRF attack can often result in unauthorized actions or access to data within the organization, either in the vulnerable application itself or on other back-end systems that the application can communicate with. In some situations, the SSRF vulnerability might allow an attacker to perform arbitrary command execution.

An SSRF exploit that causes connections to external third-party systems might result in malicious onward attacks that appear to originate from the organization hosting the vulnerable application

Question 27

What is DLL ?

Answer 27

Dynamic Link Libraries (DLL)s are like EXEs but they are not directly executable. They are similar to .so files in Linux/Unix. That is to say, DLLs are Microsoft’s implementation of shared libraries.

A DLL contains functions, classes, variables, UIs and resources (such as icons, images, files, …) that an EXE, or other DLL uses.

Question 28

How to prevent buffer overflow ?

Answer 28

By auditing code, providing training, using compiler tools, using safe functions, patching web and application servers, and scanning applications.

Question 29

What are the consequences of a buffer overflow?

Answer 29

It can lead to :
- crashes and lack of availibility (ie putting a program in infinite loop)
- execute arbitrary code

Question 30

How to determine if you are vulnerable to a buffer overflow?

Answer 30

• For server products and libraries, keep up with the latest bug reports for the products you are using.
• For custom application software, all code that accepts input from users via the HTTP request must be reviewed to ensure that it can properly handle arbitrarily large input.

Question 31

How to prevent LDAP injection?

Answer 31

The best option for preventing LDAP injection attacks is sanitizing untrusted input and using proper input validation. Application developers should properly encode and sanitize all information in the application laye

Question 32

What “sanitization” means in programming ?

Answer 32

Process to remove information from media such that information recovery is not possible. It includes removing all labels, markings, unwanted characters and activity logs.