1.3 Application attacks Flashcards
privilege escelation
vulnerability or some type of design flaw is allowing a normal user to suddenly gain extended capabilities on that system
horizontal privilege escalation
where one user is able to gain access to resources that would normally only be available to another user of the same level. It doesn’t have to be an administrator account or a root account. Simply user A is gaining access to files and resources for user B
data execution prevention
a way to only allow applications to run in certain areas of memory where that particular function is allowed.
safeguards in place to prevent someone from taking advantage of a privileged escalation
many operating systems will randomize where information is stored in memory so that if attacker finds a way to take advantage of a memory address on one system, they would not be able to duplicate that on another operating system
CBE 2020-1530
Windows Remote Access Elevation of Privileged Vulnerability. It was released on August of 2020
attacker would only need to run a single program and they would have elevated access on that system.
cross-site scripting
web applications that allows attackers to inject malicious scripts or code into web pages viewed by other users.
stored XSS (persistant)
the malicious script or code is permanently stored on the target web server, often on websites that have messages, or forum posts. When a user visits a post where the injected script is displayed, the browser executes it.
Reflected XSS
malicious script is embedded in a URL or in data sent to a web server as part of an HTTP request (e.g., through a query parameter). The server reflects this input back to the user’s browser without proper validation, and the script is executed when the user visits the malicious link. Reflected XSS attacks are often used in phishing campaigns
DOM-Based XSS
DOM (Document Object Model)-based XSS attacks occur when the client-side code of a web application modifies the DOM without proper validation. The attacker manipulates the client-side code to execute malicious scripts in the user’s browser. This type of XSS is often more challenging to detect and mitigate
DOM
Document Object Medel
CSP
Content Security Policy
Input Validation
Ensure that all input from users is properly validated and sanitized before being displayed on a web page.
Output Encoding
Implement a CSP to restrict the sources from which content can be loaded, reducing the risk of malicious script execution.
Code injection Attack
when the attacker puts their own code into an existing data stream
SQL
Structured Query Language
SQL Injection
when an attacker is able to manipulate or inject malicious SQL (Structured Query Language) code into a web application’s input fields or other user data entry points.
XML
Extensible Markup Language used to transfer data between two different kinds of devices
LDAP
Lightweight Directory Access Protocol
commonly used to store information about authentication, such as username and password, or other information about devices or users.
DLL
Dynamic-Link Library
DLL injection
a way to inject some code into an application to have that application execute the code for us.
Buffer overflow
when one section of memory is able to overwrite a different section of memory
not a simple exploit to find, and it’s not an easy exploit for an attacker to take advantage of
Replay attack
type of network security attack in which an attacker intercepts and later re transmits data packets or messages that were originally exchanged between two parties in a legitimate communication session. The goal of a replay attack is to either gain unauthorized access to a system or to manipulate the communication in a malicious way.
ARP
Address Resolution Protocol.
ARP Poisoning
attack in which an attacker sends malicious Address Resolution Protocol (ARP) messages to associate their MAC address with the IP address of another device on the local network. This type of attack is typically used to intercept, manipulate, or redirect network traffic, potentially leading to unauthorized access or eavesdropping on network communications.
Pass the Hash
referring to the hash value that is associated with a password that is sent across the network during the authentication process. If the attacker can gain access to the hash, they may be able to replay that hash back to the server and pretend that they are the original workstation
one click attack XSRF,CSRF (sea surf)
an attacker tricks a user into unknowingly making an unwanted or malicious request to a different site on which the user is authenticated.
SSRF
Server side request forgery
what is a Server side request forgery
allows an attacker to manipulate the server into making malicious requests to other internal or external resources on behalf of the vulnerable server
WAF
web application firewall, used to prevent SSRF as long as it is configure correctly.
Shimming
There are shims built into your operating system. Windows has one called the Windows compatibility mode. You can run an application, but have Windows run that application as if it is running in a different operating system. they can take advantage of this shimmed area to be able to put malware onto a computer
Refactoring or metamorphic malware
downloading a unique version of that malware that will not match any of the signatures that are in your antivirus or anti-malware software. they may ad code that does nothing but changes the signature.
SSL striping (HTTP downgrade
attacker can sit on the path of the communication and modify the communication between the client and a server, so that it’s able to see all of the data in that data flow
race condition
problems that can occur though if multiple things are occurring simultaneously and you weren’t expecting them to occur simultaneously
TOCTOU
time-of-check to time-of-use attack. type of attack is checking for things to occur on the system and making changes but knowing that there might be other changes occurring behind the scenes at the same time.
memory leak
software defect or programming error in which a computer program or application fails to release or “leaks” system memory (RAM) that it has allocated but is no longer using. As a result, the application continues to consume more and more memory over time, which can eventually lead to performance degradation and, in severe cases, system instability or crashes.
null pointer dereference.
software error that occurs when a program tries to access or manipulate data using a pointer that is null (i.e., it doesn’t point to any valid memory location), often leading to crashes or unexpected behavior
interger overflow
an arithmetic operation exceeds the maximum or minimum value that can be represented by the data type used to store the result.
directory traversal
attacker can access files and directories that are located outside the web root directory or intended access path on a web server. This attack typically occurs when an application does not properly validate or sanitize user inputs used to construct file paths.
