1.3 Application attacks Flashcards

1
Q

privilege escelation

A

vulnerability or some type of design flaw is allowing a normal user to suddenly gain extended capabilities on that system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

horizontal privilege escalation

A

where one user is able to gain access to resources that would normally only be available to another user of the same level. It doesn’t have to be an administrator account or a root account. Simply user A is gaining access to files and resources for user B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

data execution prevention

A

a way to only allow applications to run in certain areas of memory where that particular function is allowed.
safeguards in place to prevent someone from taking advantage of a privileged escalation
many operating systems will randomize where information is stored in memory so that if attacker finds a way to take advantage of a memory address on one system, they would not be able to duplicate that on another operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CBE 2020-1530

A

Windows Remote Access Elevation of Privileged Vulnerability. It was released on August of 2020
attacker would only need to run a single program and they would have elevated access on that system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

cross-site scripting

A

web applications that allows attackers to inject malicious scripts or code into web pages viewed by other users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

stored XSS (persistant)

A

the malicious script or code is permanently stored on the target web server, often on websites that have messages, or forum posts. When a user visits a post where the injected script is displayed, the browser executes it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Reflected XSS

A

malicious script is embedded in a URL or in data sent to a web server as part of an HTTP request (e.g., through a query parameter). The server reflects this input back to the user’s browser without proper validation, and the script is executed when the user visits the malicious link. Reflected XSS attacks are often used in phishing campaigns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

DOM-Based XSS

A

DOM (Document Object Model)-based XSS attacks occur when the client-side code of a web application modifies the DOM without proper validation. The attacker manipulates the client-side code to execute malicious scripts in the user’s browser. This type of XSS is often more challenging to detect and mitigate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

DOM

A

Document Object Medel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CSP

A

Content Security Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Input Validation

A

Ensure that all input from users is properly validated and sanitized before being displayed on a web page.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Output Encoding

A

Implement a CSP to restrict the sources from which content can be loaded, reducing the risk of malicious script execution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Code injection Attack

A

when the attacker puts their own code into an existing data stream

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

SQL

A

Structured Query Language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SQL Injection

A

when an attacker is able to manipulate or inject malicious SQL (Structured Query Language) code into a web application’s input fields or other user data entry points.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

XML

A

Extensible Markup Language used to transfer data between two different kinds of devices

17
Q

LDAP

A

Lightweight Directory Access Protocol
commonly used to store information about authentication, such as username and password, or other information about devices or users.

18
Q

DLL

A

Dynamic-Link Library

19
Q

DLL injection

A

a way to inject some code into an application to have that application execute the code for us.

20
Q

Buffer overflow

A

when one section of memory is able to overwrite a different section of memory
not a simple exploit to find, and it’s not an easy exploit for an attacker to take advantage of

21
Q

Replay attack

A

type of network security attack in which an attacker intercepts and later re transmits data packets or messages that were originally exchanged between two parties in a legitimate communication session. The goal of a replay attack is to either gain unauthorized access to a system or to manipulate the communication in a malicious way.

22
Q

ARP

A

Address Resolution Protocol.

23
Q

ARP Poisoning

A

attack in which an attacker sends malicious Address Resolution Protocol (ARP) messages to associate their MAC address with the IP address of another device on the local network. This type of attack is typically used to intercept, manipulate, or redirect network traffic, potentially leading to unauthorized access or eavesdropping on network communications.

24
Q

Pass the Hash

A

referring to the hash value that is associated with a password that is sent across the network during the authentication process. If the attacker can gain access to the hash, they may be able to replay that hash back to the server and pretend that they are the original workstation

25
Q

one click attack XSRF,CSRF (sea surf)

A

an attacker tricks a user into unknowingly making an unwanted or malicious request to a different site on which the user is authenticated.

26
Q

SSRF

A

Server side request forgery

27
Q

what is a Server side request forgery

A

allows an attacker to manipulate the server into making malicious requests to other internal or external resources on behalf of the vulnerable server

28
Q

WAF

A

web application firewall, used to prevent SSRF as long as it is configure correctly.

29
Q

Shimming

A

There are shims built into your operating system. Windows has one called the Windows compatibility mode. You can run an application, but have Windows run that application as if it is running in a different operating system. they can take advantage of this shimmed area to be able to put malware onto a computer

30
Q

Refactoring or metamorphic malware

A

downloading a unique version of that malware that will not match any of the signatures that are in your antivirus or anti-malware software. they may ad code that does nothing but changes the signature.

31
Q

SSL striping (HTTP downgrade

A

attacker can sit on the path of the communication and modify the communication between the client and a server, so that it’s able to see all of the data in that data flow

32
Q

race condition

A

problems that can occur though if multiple things are occurring simultaneously and you weren’t expecting them to occur simultaneously

33
Q

TOCTOU

A

time-of-check to time-of-use attack. type of attack is checking for things to occur on the system and making changes but knowing that there might be other changes occurring behind the scenes at the same time.

34
Q

memory leak

A

software defect or programming error in which a computer program or application fails to release or “leaks” system memory (RAM) that it has allocated but is no longer using. As a result, the application continues to consume more and more memory over time, which can eventually lead to performance degradation and, in severe cases, system instability or crashes.

35
Q

null pointer dereference.

A

software error that occurs when a program tries to access or manipulate data using a pointer that is null (i.e., it doesn’t point to any valid memory location), often leading to crashes or unexpected behavior

36
Q

interger overflow

A

an arithmetic operation exceeds the maximum or minimum value that can be represented by the data type used to store the result.

37
Q

directory traversal

A

attacker can access files and directories that are located outside the web root directory or intended access path on a web server. This attack typically occurs when an application does not properly validate or sanitize user inputs used to construct file paths.

38
Q
A