1.3 potential indicators associated with application attacks

Question 1

Cross-site scripting

Answer 1

XSS
attacker injects malicious executable scripts into the code of a trusted application or website. Initiated by email.
scripts run in user input boxes and steals info

Question 2

SQL Injection

Answer 2

malicious SQL code for backend database manipulation to access information that was not intended to be displayed

Question 3

DLL injection

Answer 3

Dynamic-link library in Windows
A DLL is a file type that contains code, data, and resources that can be shared among multiple programs

DLL injection is often used by external programs to influence the behavior of another program in a way its authors did not anticipate or intend.

Question 4

LDAP injection

Answer 4

Lightweight Directory Access Protocol
manipulates Active Directory application results

Question 5

XML injection

Answer 5

Extensible Markup Language
Stores, transmits, and reconstructs data. It’s a set of rules for encoding documents in a format for humans and machines.
Manipulates XML application or document.

Question 6

Pointer/object dereference

Answer 6

the process of accessing the value stored at the memory address pointed to by the pointer. This allows you to work with the actual data rather than just the memory location.

A null pointer dereference can lead to program crashes and other unpredictable behavior. It can also allow a local user to crash the system or potentially cause a denial of service.

Question 7

Race conditions

Answer 7

Time of check/time of use TOCTOU
something happens between TOC and TOU

Question 8

Replay attack

Answer 8

a type of network attack in which an attacker captures a valid network transmission and then retransmit it later. The main objective is to trick the system into accepting the retransmission of the data as a legitimate one.

use salt or encryption to avoid

Question 9

Integer overflow

Answer 9

Inserts a number that is too large which causes memory to crash

Question 10

API attacks

Answer 10

an attempt by a malicious actor to gain unauthorized access to an API to break into a system or network, or transfer data.

Question 11

Memory leak

Answer 11

use all available memory to crash system

Question 12

Driver shimming

Answer 12

filling space between old application and different windows versions

Question 13

Pass the hash

Answer 13

attacker captures a password hash (as opposed to the password characters) and then passes it through for authentication and lateral access to other networked systems.

Question 14

sidejacking

Answer 14

UNSECURED WIFI EAVESDROPPING

attacker intercepts and steals sensitive information, such as login credentials, by eavesdropping on communication between two parties. This often occurs on unsecured Wi-Fi networks, allowing the attacker to “sidejack” the session and gain unauthorized access to accounts or data.

Question 15

SSRF

Answer 15

Server-side request forgery
a web security vulnerability that allows an attacker to make requests from a server to unintended locations

Question 16

DHCP starvation

Answer 16

flood network with ip addresses
DHCP runs out of addresses

Question 17

ASLR

Answer 17

Address Space Layout Randomization

computer security technique that randomizes the location of key data areas in a process’ address space. This makes it more difficult for attackers to perform buffer overflow attacks.

Question 18

Buffer Overflow

Answer 18

a program attempts to write more data to a buffer than it can hold. A buffer is a temporary storage area. DDoS, system crashes, attempt system takeover.

Question 19

refactoring driver

Answer 19

unique metamorphic malware that cannot be caught by antivirus