2.3

Question 1

What are components of supply chain risks?

Answer 1

Hardware Manufacturers, Secondary Aftermarket Sourses, Software Developers and providers, manage service providers

Question 2

What is a secondary/aftermarket source?

Answer 2

If your primary supplier fails you can use a secondary one. Budget friendly but high risk

Question 3

What risk can software developers/providers pose in the supply chain?

Answer 3

check for licensing, vulnerabilities and malware

Question 4

Manage Service Provider SaaS

Answer 4

orgs that provide a range of technology services and support to other orgs

Question 5

Firmware Vulnerabilities

Answer 5

specialized software on hardware devices, and can grant attackers full control leading to takeover

Question 6

End of life systems

Answer 6

no updates or support from manufacturer

Question 7

Legacy System

Answer 7

outdated and superseded by newer alternatives

Question 8

Unsupported

Answer 8

no official support

Question 9

Bluetooth

Answer 9

wireless technology for short distance data exchange

Question 10

Insecure pairing

Answer 10

occurs when bluetooth devices establish a connection without proper authentication

Question 11

device spoofing

Answer 11

occurs when an attacker impersonates a device to trick a user into connecting

Question 12

on path attacks

Answer 12

exploits bluetooth protocol vulnerabilities to intercept and alter communications between devices without either party being aware

Question 13

Types of Mobile Vulerabilities?

Answer 13

Sideloading
Jailbreaking/Rooting
Insecure Connection Methods

Question 14

Sideloading

Answer 14

installing apps from unofficial sources by bypassing the device’s default app store

Question 15

Jailbreaking/rooting

Answer 15

Gives users escalated privileges but exposes devices to potential security breaches

Question 16

Insecure connection methods

Answer 16

using open wifi networks or pairing with unknown devices over bluetooth exposes devices to attacks

Question 17

Zero Day Vulnerabilities

Answer 17

discovered and exploited before vendors issue patches
no patches

Question 18

Zero Day exploit

Answer 18

attack that targets previously unknown vulnerabilities

Question 19

Zero Day

Answer 19

Can refer to the vulnerability, the exploit or malware that exploits the vulnerability. the day the exploit happens and the vendor starts working toward a solution
they can be sold to criminals or government agencies
threat actors often save zero days for high value targets

Question 20

OS Vulnerabilities

Answer 20

Unpatched systems
Zero Day vulnerabilities
Misconfigurations
Data Exfiltration
Malicious Updates

Question 21

Malicious Updates

Answer 21

appear as legit security updates but can contain malware and they may sometimes be from trusted vendors and official channels.

Question 22

Injection Attack

Answer 22

involves sending malicious data to a system for unintended consequences

Question 23

SQL Injection

Answer 23

Select, Insert, Delete, Update
Involves inserting malicious SQL code into input fields
can be input into url parameters, form fields, post data, http headers etc
1=1

Question 24

XML Data

Answer 24

used for data exchange in web apps
appears as tagged fields <>

Question 25

XML Exploits

Answer 25

XML Bomb (Billion Laughs Attack)
XXE (XML External Entity Attack)

Question 26

XML Bomb

Answer 26

Consumes memory exponentially, acting like a DoS attack

Question 27

XXE (XML External Entity Attack)

Answer 27

attempts to read local resources like password hashes in the shadow file

Question 28

XSS

Answer 28

cross site scripting
injects a malicious script into a trusted site to compromise the sites visitors

Question 29

Non-persistent XSS

Answer 29

a XSS attack that only occurs when it is launches and only happens once (Server side)
the code is stored on unput fields such a search queries targets only handful of users not all

Question 30

Persistent XSS

Answer 30

allows an attacker to insert code into a backend database used by that trusted website (Server side) affects everyone trying to visit page

Question 31

DOM XSS

Answer 31

document object model
exploits client’s web browser using client side scripts to modify the content and layout of the webpage, client’s device executes the attack

Question 32

Buffer Overflow

Answer 32

occurs when a process stores data outside the memory range allocated by the developer. Used in 85% of data breaches
Control Hijacking: By carefully crafting the overflowed data, the attacker can overwrite critical information in a way that gives them control over the program’s behavior. For example, they might overwrite a function return address with the address of their own malicious co

Question 33

Buffers

Answer 33

temporary storage areas used by programs to hold data they have a defined capacity. OVerflowing a buffer can cause adjacent memory locations unintended consequences

Question 34

stack

Answer 34

reserved memory for a program first in last out. Stack contains return addresses when a function call instruction is received

Question 35

Smashing the stack

Answer 35

attackers aim to overwrite the return address with a pointer to their malicious code

Question 36

NOP Slide

Answer 36

attackers fill the buffer with NOP No operation instructions. The return address slides down the NOP instructions until it reaches the attackers code

Question 37

race Conditions

Answer 37

software vulnerabilities related to the order and timing of events in concurrent processes
multiple threats or processes access and manipuate shared resources simultaneously

In programming, a race condition is a similar situation where two or more parts of a program are competing to finish a task, but the outcome depends on which part finishes first. This can lead to unexpected behavior or errors if the program doesn’t handle the competition properly.

For example, imagine two parts of a program are trying to update the same piece of data in a database. If they don’t coordinate properly, one part might overwrite the other’s changes, leading to data corruption or inconsistency.

Question 38

De-referencing

Answer 38

vulnerability that occurs wehn the code attempts to remove the relationship between a pointer and the thing that the pointer was poiniting to in the memory which allows changes to be made

Question 39

Race Condition TOC

Answer 39

Time of Check, atackers manipulate a resource’s state after it is checked but before it is used

Question 40

Race Condition TOU

Answer 40

Time of Use. Attackers alter a resource’s state after it is checked but before it is used.

Question 41

Race Condition TOE

Answer 41

Time of Evaluation. Attackers manipulate data or resources during the systems decision making or evaulation process

In the context of security, time of evaluation could refer to when a security policy or access control rule is evaluated to determine whether to grant or deny access to a resource. For instance, if a security policy is evaluated before a user logs in, it may grant access based on outdated or incomplete information, leading to a security vulnerability.

Question 42

CSRF

Answer 42

cross site request forgery. triggers actions on different websites without user consent

Question 43

VM Escape

Answer 43

each vm operates as a single entity in an isolated environment known as a guest but in a vm escape the guest gains access to the underlying host OS

Question 44

Resource Reuse

Answer 44

when a vm’s data isn’t properly cleared for the next guest

Question 45

Cloud specific vulnerabilities

Answer 45

Sharing same physical server
Lack of up-to-date security measures in the cloud
Inadequate VM Security
Single Point of Failure
Weak encryption practices
unclear policies
data remnants left behind after erasure processes

Question 46

Single Point of Failure

Answer 46

cloud services relying on specific resources or processes can lead to system wide outages if they fail

Question 47

Downgrade attack

Answer 47

force systems to use outdated protocols that have vulnerabilities

Question 48

Quantum computing

Answer 48

means our passwords can be defeated

Question 49

Collision attack

Answer 49

creating the same hash value so a file seems legit