2.3 Flashcards

1
Q

What are components of supply chain risks?

A

Hardware Manufacturers, Secondary Aftermarket Sourses, Software Developers and providers, manage service providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a secondary/aftermarket source?

A

If your primary supplier fails you can use a secondary one. Budget friendly but high risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What risk can software developers/providers pose in the supply chain?

A

check for licensing, vulnerabilities and malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Manage Service Provider SaaS

A

orgs that provide a range of technology services and support to other orgs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Firmware Vulnerabilities

A

specialized software on hardware devices, and can grant attackers full control leading to takeover

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

End of life systems

A

no updates or support from manufacturer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Legacy System

A

outdated and superseded by newer alternatives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Unsupported

A

no official support

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Bluetooth

A

wireless technology for short distance data exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Insecure pairing

A

occurs when bluetooth devices establish a connection without proper authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

device spoofing

A

occurs when an attacker impersonates a device to trick a user into connecting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

on path attacks

A

exploits bluetooth protocol vulnerabilities to intercept and alter communications between devices without either party being aware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Types of Mobile Vulerabilities?

A

Sideloading
Jailbreaking/Rooting
Insecure Connection Methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Sideloading

A

installing apps from unofficial sources by bypassing the device’s default app store

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Jailbreaking/rooting

A

Gives users escalated privileges but exposes devices to potential security breaches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Insecure connection methods

A

using open wifi networks or pairing with unknown devices over bluetooth exposes devices to attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Zero Day Vulnerabilities

A

discovered and exploited before vendors issue patches
no patches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Zero Day exploit

A

attack that targets previously unknown vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Zero Day

A

Can refer to the vulnerability, the exploit or malware that exploits the vulnerability. the day the exploit happens and the vendor starts working toward a solution
they can be sold to criminals or government agencies
threat actors often save zero days for high value targets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

OS Vulnerabilities

A

Unpatched systems
Zero Day vulnerabilities
Misconfigurations
Data Exfiltration
Malicious Updates

21
Q

Malicious Updates

A

appear as legit security updates but can contain malware and they may sometimes be from trusted vendors and official channels.

22
Q

Injection Attack

A

involves sending malicious data to a system for unintended consequences

23
Q

SQL Injection

A

Select, Insert, Delete, Update
Involves inserting malicious SQL code into input fields
can be input into url parameters, form fields, post data, http headers etc
1=1

24
Q

XML Data

A

used for data exchange in web apps
appears as tagged fields <>

25
Q

XML Exploits

A

XML Bomb (Billion Laughs Attack)
XXE (XML External Entity Attack)

26
Q

XML Bomb

A

Consumes memory exponentially, acting like a DoS attack

27
Q

XXE (XML External Entity Attack)

A

attempts to read local resources like password hashes in the shadow file

28
Q

XSS

A

cross site scripting
injects a malicious script into a trusted site to compromise the sites visitors

29
Q

Non-persistent XSS

A

a XSS attack that only occurs when it is launches and only happens once (Server side)
the code is stored on unput fields such a search queries targets only handful of users not all

30
Q

Persistent XSS

A

allows an attacker to insert code into a backend database used by that trusted website (Server side) affects everyone trying to visit page

31
Q

DOM XSS

A

document object model
exploits client’s web browser using client side scripts to modify the content and layout of the webpage, client’s device executes the attack

32
Q

Buffer Overflow

A

occurs when a process stores data outside the memory range allocated by the developer. Used in 85% of data breaches
Control Hijacking: By carefully crafting the overflowed data, the attacker can overwrite critical information in a way that gives them control over the program’s behavior. For example, they might overwrite a function return address with the address of their own malicious co

33
Q

Buffers

A

temporary storage areas used by programs to hold data they have a defined capacity. OVerflowing a buffer can cause adjacent memory locations unintended consequences

34
Q

stack

A

reserved memory for a program first in last out. Stack contains return addresses when a function call instruction is received

35
Q

Smashing the stack

A

attackers aim to overwrite the return address with a pointer to their malicious code

36
Q

NOP Slide

A

attackers fill the buffer with NOP No operation instructions. The return address slides down the NOP instructions until it reaches the attackers code

37
Q

race Conditions

A

software vulnerabilities related to the order and timing of events in concurrent processes
multiple threats or processes access and manipuate shared resources simultaneously

In programming, a race condition is a similar situation where two or more parts of a program are competing to finish a task, but the outcome depends on which part finishes first. This can lead to unexpected behavior or errors if the program doesn’t handle the competition properly.

For example, imagine two parts of a program are trying to update the same piece of data in a database. If they don’t coordinate properly, one part might overwrite the other’s changes, leading to data corruption or inconsistency.

38
Q

De-referencing

A

vulnerability that occurs wehn the code attempts to remove the relationship between a pointer and the thing that the pointer was poiniting to in the memory which allows changes to be made

39
Q

Race Condition TOC

A

Time of Check, atackers manipulate a resource’s state after it is checked but before it is used

40
Q

Race Condition TOU

A

Time of Use. Attackers alter a resource’s state after it is checked but before it is used.

41
Q

Race Condition TOE

A

Time of Evaluation. Attackers manipulate data or resources during the systems decision making or evaulation process

In the context of security, time of evaluation could refer to when a security policy or access control rule is evaluated to determine whether to grant or deny access to a resource. For instance, if a security policy is evaluated before a user logs in, it may grant access based on outdated or incomplete information, leading to a security vulnerability.

42
Q

CSRF

A

cross site request forgery. triggers actions on different websites without user consent

43
Q

VM Escape

A

each vm operates as a single entity in an isolated environment known as a guest but in a vm escape the guest gains access to the underlying host OS

44
Q

Resource Reuse

A

when a vm’s data isn’t properly cleared for the next guest

45
Q

Cloud specific vulnerabilities

A

Sharing same physical server
Lack of up-to-date security measures in the cloud
Inadequate VM Security
Single Point of Failure
Weak encryption practices
unclear policies
data remnants left behind after erasure processes

46
Q

Single Point of Failure

A

cloud services relying on specific resources or processes can lead to system wide outages if they fail

47
Q

Downgrade attack

A

force systems to use outdated protocols that have vulnerabilities

48
Q

Quantum computing

A

means our passwords can be defeated

49
Q

Collision attack

A

creating the same hash value so a file seems legit