2.3 Flashcards
What are components of supply chain risks?
Hardware Manufacturers, Secondary Aftermarket Sourses, Software Developers and providers, manage service providers
What is a secondary/aftermarket source?
If your primary supplier fails you can use a secondary one. Budget friendly but high risk
What risk can software developers/providers pose in the supply chain?
check for licensing, vulnerabilities and malware
Manage Service Provider SaaS
orgs that provide a range of technology services and support to other orgs
Firmware Vulnerabilities
specialized software on hardware devices, and can grant attackers full control leading to takeover
End of life systems
no updates or support from manufacturer
Legacy System
outdated and superseded by newer alternatives
Unsupported
no official support
Bluetooth
wireless technology for short distance data exchange
Insecure pairing
occurs when bluetooth devices establish a connection without proper authentication
device spoofing
occurs when an attacker impersonates a device to trick a user into connecting
on path attacks
exploits bluetooth protocol vulnerabilities to intercept and alter communications between devices without either party being aware
Types of Mobile Vulerabilities?
Sideloading
Jailbreaking/Rooting
Insecure Connection Methods
Sideloading
installing apps from unofficial sources by bypassing the device’s default app store
Jailbreaking/rooting
Gives users escalated privileges but exposes devices to potential security breaches
Insecure connection methods
using open wifi networks or pairing with unknown devices over bluetooth exposes devices to attacks
Zero Day Vulnerabilities
discovered and exploited before vendors issue patches
no patches
Zero Day exploit
attack that targets previously unknown vulnerabilities
Zero Day
Can refer to the vulnerability, the exploit or malware that exploits the vulnerability. the day the exploit happens and the vendor starts working toward a solution
they can be sold to criminals or government agencies
threat actors often save zero days for high value targets
OS Vulnerabilities
Unpatched systems
Zero Day vulnerabilities
Misconfigurations
Data Exfiltration
Malicious Updates
Malicious Updates
appear as legit security updates but can contain malware and they may sometimes be from trusted vendors and official channels.
Injection Attack
involves sending malicious data to a system for unintended consequences
SQL Injection
Select, Insert, Delete, Update
Involves inserting malicious SQL code into input fields
can be input into url parameters, form fields, post data, http headers etc
1=1
XML Data
used for data exchange in web apps
appears as tagged fields <>
XML Exploits
XML Bomb (Billion Laughs Attack)
XXE (XML External Entity Attack)
XML Bomb
Consumes memory exponentially, acting like a DoS attack
XXE (XML External Entity Attack)
attempts to read local resources like password hashes in the shadow file
XSS
cross site scripting
injects a malicious script into a trusted site to compromise the sites visitors
Non-persistent XSS
a XSS attack that only occurs when it is launches and only happens once (Server side)
the code is stored on unput fields such a search queries targets only handful of users not all
Persistent XSS
allows an attacker to insert code into a backend database used by that trusted website (Server side) affects everyone trying to visit page
DOM XSS
document object model
exploits client’s web browser using client side scripts to modify the content and layout of the webpage, client’s device executes the attack
Buffer Overflow
occurs when a process stores data outside the memory range allocated by the developer. Used in 85% of data breaches
Control Hijacking: By carefully crafting the overflowed data, the attacker can overwrite critical information in a way that gives them control over the program’s behavior. For example, they might overwrite a function return address with the address of their own malicious co
Buffers
temporary storage areas used by programs to hold data they have a defined capacity. OVerflowing a buffer can cause adjacent memory locations unintended consequences
stack
reserved memory for a program first in last out. Stack contains return addresses when a function call instruction is received
Smashing the stack
attackers aim to overwrite the return address with a pointer to their malicious code
NOP Slide
attackers fill the buffer with NOP No operation instructions. The return address slides down the NOP instructions until it reaches the attackers code
race Conditions
software vulnerabilities related to the order and timing of events in concurrent processes
multiple threats or processes access and manipuate shared resources simultaneously
In programming, a race condition is a similar situation where two or more parts of a program are competing to finish a task, but the outcome depends on which part finishes first. This can lead to unexpected behavior or errors if the program doesn’t handle the competition properly.
For example, imagine two parts of a program are trying to update the same piece of data in a database. If they don’t coordinate properly, one part might overwrite the other’s changes, leading to data corruption or inconsistency.
De-referencing
vulnerability that occurs wehn the code attempts to remove the relationship between a pointer and the thing that the pointer was poiniting to in the memory which allows changes to be made
Race Condition TOC
Time of Check, atackers manipulate a resource’s state after it is checked but before it is used
Race Condition TOU
Time of Use. Attackers alter a resource’s state after it is checked but before it is used.
Race Condition TOE
Time of Evaluation. Attackers manipulate data or resources during the systems decision making or evaulation process
In the context of security, time of evaluation could refer to when a security policy or access control rule is evaluated to determine whether to grant or deny access to a resource. For instance, if a security policy is evaluated before a user logs in, it may grant access based on outdated or incomplete information, leading to a security vulnerability.
CSRF
cross site request forgery. triggers actions on different websites without user consent
VM Escape
each vm operates as a single entity in an isolated environment known as a guest but in a vm escape the guest gains access to the underlying host OS
Resource Reuse
when a vm’s data isn’t properly cleared for the next guest
Cloud specific vulnerabilities
Sharing same physical server
Lack of up-to-date security measures in the cloud
Inadequate VM Security
Single Point of Failure
Weak encryption practices
unclear policies
data remnants left behind after erasure processes
Single Point of Failure
cloud services relying on specific resources or processes can lead to system wide outages if they fail
Downgrade attack
force systems to use outdated protocols that have vulnerabilities
Quantum computing
means our passwords can be defeated
Collision attack
creating the same hash value so a file seems legit
