2.3 Flashcards
Memory injections, buffer overflows, race conditions, malicious updates, operating system vulnerabilities, SQL injection, cross-site scripting, hardware vulnerabilities, virtualization vulnerabilities, cloud-specific vulnerabilities, supply chain vulnerabilities, misconfiguration vulnerabilities, mobile device vulnerabilities, zero-day vulnerabilities
All software runs in ____
Memory
A method of attack where an attacker injects code into the memory of an existing process
This allows the malware to get access to the same rights, permissions, and data as that process–meaning it has performed a privilege escalation
Memory injection
A Windows library containing code and data for applications to use
DLL (Dynamic-Link Library)
DLL stands for
Dynamic Link-Library
One of the most common forms of malware injection
A method of attack where attackers inject a path to a malicious DLL on the victim process
This way, the victim process will use the malicious DLL instead of the default one
DLL injection
A type of attack where the attacker writes more data than what is expected into a particular area of memory
Buffer overflow
Checks to ensure that everything/everyone writing into memory is writing only as much as the memory can hold
Bounds checking
A vulnerability when two events happen at nearly the same time, and the application doesn’t take into account that the two things may be operating simultaneously. This often has an unexpected outcome.
Race condition
A type of attack where an event happens/a value changes between the time a process checks the value, and the time that the value is used.
TOCTOU
TOCTOU stands for
Time-of-check to time-of-use
2 best practices associated with updating/patching
Always have a known-good backup
Install only from trusted sources
What type of security check is performed automatically by your computer to ensure that updates are legitimate?
Digital signatures
True/False
If your software automatically updates itself, you can be 100% certain that the update is legitimate
False
It is possible for attackers to compromise the software itself and write their own updates, digitally signed by the legitimate company
The foundational computing platform for a computer is called
Operating system
True/False
Operating systems are remarkably simple, so they give little opportunity for security vulnerabilities
False
Operating systems are remarkably complex with many lines of code, so they have many opportunities for security vulnerabilities
4 best practices for updating your OS
Always update as soon as you can! It’s a race between you and attackers.
Test before deploying
Prepare for a reboot - save all data
Have a known-good backup
A type of attack where the attacker puts their own information into a data stream in an application
Code injection
What is the cause of enabling code injection?
Bad programming
A type of code injection that uses the most common relational database management system language
The attacker can put their own requests into an existing application
SQL injection (SQLi)
XSS stands for
Cross-site scripting
CSS stands for
Cascading style sheets
A type of attack where information from one website could be shared with another website
XSS
A type of attack that takes advantage of the trust that a browser has for a website
XSS
What is the most common language used to perform XSS?
This language is enabled by most browsers
Javascript
A type of XSS attack where the malicious code is hosted in a link that forwards to a third-party website. This link is commonly emailed or messaged to one specific person.
In this attack, the insecure web application accepts input from a user (the link with the malicious request), and then immediately renders that data back to the user in an unsafe way.
The malicious script is NOT on the webserver that the user attempted to reach; it is WITHIN THE REQUEST.
Non-persistent (reflected) XSS
A type of XSS attack where the attacker commonly posts the malicious link on a social network.
This happens when the malicious script injection is permanently stored ON THE TARGET’S SERVER. When the user requests non-sanitized information stored in the database, the application can then send the malicious script to the user.
This attack does NOT have a specific target, unlike the other. Anyone who accesses the compromised website is a victim.
Persistent (stored) XSS
4 ways to protect against XSS
NEVER click untrusted links
Consider disabling JavaScript or control it with an extension
Keep your browser and apps updated
Validate input
Who are the people who can fix the firmware in the hardware devices?
The vendor/manufacturer
In this setting, what does hardware device mean?
A technological device that does not give access to its OS; an embedded device. For example, a garage door, light bulb, door locks, and other IoT devices
EOL stands for
End of life
EOSL stands for
End of service life
What does EOL imply for a product?
Manufacturer stops selling a product, but may continue supporting the product and creating patches
What does EOSL mean?
The manufacturer has stopped selling the product, no longer supports it, and no longer makes patches. However, they might sell an expensive premium-cost support option.
If you have an EOSL device, replace it ASAP
VM stands for
Virtual machine
An attack through which an attacker breaks out of a VM to interact with the host OS/hardware
The attacker may then access other VMs and all their information
VM escape
A vulnerability where multiple VMs on one hypervisor may write information to each other’s memory/storage.
This vulnerability is caused when the allocated RAM/storage for each VM exceeds the RAM/storage of the hypervisor. (ex. A 4GB hypervisor hosts 3 VMs, each allocated 2 GBs.)
Typically, this would not pose a problem. The vulnerability is fixed with management software updates or security patches.
Resource reuse
A cloud-specific attack where the attacker disables the cloud app
DoS or DDoS
A cloud-specific attack where the attacker takes advantage of weak or faulty authentication to access the cloud
Authentication bypass
A cloud-specific attack where the attacker manually moves around the structure of the web server/app. This could allow the attacker to access sensitive information about clients or the company.
Directory traversal
A cloud-specific attack where the attacker runs (potentially malicious) code or applications on the cloud-based system.
Remote code execution
A cloud-specific attack where the attacker can share information from the cloud system to their own system. This attack is enabled by poor input validation.
XSS
A cloud-specific attack where the attacker writes to unauthorized memory areas. This can cause data corruption, crashing, or code execution.
Out of bounds write
A cloud-specific attack where the attacker can get direct access to a database by writing unauthorized database requests. This is enabled by poor input validation.
SQL injection
3 providers that should be audited for supply chain vulnerabilities
Service provider
Hardware provider
Software provider
True/False
When searching for supply chain vulnerabilities, IT services are the only service providers you need to be auditing.
False
Target was once compromised by malware spreading from their HVAC company. Other service providers can include network providers, payroll/accounting, cloud services, office cleaning, system administration, and utility providers
True/False
When purchasing hardware, use a small, trusted supplier base. Have a short list of well-known and trusted suppliers to buy from.
True
True/False
Treat newly-installed hardware as untrusted.
True
You must protect your network from any counterfeits or tampered products
True/False
You can always trust well-known open source software will be safe
False
You can’t trust anything. If someone has access to the OSS, they can change it to include some malicious code.
How are software updates verified to be legitimate?
Digital signatures
True/False
It is best practice to disable direct login to the root/administrator account
True
Instead, use the sudo option to run as administrator
True/False
Telnet, FTP, SMTP, and IMAP are safe to use
False
All of these protocols are unencrypted.
4 unencrypted protocols
Telnet, FTP, SMTP, IMAP
Opening/closing port numbers is monitored by a ____
Firewall
A method used to circumvent security processes in a mobile device.
It replaces the manufacturer’s firmware with firmware from a third party.
Jailbreaking (Apple)
Rooting (Android)
The practice of installing apps onto a mobile device from sources other than the official app store
Sideloading
A vulnerability that does not have a patch or a method of mitigation
Zero-day vulnerability
An attack that exploits unknown vulnerabilities that have no patches or methods of mitigation available
Zero-day attack
