2.3 Flashcards

Memory injections, buffer overflows, race conditions, malicious updates, operating system vulnerabilities, SQL injection, cross-site scripting, hardware vulnerabilities, virtualization vulnerabilities, cloud-specific vulnerabilities, supply chain vulnerabilities, misconfiguration vulnerabilities, mobile device vulnerabilities, zero-day vulnerabilities

1
Q

All software runs in ____

A

Memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A method of attack where an attacker injects code into the memory of an existing process

This allows the malware to get access to the same rights, permissions, and data as that process–meaning it has performed a privilege escalation

A

Memory injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A Windows library containing code and data for applications to use

A

DLL (Dynamic-Link Library)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

DLL stands for

A

Dynamic Link-Library

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

One of the most common forms of malware injection

A method of attack where attackers inject a path to a malicious DLL on the victim process

This way, the victim process will use the malicious DLL instead of the default one

A

DLL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A type of attack where the attacker writes more data than what is expected into a particular area of memory

A

Buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Checks to ensure that everything/everyone writing into memory is writing only as much as the memory can hold

A

Bounds checking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A vulnerability when two events happen at nearly the same time, and the application doesn’t take into account that the two things may be operating simultaneously. This often has an unexpected outcome.

A

Race condition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A type of attack where an event happens/a value changes between the time a process checks the value, and the time that the value is used.

A

TOCTOU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

TOCTOU stands for

A

Time-of-check to time-of-use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

2 best practices associated with updating/patching

A

Always have a known-good backup
Install only from trusted sources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What type of security check is performed automatically by your computer to ensure that updates are legitimate?

A

Digital signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

True/False

If your software automatically updates itself, you can be 100% certain that the update is legitimate

A

False

It is possible for attackers to compromise the software itself and write their own updates, digitally signed by the legitimate company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The foundational computing platform for a computer is called

A

Operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True/False

Operating systems are remarkably simple, so they give little opportunity for security vulnerabilities

A

False

Operating systems are remarkably complex with many lines of code, so they have many opportunities for security vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

4 best practices for updating your OS

A

Always update as soon as you can! It’s a race between you and attackers.

Test before deploying

Prepare for a reboot - save all data

Have a known-good backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A type of attack where the attacker puts their own information into a data stream in an application

A

Code injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the cause of enabling code injection?

A

Bad programming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A type of code injection that uses the most common relational database management system language

The attacker can put their own requests into an existing application

A

SQL injection (SQLi)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

XSS stands for

A

Cross-site scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

CSS stands for

A

Cascading style sheets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A type of attack where information from one website could be shared with another website

A

XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A type of attack that takes advantage of the trust that a browser has for a website

A

XSS

24
Q

What is the most common language used to perform XSS?

This language is enabled by most browsers

A

Javascript

25
Q

A type of XSS attack where the malicious code is hosted in a link that forwards to a third-party website. This link is commonly emailed or messaged to one specific person.

In this attack, the insecure web application accepts input from a user (the link with the malicious request), and then immediately renders that data back to the user in an unsafe way.

The malicious script is NOT on the webserver that the user attempted to reach; it is WITHIN THE REQUEST.

A

Non-persistent (reflected) XSS

26
Q

A type of XSS attack where the attacker commonly posts the malicious link on a social network.

This happens when the malicious script injection is permanently stored ON THE TARGET’S SERVER. When the user requests non-sanitized information stored in the database, the application can then send the malicious script to the user.

This attack does NOT have a specific target, unlike the other. Anyone who accesses the compromised website is a victim.

A

Persistent (stored) XSS

27
Q

4 ways to protect against XSS

A

NEVER click untrusted links

Consider disabling JavaScript or control it with an extension

Keep your browser and apps updated

Validate input

28
Q

Who are the people who can fix the firmware in the hardware devices?

A

The vendor/manufacturer

29
Q

In this setting, what does hardware device mean?

A

A technological device that does not give access to its OS; an embedded device. For example, a garage door, light bulb, door locks, and other IoT devices

30
Q

EOL stands for

A

End of life

31
Q

EOSL stands for

A

End of service life

32
Q

What does EOL imply for a product?

A

Manufacturer stops selling a product, but may continue supporting the product and creating patches

33
Q

What does EOSL mean?

A

The manufacturer has stopped selling the product, no longer supports it, and no longer makes patches. However, they might sell an expensive premium-cost support option.

If you have an EOSL device, replace it ASAP

34
Q

VM stands for

A

Virtual machine

35
Q

An attack through which an attacker breaks out of a VM to interact with the host OS/hardware

The attacker may then access other VMs and all their information

A

VM escape

36
Q

A vulnerability where multiple VMs on one hypervisor may write information to each other’s memory/storage.

This vulnerability is caused when the allocated RAM/storage for each VM exceeds the RAM/storage of the hypervisor. (ex. A 4GB hypervisor hosts 3 VMs, each allocated 2 GBs.)

Typically, this would not pose a problem. The vulnerability is fixed with management software updates or security patches.

A

Resource reuse

37
Q

A cloud-specific attack where the attacker disables the cloud app

A

DoS or DDoS

38
Q

A cloud-specific attack where the attacker takes advantage of weak or faulty authentication to access the cloud

A

Authentication bypass

39
Q

A cloud-specific attack where the attacker manually moves around the structure of the web server/app. This could allow the attacker to access sensitive information about clients or the company.

A

Directory traversal

40
Q

A cloud-specific attack where the attacker runs (potentially malicious) code or applications on the cloud-based system.

A

Remote code execution

41
Q

A cloud-specific attack where the attacker can share information from the cloud system to their own system. This attack is enabled by poor input validation.

A

XSS

42
Q

A cloud-specific attack where the attacker writes to unauthorized memory areas. This can cause data corruption, crashing, or code execution.

A

Out of bounds write

43
Q

A cloud-specific attack where the attacker can get direct access to a database by writing unauthorized database requests. This is enabled by poor input validation.

A

SQL injection

44
Q

3 providers that should be audited for supply chain vulnerabilities

A

Service provider
Hardware provider
Software provider

45
Q

True/False

When searching for supply chain vulnerabilities, IT services are the only service providers you need to be auditing.

A

False

Target was once compromised by malware spreading from their HVAC company. Other service providers can include network providers, payroll/accounting, cloud services, office cleaning, system administration, and utility providers

46
Q

True/False

When purchasing hardware, use a small, trusted supplier base. Have a short list of well-known and trusted suppliers to buy from.

A

True

47
Q

True/False

Treat newly-installed hardware as untrusted.

A

True

You must protect your network from any counterfeits or tampered products

48
Q

True/False

You can always trust well-known open source software will be safe

A

False

You can’t trust anything. If someone has access to the OSS, they can change it to include some malicious code.

49
Q

How are software updates verified to be legitimate?

A

Digital signatures

50
Q

True/False

It is best practice to disable direct login to the root/administrator account

A

True

Instead, use the sudo option to run as administrator

51
Q

True/False

Telnet, FTP, SMTP, and IMAP are safe to use

A

False

All of these protocols are unencrypted.

52
Q

4 unencrypted protocols

A

Telnet, FTP, SMTP, IMAP

53
Q

Opening/closing port numbers is monitored by a ____

A

Firewall

54
Q

A method used to circumvent security processes in a mobile device.

It replaces the manufacturer’s firmware with firmware from a third party.

A

Jailbreaking (Apple)
Rooting (Android)

55
Q

The practice of installing apps onto a mobile device from sources other than the official app store

A

Sideloading

56
Q

A vulnerability that does not have a patch or a method of mitigation

A

Zero-day vulnerability

57
Q

An attack that exploits unknown vulnerabilities that have no patches or methods of mitigation available

A

Zero-day attack