3.4 Attacks and Exploits Flashcards
Given a scenario, research attack vectors and perform attacks on cloud technologies.
What are some vulnerabilities that a container image can have?
-Embedded malware
-Missing critical security updates
-Outdated software
-Configuration defects
-Hand-coded clear text passwords
What cloud storage misconfigurations can expose data and apps to risks?
-Incorrect permissions: If the default public read/write permissions are not properly configured, data can be freely accessed or the repository can be misused for malware
-Incorrect origin settings: If the Cross Origin Resource Sharing (CORS) policy is weakly configured, it exposes a site to vulnerabilities such as XSS.
What is a Cloud Malware Injection attack?
In this attack, a malicious actor injects malicious code into an application. These attacks include SQLi and XSS. The service can also fall victim to a wrapper attack, which wraps and conceals malicious code, in order to bypass standard security measures.
What is a Side-Channel attack?
Also called a sidebar or implementation attack, this exploit is possible because of the shared nature of the cloud infrastructure, especially in a PaaS model. In this attack, the hardware leaks sensitive information such as cryptographic keys, via a covert channel, to a potential attacker.
What is a Direct-to-origin (D2O) attack?
In a D2O attack, malicious actors try to identify the origin network or IP address in order to then launch a direct attack. This is used to circumvent protection methods that organizations employ against DDOS attacks.
What are some ways in which credentials can be harvested?
Phishing, social engineering, digital scamming, malware, MITM attacks, DNS poisoning etc.
In relation to PrivEsc what can you do with a Security Account Manager (SAM) file?
Either dump the contents of the SAM file to get the hashed passwords or copy the file using Volume Shadow Service (VSS) and then crack the passwords offline.
In relation to PrivEsc what can you do with Local Windows User Account Control (UAC)?
Bypass local UAC, by using process injection to leverage a trusted publisher certificate.
In relation to PrivEsc what can you do with weak process permissions?
Find processes with weak controls and then see if you can inject malicious code into those processes.
In relation to PrivEsc what can you do with shared folders?
Search for sensitive information in share folders, as it is common for them to have few or no restrictions.
In relation to PrivEsc what is Dynamic Link Libraries (DLL) hijacking?
With this technique, you elevate privileges by exploiting weak folder permissions, unquoted service paths or applications that run from network shares.
In relation to PrivEsc what can you do with writeable services?
Edit the startup parameters of a service, including its executable path and account. You could also use unquoted service paths to inject a malicious app that the service will run during startup.
What is Resource Exhaustion?
This is a DoS attack, where the focus is on consuming system resources and can lead to a system crash or failure, by:
-Amplification or volumetric attacks focusing on saturating the bandwidth of the network resource.
-A denial-of-sleep attack draining the device’s battery, thereby rendering it inactive.
-A slow HTTP attack, which sends fragmented requests and can stress the server.
What are some examples of DoS attack types?
Packet flood, SYN flood, Slowloris, NTP amplification, HTTP flood attack, DNS flood attack and DNS amplification attack.
What is a Software Development Toolkit (SDK)?
An SDK is a package of tools dedicated to a specific programming language or platform commonly used by developers wile creating applications because it comes with a collection of elements needed for that task and, in many cases, includes a debugger.
