Advanced Threats

Question 1

IV (Initialization Vector)

Answer 1

Provides randomization of encryption keys to ensure they are not reused.

Question 2

IV Attack

Answer 2

Packet injection to increase the number of packets to analyze and discover the encryption key. (Less keys means higher risk of discovery)

Question 3

Banner Grabbing

Answer 3

Fingerprinting attack. Telnet Port 80. HTML response might have useful info such as Web Server software brand

Question 4

Spoofing

Answer 4

Email Spoofing, MAC Address Spoofing

Question 5

Smurf Attack

Answer 5

Spoofs source IP address of a directed broadcast ping packet to flood a victim with ping replies.

Countermeasure: Disable Directed Broadcasts. Most routers do this.

Question 6

SYN Flood

Answer 6

Disrupts TCP handshake process.

Client sends Syn
Server Sends SYN/ACK
Client never responds with ACK

This leaves connections open. Once connection limit is reached, server is unreachable.

Countermeasure: Flood guards (included in most firewalls and IDS)

Question 7

XMAS Attack

Answer 7

Recon attack. Sets certain bits/flags in packet headers.

Different OS’s respond in different ways. Attackers analyze responses.

Most IDS and IPS can detect.

Question 8

Replay attacks

Answer 8

Attacker replays data that was already part of session.

Countermeasure: Timestamp and sequence numbers

Question 9

MITM

Answer 9

Interception/Eavesdropping

Kerberos helps prevent MITM attacks with mutual authentication

Question 10

Password attack location

Answer 10

Online and Offline Attacks

Question 11

Birthday attack

Answer 11

Attacker create a password that produces the same hash as the users actual password.

Countermeasure: Increase the number of bits in the hash to increase the number of possible hashes.

Question 12

Rainbow table attack

Answer 12

Attempts to discover password from hash.

Uses “huge databases of precomputed hashes.”

Countermeasure: Salting

Question 13

DNS Poisoning

Answer 13

Modifies or Corrupts DNS results.

Question 14

Pharming

Answer 14

Corrupts the DNS Server or DNS Client

Client DNS Pharming modifies the hosts file.

Question 15

ARP Poisoning

Answer 15

Misleads computers or switches about the actual MAC address of a system.

Question 16

Two ARP Poisoning attacks

Answer 16

ARP MITM, ARP DoS

Question 17

Watering Hole Attack

Answer 17

Attempts to discover which web sites employees will likely visit and infects those sites with malware that can infect visitors.

Question 18

Session Hijacking

Answer 18

Attacker learns session ID and uses it to impersonate user

Question 19

Flash Cookies and LSO’s (local shared objects)

Answer 19

Used for tracking

Question 20

Arbitrary Code Execution

Answer 20

Attacker executes commands on a target system

Question 21

Remote Code Execution

Answer 21

Attacker executes code from a remote system

Question 22

Header Manipulation

Answer 22

Attacker modifies data in a packet such as session ID

Question 23

Race condition

Answer 23

Two or more applications attempt to access a resource at the same time.

Question 24

Buffer Overflow

Answer 24

Application receives more input that it can handle or different than it expects. Exposes system memory.

Question 25

SQL Injection

Answer 25

Pass queries to back end DB’s through web servers

Question 26

or ‘1’ = ‘1’

Answer 26

SQL Injection phrase to create “true” condition

Question 27

SQL Injection Prevention

Answer 27

Input validation and sending requests to “stored procedures”

Question 28

Cross Site Scripting

Answer 28

Scripts are injected into websites. Scripts contain malicious code.

Question 29

Cross Site Request Forgery (XSRF)

Answer 29

Bad links on good sites. Users perform actions on web sites without their knowledge.

Countermeasure: Sign back in before to performing actions. Expire cookies after a short time.

Question 30

Command injection

Answer 30

Inject OS commands into web forms or text boxes.

Countermeasure: Input Validation

Question 31

Transitive access

Answer 31

Jumping from a public service to a private one. Ex: Going from public web server to back end DB server.

Common example: SQL Injection

Question 32

Fuzzing

Answer 32

Send random data to an application. Random data can crash the program or provide unexpected results.