Analyzing Attacks on Computing and Network Environments

Question 1

System Hacking Steps

Answer 1

Start with a goal > Plan the attack > Perform recon > ID potential vulnerabilities > Exploit vulnerabilities > Cover tracks

Question 2

Hybrid Password Cracking

Answer 2

Combines brute-force and dictionary attacks, modifies a word list or dictionary with common letter substitutions and appended numbers and characters

Question 3

Rainbow Tables

Answer 3

Pre-computed passwords and hashes that can be matched to a stolen hash. Works mainly on older hashing algorithms like MD5 and SHA-1. 256-512+ bit hashes are too big, and salted hashes further reduce efficacy

Question 4

Masked Attack

Answer 4

Type of brute-force password cracking using wildcards for variations on common characteristics (first letter capitalized, last 4 chars are digits representing a year, etc)

Question 5

Privilege Escalation

Answer 5

When a user is able to obtain access to additional resources or functionality they normally cannot

Question 6

Vertical Privilege Escalation

Answer 6

When a user gains additional privileges not part of their role, such as admin functions or root access

Question 7

Horizontal Privilege Escalation

Answer 7

When a user accesses resources they are not entitled to, such as another user’s data

Question 8

Stored XSS Attack

Answer 8

When an attacker injects malicious code or links into a website’s forums, databases, etc

Question 9

Reflected XSS Attack

Answer 9

When an attacker crafts a form or request to be sent to a legit web server that includes malicious script, then tricks a victim into clicking a link to send that malicious request to the web server, which is then reflected back and executes in the victim’s browser

Question 10

DOM-based XSS Attack

Answer 10

When malicious scripts take advantage of a web app’s client side implementation of JavaScript to execute the attack solely on the client

Question 11

XSRF/CSRF Attack

Answer 11

Exploits trust between browser and persistent cookies, which store authentication data, allowing the attacker to trick the user into unwittingly completing a task on their behalf

Question 12

Command Injection

Answer 12

An attack that introduces malicious code into a vulnerable application to compromise the security of the application

Question 13

SQL Injection

Answer 13

A type of command injection attack using SQL syntax directed at a server by accessing the client side of the application

Question 14

Parameterized Queries / Prepared Statements

Answer 14

SQL Injection defense, incorporates placeholders into backend queries

Question 15

Directory Traversal

Answer 15

Accessing a file from a location the user is not allowed to access

Question 16

Remote File Inclusion

Answer 16

Attacker uses a script to inject a file into a web app or site

Question 17

Local File Inclusion

Answer 17

Attacker adds a file to the web app or site that already exists on the hosting server, such as cmd.exe

Question 18

Session Fixation

Answer 18

Web attack forcing a user to browse a website in the context of a known and valid session

Question 19

Session Prediction

Answer 19

Web attack focusing on identifying weaknesses in session token generation that will allow an attacker to predict future session values

Question 20

Clickjacking

Answer 20

Web attack where an attacker tricks a client into clicking a web page that is different from where they had intended to go, usually using iframes

Question 21

Cookie Hijacking

Answer 21

Web attack where an attacker intercepts a cookie to inject malicious code that they can use to take control of the session

Question 22

Cookie Poisoning

Answer 22

Web attack where the contents of a cookie are modified to be used to exploit vulnerabilities in the web app

Question 23

Virus

Answer 23

A piece of code that spreads from one computer to another by attaching itself to other files to replicate. Requires human intervention to spread.

Question 24

Worm

Answer 24

Self-replicating malware. Does not need human interaction, does not attach to files

Question 25

Adware

Answer 25

Software that automatically displays or downloads advertisements

Question 26

Spyware

Answer 26

Secretly installed malicious software intended to track and report usage or collect data

Question 27

Trojan Horse

Answer 27

Hidden malware that causes damage to a system or gives an attacker a platform for monitoring or controlling a system, typically appearing as harmless software

Question 28

Rootkit

Answer 28

Code intended to take full or partial control of a system at the lowest level, often hidden from system processes

Question 29

Logic Bomb

Answer 29

A piece of code that sits dormant on a system until triggered when certain conditions are met, then performs some desired action

Question 30

Ransomware

Answer 30

Code that restricts access to a victim’s files until a ransom is paid

Question 31

Malvertisement

Answer 31

Malicious code delivered through advertisements

Question 32

Polymorphic Virus

Answer 32

An encrypted virus that changes its own decryption module to avoid signature-based detection

Question 33

Armored Virus

Answer 33

Obscures location within a system and contains obfuscated code to make it difficult to find and eradicate

Question 34

ARP Spoofing/Poisoning

Answer 34

When an attacker redirects an IP address to a MAC address that was not its intended destination

Question 35

DNS Poisoning

Answer 35

An attacker is able to modify a DNS server cache so it returns a fraudulent IP address to the user

Question 36

DNS Hijacking

Answer 36

An attacker modifies a computer’s DNS config to point to a rogue DNS server controlled by the attacker

Question 37

ICMP Redirect

Answer 37

A network transmission that informs a host that a better routing path is avialable. Can be spoofed to redirect the host along a malicious path. Takes advantage of Type 5 control message for ICMP

Question 38

DHCP Spoofing

Answer 38

When an attacker responds to a host request for address assignment before the legitimate DHCP server can

Question 39

NBNS Spoofing

Answer 39

When an attacker responds to a request for name service resolution over NetBIOS

Question 40

ICMP Flood

Answer 40

DoS attack where high volumes of ICMP packets are sent to a target, aka Smurf attacks or ping flood

Question 41

UDP Flood

Answer 41

DoS attack where the attacker sends a high volume of UDP ping requests, usually spoofing the source IP which results in the spoofed IP getting Dos’d

Question 42

SYN Flood

Answer 42

DoS attack where the attacker sends lots of TCP connection requests. For each SYN-ACK the server responds with, it creates memory space for the session, and eventually runs out of memory due to incomplete TCP connections

Question 43

Buffer Overflow

Answer 43

When too much data is sent to a fixed-length memory buffer, resulting in adjacent areas of memory being overwritten

Question 44

Reflected DoS Attack

Answer 44

When a spoofed source IP sends requests to a large number of computers, and they all send responses to the spoofed IP, overwhelming the real machine at that IP