Analyzing Attacks on Computing and Network Environments Flashcards
System Hacking Steps
Start with a goal > Plan the attack > Perform recon > ID potential vulnerabilities > Exploit vulnerabilities > Cover tracks
Hybrid Password Cracking
Combines brute-force and dictionary attacks, modifies a word list or dictionary with common letter substitutions and appended numbers and characters
Rainbow Tables
Pre-computed passwords and hashes that can be matched to a stolen hash. Works mainly on older hashing algorithms like MD5 and SHA-1. 256-512+ bit hashes are too big, and salted hashes further reduce efficacy
Masked Attack
Type of brute-force password cracking using wildcards for variations on common characteristics (first letter capitalized, last 4 chars are digits representing a year, etc)
Privilege Escalation
When a user is able to obtain access to additional resources or functionality they normally cannot
Vertical Privilege Escalation
When a user gains additional privileges not part of their role, such as admin functions or root access
Horizontal Privilege Escalation
When a user accesses resources they are not entitled to, such as another user’s data
Stored XSS Attack
When an attacker injects malicious code or links into a website’s forums, databases, etc
Reflected XSS Attack
When an attacker crafts a form or request to be sent to a legit web server that includes malicious script, then tricks a victim into clicking a link to send that malicious request to the web server, which is then reflected back and executes in the victim’s browser
DOM-based XSS Attack
When malicious scripts take advantage of a web app’s client side implementation of JavaScript to execute the attack solely on the client
XSRF/CSRF Attack
Exploits trust between browser and persistent cookies, which store authentication data, allowing the attacker to trick the user into unwittingly completing a task on their behalf
Command Injection
An attack that introduces malicious code into a vulnerable application to compromise the security of the application
SQL Injection
A type of command injection attack using SQL syntax directed at a server by accessing the client side of the application
Parameterized Queries / Prepared Statements
SQL Injection defense, incorporates placeholders into backend queries
Directory Traversal
Accessing a file from a location the user is not allowed to access
Remote File Inclusion
Attacker uses a script to inject a file into a web app or site
Local File Inclusion
Attacker adds a file to the web app or site that already exists on the hosting server, such as cmd.exe
Session Fixation
Web attack forcing a user to browse a website in the context of a known and valid session
Session Prediction
Web attack focusing on identifying weaknesses in session token generation that will allow an attacker to predict future session values
Clickjacking
Web attack where an attacker tricks a client into clicking a web page that is different from where they had intended to go, usually using iframes
Cookie Hijacking
Web attack where an attacker intercepts a cookie to inject malicious code that they can use to take control of the session
Cookie Poisoning
Web attack where the contents of a cookie are modified to be used to exploit vulnerabilities in the web app
Virus
A piece of code that spreads from one computer to another by attaching itself to other files to replicate. Requires human intervention to spread.
Worm
Self-replicating malware. Does not need human interaction, does not attach to files
