Application/Service Attacks Flashcards
What is a DoS attack?
Flooding a target machine or resource with many requests to overload the system and prevent use of its resources.
What is a DDoS attack?
Multiple different sources attack one victim.
What is a Buffer Overflow?
A program attempts to write more data than can be held in a fixed block of memory.
What is an Injection attack?
Occurs from processing invalid data, inserts code into the vulnerable computer program and changes the course of execution.
What is a Cross-Site Scripting attack?
Found in web applications, allows for an attacker to inject client-side scripts in web pages.
What is a Cross-site request forgery?
Unauthorized commands are sent from a user that is trusted by the website. Allows the attacker to steal cookies and harvest passwords
What is a privilege escalation attack?
An attack that exploits a vulnerability that allows them to gain access to resources that they normally would be restricted from accessing.
What is an ARP Poisoning attack?
The act of falsifying the IP-to-MAC address resolution system employed by TCP/IP.
What is an Amplification attack?
The amount of traffic sent by the attacker is originally small but then is repeatability multiplied to place a massive strain on the victim’s resources, in an attempt to cause it to fail or malfunction.
What is DNS Poisoning?
Is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.
What is Domain hijacking?
The act of changing the registration of a domain name without the permission of the victim.
What is a Man-in-the-browser attack?
A proxy Trojan horse that infects web browsers and capture browser session data
What is a Zero Day Attack?
The aim is to exploit flaws or vulnerabilities in targeted systems that are unknown or undisclosed to the world in general. Meaning that there is no direct or specific defense to the attack; which puts most systems vulnerable assets at risk.
What is a Replay attack?
Is a network-based attack where a valid data transmission is rebroadcasted, repeated, or delayed.
What is a Pass the Hash attack?
An authentication attack that captures and uses the hash of a password. The attacker then attempts to log on as the user with the stolen hash. This type of attack is commonly associated with the Microsoft NTLM (New Technology LAN Manager) protocol.