Ch5 - System Security Threats Flashcards
Types of Privilege Escalation
Vertical privilege escalation
When someone with normal user access is able to raise their privileges to administrative access
Horizontal privilege escalation
When the same level of access is maintained, but the resource being accessed is different
Privilege de-escalation
When someone with administrative access is
able to lower their privilege level so that they can access data that a specific user has access to
Rootkits. Types of Rootkits
A rootkit is a software installed on the system by the hacker that is typically hidden from the administrator and that gives the hacker privileged access to the system.
Application-level
An application-level rootkit is a user mode executable file that gives the hacker access to the system. Examples of application-level rootkits are Trojan viruses.
Library-level
A library-level rootkit is not an executable file, but
rather is a library of code that can be called by an application. Library-level rootkits are DLL files that run in user mode and typically will replace a DLL on the system in order to hide themselves.
Kernel-level
A kernel-level rootkit is a rootkit loaded by the operating
system kernel and is typically planted on a system by replacing a device driver file on the system. A kernel-level rootkit runs in kernel mode as opposed to user mode, which means it runs with more privileges than a user mode rootkit and, as a result, has greater access
to the system and could cause more damage.
Virtualized
A virtualized rootkit is a rootkit that loads instead of the
operating system when a system starts. This rootkit then loads the real operating system in a virtualized environment. These rootkits are hard to detect because the operating system has no idea it is being hosted in
the virtualized environment, and because no application code or DLLs have been replaced in the operating system.
Firmware
A firmware rootkit is stored in firmware code on a system or device and is hard to detect because it is not present in the operating system.
Polymorphic Malware
Polymorphic malware is malware that alters itself to avoid detection from antivirus software that has a definition of the malware. Because the malware has mutated itself, it makes the definition in the antivirus software useless
Armored Virus
An armored virus is a virus that protects itself from being analyzed by security professionals. It is common for security personnel to decompile the virus code to better understand how the virus works. An armored virus makes it difficult for someone to decompile the program and view the code of the virus.
Bluesnarfing
A Bluetooth exploit that allows the hacker to connect to
a Bluetooth-enabled phone and to retrieve data off the phone
The unauthorized retrieval of data from a Bluetooth device
Bluejacking
The sending of unsolicited messages from one Bluetooth device to another Bluetooth device
Bluebugging
A Bluetooth exploit that involves the hacker gaining
access to the phone and leveraging its full capabilities, including making calls using the AT command set on the phone