Chapter 1.2

Question 1

shim

Answer 1

The code library to enable legacy mode is a shim. The shim must be added to the registry and its files added to the system folder. The shim database is a way that allows malware to run with persistence

Question 2

rainbow tables

Answer 2

Rainbow tables are associated with attacks where an attacker uses a set of related plaintext passwords and their hashes to crack passwords.

Question 3

ARP poisoning

Answer 3

To sniff all traffic on a switched network, the switch must be overcome using ARP poisoning. ARP poisoning occurs when an attacker, with access to the network, redirects an IP address to the MAC address of an unintended computer.

Question 4

DNS spoofing

Answer 4

Domain Name System (DNS) spoofing is an attack that compromises the name resolution process, and can be used to facilitate pharming or Denial of Service (DoS) attacks.

Question 5

IP spoofing

Answer 5

IP spoofing occurs when an attacker sends IP packets from a false (or spoofed) source address to communicate with targets.

Question 6

TCP/IP hijacking

Answer 6

Transmission Control Protocol/Internet Protocol (TCP/IP) hijacking is a type of spoofing attack where the attacker disconnects a host, then replaces it with his or her own machine, spoofing the original host’s IP address.

Question 7

DRDoS

Answer 7

In a Distributed Reflection Denial of Service (DRDoS) attack, the adversary spoofs the victim’s IP address and attempts to open connections with multiple servers. Those servers direct their SYN/ACK responses to the victim server. This rapidly consumes the victim’s available bandwidth.

Question 8

Smurf attack

Answer 8

In a Smurf attack, the adversary spoofs the victim’s IP address and pings the broadcast address of a third-party network. Each host directs its echo responses to the victim server.

Question 9

MitB

Answer 9

A MitB attack is where the web browser is compromised by installing malicious plug-ins, scripts or intercepting API calls. Vulnerability exploit kits can be installed to a website and actively try to exploit vulnerabilities in clients browsing the site.

Question 10

skimming

Answer 10

Skimming is an RFID attack where an attacker uses a fraudulent RFID reader to read the signals from a contactless bank card.

Question 11

DNS spoofing vs DNS cache poisoning

Answer 11

cache poisoning involves attacking the DNS server, while spoofing attacks a cilent’s DNS host file.

Question 12

pass-the-hash

Answer 12

Pass-the-hash occurs when the attacker steals hashed credentials and uses them to authenticate to the network. This type of attack is prevented by using once-only session tokens or timestamping sessions.

Question 13

birthday attack

Answer 13

A birthday attack is a type of brute force attack aimed at exploiting collisions in hash functions. This type of attack can be used for forging a digital signature.

Question 14

downgrade attack

Answer 14

A downgrade attack is used to facilitate a Man-in-the-Middle (MitM) attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths.

Question 15

replay attack

Answer 15

A replay attack consists of intercepting a key or password hash, then reusing it to gain access to a resource. This type of attack is prevented by using once-only session tokens or timestamping sessions.