Chapter 1.3 - Application Attacks Flashcards
Given the scenario, analyze potential indicators associated with application attacks
Privilege Escalation
Gaining higher-level access to a system
More capabilities
Cross-Site Scripting (XSS)
Type of injection, in which malicious scripts are injected into otherwise benign and trusted websites
Non-persistent (Reflected) Cross-Site Scripting Attack
The injected malicious script is “reflected” off the web server as a response that includes some or all of the input sent to the server as part of the request
Persistent (Stored) Cross-Site Scripting Attack
Posting a message to a social network that includes a malicious payload
Posted and propagated to others
Code Injection
Adding your own information into a data stream
Structured Query Language (SQL) Injection
Inserting an SQL query into regular input or form fields in order to get credentials such as a username or password
Extensible Markup Language (XML) Injection
Modify requests and sending data and storing it in a different location
Lightweight Directory Access Protocol (LDAP) Injection
Modify requests and gaining directory information you normally would not have access to
Dynamic-Link Library Injection
Inject a DLL into an application and have that application run the code for us
Buffer Overflows
Overwriting a buffer memory and have it spill over into other memory areas
Replay Attacks
Data transfer is maliciously repeated or delayed
NOT an On-path attack
Cross-Site Request Forgery
Malicious exploit of a website or web application where unauthorized commands are submitted from a user that the web application trusts
Pointer/ Object Dereference
Programming technique that references a portion of memory
Directory Traversal/ Path Traversal
Reading files from a web server that are outside the website’s file directory
Race Conditions
Two commands happening at the same time without being planned for
Error Handling
Giving just enough information when an error is made so an attacker exploit the system
Improper Input Handling
Finding input that can be malicious so an attack can be executed
Session Replays
Reproduction of a user’s interactions on a website or web application exactly how the user actually experienced it
Integer Overflow
When you attempt to store inside an integer variable a value that is larger than the maximum value the variable can hold
Server-Side Request Forgery
Attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker
Application Programming Interface (API) Attacks
The malicious usage or attempted usage of an API from automated threats such as access violations, bot attacks or abuse
Resource Exhaustion
Happens when a system or system user uses up all the available resources that the system has, leading it to be completely drained
Specialized DoS attack
Zip Bomb
Memory Leak
When unused memory is not properly released, begins to grow in size, eventually uses all available memory, and the system crashes
Secure Sockets Layer (SSL) Stripping
Combines on-path attack with a downgrade attack
Type of cyberattack in which an attacker downgrades a website from secure HTTPS to an insecure HTTP connection
Driver Manipulation
The alteration of system drivers to achieve a malicious outcome
Shimming
Filling in the space between two objects (middleman)
Inserting a layer between an application and the operating system to modify the behavior of the application
Refactoring
Appears different each time malware is downloaded
Add loops, points string codes, etc.
Can intelligently redesign itself
Pass the Hash (PtH)
Type of cybersecurity attack in which an attacker steals a “hashed” user credential and uses it to create a new user session on the same network
Time-of-check to Time-of-use Attack (TOCTOU)
Race condition that occurs when a resource is checked for a particular value, such as whether a file exists or not, and that value then changes before the resource is used, invalidating the results of the check
