Chapter 3 Application Attack Indicators

Question 1

Denial-of-Service Attack

Answer 1

• Denies authorized users access either to specific information or to the computer system or network itself.
• Denies the use of or access to a specific service or system.

Question 2

Bluejacking

Answer 2

• Used for sending of unauthorized messages to another Bluetooth device.

Question 3

Man in the Middle Attack

Answer 3

A mechanism whereby an attacker can inject himself into the middle of a conversation between two devices.

Question 4

Refactoring

Answer 4

• The process of restructuring existing computer code without changing its external behavior.
• A means by which an attacker can add functionality to a driver yet maintain its desired functionality.

Question 5

Shimming

Answer 5

• A process of putting a layer code between the driver and the OS.
• Allows flexibility and portability by enabling changes between different versions of an OS without modifying the original driver code.

Question 6

Pass the Hash

Answer 6

• The attacker captures the hash used to authenticate a process.
• The attacker does not need to know the password.

Question 7

Resource Exhaustion

Answer 7

• The state where a system does not have all of the resources it needs to continue to function.
• The aim attack;s aim is to deplete resources.

Question 8

Improper Error Handling

Answer 8

• Attackers can use the information they gather from errors to further their attack.

Question 8

Memory Leak

Answer 8

• Errors in memory management.
• Memory issues can go over time which consume more and more resources.

Question 8

Integer Overflow

Answer 8

• A programming error condition that occurs when a program attempts to store a numeric value.

Question 9

DLL Injection

Answer 9

An attack that uses the injection of a DLL onto a system, altering the processing of a program by in essence recoding it.

Question 9

Race Condition

Answer 9

An error condition that occurs when the output of a function is dependent on the sequence or timing of the inputs.

Question 10

Privilege Escalation

Answer 10

When the attacker exploits vulnerabilities to achieve root- or admin-level access.

Question 11

Injection Attacks

Answer 11

• When input is used in a fashion that allows command-line manipulation.
• Gives that attacker command-line access at the privilege level of the application.

Question 12

Structured Query Language (SQL)

Answer 12

• A form of code injection aimed at any SQL-based database, regardless of vendor.

Question 13

Dynamic-Link Library (DLL)

Answer 13

• A piece of code that can add functionality to a program though the inclusion of library routines linked at runtime.

Question 14

Lightweight Directory Access Protocol (LDAP)

Answer 14

• An injection-based attack.
• When an application constructs an LDAP request based on user input, failure to validate the input can lead to a bad LDAP request.

Question 15

Extensible Markup Language (XML)

Answer 15

XML that is maliciously altered can affect changes in configurations, changes in the data streams, changes in outputs.