Chapter 5

Question 1

Buffer Overflow

Answer 1

Occurs when an attacker manipulates a program into placing more data into an area of memory than is allocated for that programs use. Goal is to overwrite other information in memory with instructions that may be executed by a different process running on the system.

Question 2

Integer Overflow

Answer 2

Variant of buffer overflow, where the result of an arithmetic operation attempts to store an integer that is too large to fit in the specified buffer.

Question 3

Stack Overflow

Answer 3

Target the stack, which stores variable values and is managed by the operating system.

Question 4

Heap Overflows

Answer 4

Target the heap, which stores objects created by code and must be managed by application developers.

Question 5

Rootkits

Answer 5

Are hacking tools designed to automate privilege escalation attacks. An attacker who gains access to a normal user account may use a rootkit to exploit a vulnerability and perform a privilege escalation attack, seeking to gain administrative privileges.

Question 6

Arbitrary Code Execution

Answer 6

Vulnerabilities allow an attacker to run software of their choice on the targeted system. This can be a catastrophic event, particularly if the vulnerability allows the attacker to run the code with administrative privileges.

Question 7

Remote Code Execution

Answer 7

Vulnerabilities are an even more dangerous subset of code execution vulnerabilities because the attacker can exploit the vulnerability over a network connection without having physical or logical access to the target system.

Question 8

Debug Mode

Answer 8

That give developers crucial information needed to troubleshoot applications in the development process. Debug mode typically provides detailed information on the inner workings of an application and a server, as well as supporting databases. Although this information can be useful to developers, it can inadvertently assist an attacker seeking to gain information about the structure of a database, authentication mechanisms used by an application, or other details.

Question 9

Communication between TLS/SSL protocols

Answer 9

By using ciphers for encryption methods, they’re able to use cryptographic ciphers that can be used with those protocols on a server-by-server basis. When a client and server wish to communicate using SSL/TLS, they exchange a list of ciphers that each system supports and agree on a mutually acceptable cipher. Solving this common problem requires altering the set of supported ciphers on the affected server and ensuring that only secure ciphers are used.

Question 10

Use of Digital Certificates

Answer 10

SSL and TLS rely on the use of digital certificates to validate the identity of servers and exchange cryptographic keys. Digital certificates are useful only if the recipient of a certificate trusts the entity that issued it.

Question 11

Virtual Machine Escape

Answer 11

Vulnerabilities are the most serious issue that may exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. In an escape attack, the attacker has access to a single virtual host and then manages to leverage that access to intrude on the resources assigned to a different virtual machine (VM). The hypervisor is supposed to prevent this type of access by restricting a VM’s access to only those resources assigned to that machine. Escape attacks allow a process running on the VM to “escape” those hypervisor restrictions.

Question 12

Industrial Control Systems (ICSs)

Answer 12

Industrial control systems rely on a series of sensors and controllers distributed throughout the organization, collecting information and controlling activities.

Question 13

Programmable Logic Controllers (PLCs)

Answer 13

Specialized hardware controllers designed to operate in an IoT environment. PLC’s often uses specialized communication protocol called Modbus

Question 14

Modbus

Answer 14

Communicates with sensors and other IoT components over wired serial interfaces

Question 15

Embedded Systems

Answer 15

Computers integrated into the operation of another device, such as a vehicle, camera or multifunction printer

Question 16

Real-time operating systems (RTOSs)

Answer 16

Are slimmed-down operating systems designed to work quickly on IoT devices in a low-power environment.

Question 17

System on a Chip (SoC)

Answer 17

Is an entire embedded system packaged onto a single chip, often including a processor, memory, networking interfaces, and power management on the chip.

Question 18

Field-programmable gate arrays (FPGAs)

Answer 18

Are computer chips that allow the end user to reprogram their function, making them quite useful for embedded systems.

Question 19

Controller Area Network bus (CAN bus)

Answer 19

Networks are specialized networks designed to facilitate communication between embedded systems without the overhead of a TCP/IP network.

Question 20

Injection attacks

Answer 20

Occur when an attacker is able to send commands through a web server to a backend system, bypassing normal security controls and fooling the backend system into believing that the request came from the web server. Most common form is SQL injection attacks

Question 21

SQL Injection Attack

Answer 21

Exploits web applications to send unauthorized commands to a backend database server

Question 22

2 methods for protection of SQL Injection Attacks

Answer 22

Input validation and enforcement of least privilege restrictions on database access. Input validation ensures that users don’t provide unexpected text to the web server. It would block the use of the apostrophe that is needed to “break out” of the original SQL query. Least privilege restricts the tables that may be accessed by a web server and can prevent the retrieval of credit card information by a process designed to handle catalog information requests.

Question 23

Cross-site Scripting (XSS)

Answer 23

Attacker embeds scripting commands on a website that will later be executed by an unsuspecting visitor accessing the site. Idea is to trick a user visiting a trusted site into executing malicious code placed there by an untrusted third party.

Question 24

Persistent XSS

Answer 24

Attacks occur when the attacker is able to actually store the attack code on a server. This code remains on the server, waiting for a user to request the affected content. These attacks are also known as stored XSS attacks.

Question 25

Reflected XSS

Answer 25

Attacks occur when the attacker tricks a user into sending the attack to the server as part of a query string or other content. The server then sends the attack back to the user (reflecting it), causing the code to execute.

Question 26

Document Object Model (DOM)-based XSS

Answer 26

Attacks occur within a database maintained by the user’s web browser. These attacks are particularly insidious because they occur entirely on the user’s computer and are never seen by the remote web server.

Question 27

Directory Traversal

Answer 27

The attacker inserts filesystem path values into a query string, seeking to navigate to a file located in an area not normally authorized for public access. These attacks may occur when filenames are included in query strings. For example, if a web application retrieves policy documents from a remote storage device, it might include the name of the policy in a query string, such as this one:

Question 28

3 Ways to Prevent Directory Traversal Attacks

Answer 28

First, application designs should avoid including filenames in user-manipulatable fields, such as query strings. Second, input validation should prevent the use of special characters required to perform directory traversal. Finally, access controls on storage servers should restrict the web server’s access to files authorized for public access.

Question 29

Password Spraying Attacks

Answer 29

Occur when an attacker uses a list of common passwords and attempts to log into many different user accounts with those common passwords. The attacker only needs to find one valid username/password combination to gain access to the system. This attack is successful when users do not choose sufficiently unique passwords.

Question 30

Credential Stuffing

Answer 30

Attacks occur when an attacker takes a list of usernames and passwords that were stolen in the compromise of one website and uses them to attempt to gain access to a different, potentially unrelated, website. Credential stuffing attacks are successful when users reuse the same password across many different sites.

Question 31

Impersonation attack

Answer 31

Attacks occur when an attacker takes on the identity of a legitimate user

Question 32

MitM Attack

Answer 32

Attacks occur when an attacker is able to interfere in the communication flow between two systems.

Question 33

Session Hijacking

Answer 33

Focuses on taking over an already existing session, either by acquiring the session key or cookies used by the remote server to validate the session or by causing the session to pass through a system the attacker controls, allowing them to participate in the session. Much like impersonation and MitM attacks, securing the data that an attacker needs to acquire to hijack the session, either via encrypting network sessions or links or on the local system, can help limit opportunities for session hijacking.