Comparing Common Attacks

Question 1

what attack typically changes data to impersonate another system or person?

Answer 1

Spoofing attack.

Question 2

DoS attacks often use what other type of attack to acheive the goal of DoS?

Answer 2

Syn flood attack

Question 3

What common attack is a form of active interception/eavesdropping

Answer 3

Man-In-The-Middle

Question 4

How does ARP poisoning enable man-in-the-middle and DoS attacks?

Answer 4

It enables MITM attack because it associates both the gateway and victim machine with the MAC address of the attacker.
It can be used for DoS attacks by redirecting the internet gateway to a MAC address of a bogus machine

Question 5

What type of attack would it be if a bogus MAC address was sent out to computers claiming it was the default gateway? What would happen?

Answer 5

ARP DoS attack

None of the computers could connect out the network because the MAC address for the default gateway is invalid.

Question 6

How does DNS poisoning work and what’s the end result?

What can DNS servers implement to protect against these attacks?

Answer 6

changes the ip addresses associated with a CNAME to redirect users to a different website
SECDNS protects against DNS poisoning

Question 7

Modifying the hosts file to include an entry that points a website to a different IP than it’s original address is known as what?

Answer 7

DNS Pharming

note - DNS pharming is essentially the same as DNS poisoning

Question 8

What attack involves spoofing the source IP address as the victims machine and sends out ICMP packets as a broadcast to generate lots of replies to that machine?

Answer 8

Smurf attack [DNS amplification attacks work on the same principle but zone information is sent to the victim’s machine]

Question 9

most authentication protocols can encrypt the what before it is sent across the network?

Answer 9

the password or the hash of the password

Question 10

Which old Microsoft client authentication protocols are susceptible to pass the hash attacks? What can be used instead to eliminate the risk?

Answer 10

Lan Manager and NT Lan Manager (NTLM).

NTLMv2 or Kerberos authentication are not susceptible to pass the hash

Question 11

What is a hash collision?

Answer 11

when the hashing algorithm creates the same hash from more than one word

Question 12

what method of modifying passwords is used to thwart what types of password attacks? How?

Answer 12

Salting. It adds extra characters to the original password. Brute Force attacks and Rainbow table attacks will have less chance of success because they are looking for original spellings or character combinations

Question 13

What attack involves an attacker capturing authentication credentials between two computers and then later using the same information to initiate communicate with one of them by impersonating one of the machines in the earlier capture?

Answer 13

Replay attack

Question 14

Timestamps and sequence number thwart what type of attack? What commonly used Windows client authentication protocol uses it?

Answer 14

replay attacks

Kerberos

Question 15

In an encryption/de-encryption attack, when the attacker knows all of the plaintext in a message and some of the cyphertext, what is the attack known as?

Answer 15

known plaintext

Question 16

In an encryption/de-encryption attack, when the attacker knows some of the plaintext in a message and some of the cyphertext, what is the attack known as?

Answer 16

chosen plaintext

Question 17

Typo URLs are a form of what type of attack?

Answer 17

Hijack attack

Question 18

Session hijack involves an attacker stealing what from your computer and then doing what with it? What other attack is used to facilitate this?

Answer 18

They steal the session ID cookie.
The cookie is used by websites to identify you and can use it to log you in automatically
The attacker can then use your session ID to log into your account
Cross-site scripting is used to to steal session ID cookies

Question 19

What type of attack is a type of proxy trojan horse that infects web browsers and captures keystrokes and sends them to the attacker?

Answer 19

man-in-the-browser

Question 20

what is a shim?

Answer 20

a piece of code written to be run when an application needs to access an old driver that isn’t compatible with the current operating system

Question 21

when the internal processing of code is re-written, without changing its external behaviour, what is it called?

What is it usually done for?

Answer 21

Refactoring

It is usually done to correct problems related to software design

Question 22

what is a buffer?

Answer 22

a specific area of memory reserved for an application

Question 23

what happens in a buffer overflow?

Answer 23

an application received more input than the buffer size or different input to what it expects and causes an area of memory to be exposed that normally would be protected and inaccessible.

Question 24

buffer overflow attack can be used to crash the system or…

Answer 24

insert malicious code into the exposed area of memory.

Question 25

What type of code commands used in buffer overflow attacks causes the processor to execute them one after the other if it happens upon the section of memory that contains the codes?

Answer 25

No Operation commands (NOP commands). Malicious code is then added to the end of the NOP commands which forces the processor to execute the code.

Question 26

What is a DLL and what is DLL injection?

Answer 26

A DLL is an independent piece of code that other applications can use instead of the programmer creating the code themselves
A DLL injection is an attack where a malicious DLL is injected into a system’s memory to execute.

Question 27

What’s the difference between a DoS and DDoS?

Answer 27

DoS is initiating from a single computer whereas DDoS attacks is initiated from many different computers and usually features a sustained, abnormally high network traffic.

Question 28

What attack has the goal of misleading computers/switches about the actual MAC address of a system?

Answer 28

ARP poisoning

Question 29

What type of spoofing attack is ARP poisoning associated with?

Answer 29

IP spoofing

Question 30

Code that attempts to insert a number 128bits in size into an area of memory or variable 64bits in size causes what type of error?

Answer 30

Integer overflow error.

Question 31

Integer overflow error can cause a buffer overflow if…

Answer 31

if there is inadequate exception and error handling

Question 32

What do developers need to check for to avoid buffer overflows?

Answer 32

buffer boundaries

Question 33

what stores a reference to something in programming languages? What do they save the application module from doing?

Answer 33

pointer references.

they save it from passing the entire data array into memory

Question 34

what attack is this instruction used for - x90?

Answer 34

NOP instruction for a buffer overflow attack