CySA+ Study Notes 16 Flashcards
DRM (authorized players) = content locked to certain device which uses cryptographic key to identify itself.
DRM (authorized viewers) = DRM file locked to certain software running on computing host like PDF viewer or video player preventing copying by other apps running on same device. Use hash value to identify each computer.
info
buffer overflow occurs when a program writes more data than the allocated memory buffer can hold. An attacker could use a buffer overflow to change the return address, allowing the attacker to run arbitrary code on the system.
Heap Overflow : heap is an area of memory allocated by the application during execution to store a variable. The heap can be used to store larger amounts of data than the stack and variables are globally accessible to the process. A heap overflow can overwrite those variables and possibly allow arbitrary code execution.
Integer Overflow : taking a positive or negative number and making it exceeds bounds of software processing.
buffer overflows
ASLR randomizes where components of a running process—the base executable, APIs, the heap, and so on—are placed in memory, which makes it more difficult to aim a buffer overflow at specific points in the address space.
A pointer is a reference to an object at a particular memory location. Attempting to access that memory address is called dereferencing.
info
Race conditions occur when the outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer. A race condition vulnerability is typically found where multiple threads are attempting to write a variable or object at the same memory location. ex : null pointer dereference.
(TOCTTOU) race condition occurs when there is a change between when an app checked a resource and when the app used the resource.
info
Scripted installations and baseline configuration templates can help to ensure that weaknesses in the environment are eliminated. Code Reuse, 3rd-party library, SDK are all insecure components which should be patched or monitored etc …
info
If an attacker is able to manipulate a parameter that directly references an object, he or she can craft that parameter to grant access to other objects the attacker would normally be unauthorized to access.
Insecure Object Reference
XML bomb (Billion Laughs attack)—The XML encodes entities that expand to exponential sizes, consuming memory on the host and potentially crashing it.
XML External Entity (XXE)—This type of attack embeds a request for a local resource, such as the server’s password file.
Extensible Markup Language (XML) is used by web applications for authentication and authorizations, and for other types of data exchange and uploading. Data submitted via XML with no encryption or input validation is vulnerable to spoofing, request forgery, and injection of arbitrary data or code.
info
Password spraying—This means that the attacker chooses one or more common passwords and tries them in conjunction with multiple usernames.
Credential stuffing—This means that the attacker tests username and password combinations against multiple online sites.
info
remote file inclusion (RFI), the attacker executes a script to inject a remote file into the web app or website.
local file inclusion (LFI), the attacker adds a file to the web app or website that already exists on the hosting server.
file inclusion attack : the attacker adds a file to the running process of a web app or website.
info
persistent (or stored) XSS attack aims to insert code into a back-end database used by the trusted site. For example, the attacker may submit a post to a bulletin board with a malicious script embedded in the message. When other users view the message, the malicious script is executed.
DOM XSS attack exploits vulnerability in client-side scripts. Such scripts often use the document object model (DOM) to modify the content and layout of a web page.
info
