Domain 2.2-2.4 Flashcards
eliciting information
extracting info from the victim
watering hole attack
you wait where you know the company will come and set a trap there.
Typosquatting
also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else’s brand or copyright)
memory injection
add code into the memory of an existing process.
DLL injection
dynamic link library
-a windows library containing code and data.
attackers inject a path to a malicious DLL
buffer overflows
overwriting a buffer of memory so it spills over into other memory areas
race condition
time of check to time of use (TOCTOU), something might happen between the check and the use.
malicious update
update from a third party. always have a backup.
os vulnerabilities
millions of lines of code, havent found all vulnerabilities.
SQL injection
Your own Structured Query Language requests into a websites code and make it do whatever you want.
XSS
are used to redirect users to websites where attackers can steal data from them. uses Javascript
non-persistent (reflected) XSS attack
script not stored on in the victim’s memory. has to be copy and pasted in the browser
persistent (stored) XSS attack
code that is stored in the victims cookies or the server’s database.
EOL
End-of-Life, manufacturer stops selling a product
EOSL
End of Service Life
Support is no longer available for the product