Final Deck Flashcards
What are the steps in collecting forensic data?
- Secure physical and remote access to the system before it can be altered
- Begin eDiscovery. Place on legal hold.
- Classify evidence according to the order of volitility
- Acquire data using relevant tools
- Preserve the data in accountable, unalterable form
- Analyze collected data to determine what is relevant to the case
- Assemble your findings into a report
What is the order of volatility?
- CPU registers and cache memory
- Routing tables, ARP cache, process tables, and kernel stats
- Other RAM contents
- Swap files or other temporary file systems
- Other data on hard drives or flash media
- Network logging data
- Firmware of physical configuration
- Archival media such as optical disks or printouts.
This software is placed on some network appliance such as a firewall or router. It scans all outgoing data passing through that point. It can protect the entire organization, but it can’t scan something like encrypted data sent over a TLS connection, or someone copying data to an unauthorized system or storage device inside the network.
Network-based DLP
This software can protect all data which passes through the endpoint it’s installed on, such as stored files, print jobs, encrypted network connections, and data copied to USB drives. The drawbacks are that it must be installed on every endpoint that handles sensitive data and that it might be compromised by any
attack which compromises that host.
Endpoint DLP
What protocol is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol.
Secure Copy Protocol (SCP)
What type of injection attack is this an example of?
&(USER=john90)(&))(PASSWORD=Pwd)
LDAP injection
What type of injection attack is this an example of?
SELECT * FROM Users WHERE Name =”” or “”=”” AND Pass =”” or “”=””
SQL injection
What type of injection attack is this an example of?
db.collection.find( { $where: function() {
return (this.name == ‘a’; sleep(5000) ) } } )
NoSQL injection (specifically Javascript against a MongoDB database)
What type of injection attack is this an example of?
http://www.example.com/create_user.php?name=thomas&password=hfdj7!dn0thomas@mail.com
XML injection
What type of injection attack is this an example of?
?xml version=”1.0” encoding=”UTF-8”?
!DOCTYPE foo [ !ENTITY xxe SYSTEM “file:///etc/passwd” ]
stockCheck>&xxe;
XML External Entities
Which OSI layer is affected by DoS attacks such as cutting cables and wireless jamming
OSI Layer 1: Physical
Which OSI layer is often attacked by targeting insecure protocols or routers, usually comes from within the network, and includes MAC flooding or ARP poisoning?
OSI Layer 2: Data Link
Which OSI layer can be targeted remotely and include ping floods and ICMP attacks?
OSI Layer 3: Network
Which OSI layer involves TCP/UDP and is often attacked by port scanning?
OSI Layer 4: Transport
Parameter based, session restoration, DOM based, javascript based and XSS are all methods of what attack?
URL redirection
What type of DDOS attack is most common?
Network based
What is the DOS technique that floods the target with enough data or requests that it can’t respond to all of them?
Resource Exhaustion
Which DOS attack sends so many ICMP ping requests that it consumes the hosts network bandwidth and system resources?
ping flood
Which DDOS attack relies on IP spoofing to generate overwhelming traffic from unrelated systems
reflected attack
Which DDOS attack is like a ping flood, but instead of pinging the target directly, the attacker pings a lot of other systems with spoofed IP return addresses.
smurf attack
Which DDOS attack floods random ports on a remote host. This causes the host to repeatedly check for the application listening at that port, and (when no application is found) reply with an ICMP ‘Destination Unreachable’ packet.
UDP Flood
In which DDOS attack does the requester sends multiple SYN requests, but either does not respond to the host’s SYN-ACK response, or sends the SYN requests from a spoofed IP address.
SYN flood
Which DDOS attack sends multiple malformed or malicious pings to a computer.
Ping of Death
In the industrial sector, DDOS attacks can be particularly dangerous to which systems?
Industrial Control Systems (ICS)