Information Security Attacks

Question 1

Describe the following classification of attacks:
a) Passive
b) Active
c) Close-In
d) Insider
e) Distribution

Answer 1

a) Intercept and monitor traffic but do not tamper with the data.
b) Tamper with the data while in transmission.
c) Performed when attacker is in close proximity of the target.
d) Using privileged access to intentionally cause harm to an organization.
e) When attackers tamper with hardware/software prior to installation.

Question 2

What is hacking?

Answer 2

Exploiting system vulnerabilities to gain unauthorized acces to a systems resource.

Question 3

Describe the following steps in EC-Councils Hacking Methodology:
a) Footprinting and Reconnaissance
b) Scanning
c) Gaining Access
d) Maintaining Access
e) Clearing Tracks

Answer 3

a) Preparatory phase where the attacker gathers information about a target prior to ana attack.
b) When the attacker scans the network to gather informated about the hosts, ports, services, OS details and device types.
c) When the attacker obtains access to the OS or applications on the target computer or network.
d) When the attacker tries to retain persistent ownership of the system.
e) When the attacker hides their malicious attacks.

Question 4

Describe these steps of the Cyber Kills Chain:
a) Reconnaissance
b) Weaponization
c) Delivery
d) Exploitation
e) Installation
f) C & C
g) Actions on Objectives

Answer 4

a) Gather info on target
b) Create the malicious payload
c) Send the payload via email, USB, etc.
d) Exploit the vulnerability of target system
e) Instal malware on target system
f) Creates a channel to communicate with attacker to pass data back and forth.
g) Perform actions to achieve intended objectives/goals.

Question 5

Describe the following:
a) Tactics
b) Techniques
c) Procedures

Answer 5

a) Describe the way an attacker performs the attack.
b) Are the technical methods used by an attacker.
c) Is the step-by-step process attackers use to launch an attack.

Question 6

MITRE Attack Framework
a) Recon
b) Weaponize
c) Deliver
d) Exploit
e) Control
f) Execute
g) Maintain

Question 7

What is the Diamond Model of Instrusion and its components?

Answer 7

It is a framework that provides a structured way to organize information about an attack. Its components are:
a) Adversary - who was behind the attack
b) Victim - where the attack was peformed
c) Capability - how the attack was performed
d) Infrastructure - What the adversary used to reach the victim.

Question 8

What is Packet SNiffing?

Answer 8

The process of monitoring and capturing data packets passing through a given network.

Question 9

What is a Man-in-the-middle (MITM) attack?

Answer 9

Is used to intrude on an existing connection to intercept the messages being exchanged.

Question 10

What is DNS Poisoning?

Answer 10

Is the unauthorized manipulation of IP addresses in the DNS cache. Corrupted entries can lead user to a malicious website.

Question 11

What is Domain Hijacking?

Answer 11

When domain ownership is changed to the attacker’s server witht their consent of the owner.

Question 12

What is ARP Spoofing/Poisoning?

Answer 12

Involves sending a large number of forged or manipulated entries to the ARP cache.

Question 13

What is a DHCP Starvation Attack?

Answer 13

Is the process of sending fake DHCP requests to use up all the available IP address within a network.

Question 14

What is MAC Spoofing?

Answer 14

When an attacker uses a legitimate users MAC addres to receive all the traffic destined for the user.

Question 14

What is DHCP Spoofing?

Answer 14

The process of setting up a rogue DHCP server to assign bogus IP address to hosts.

Question 14

What is Switch Port Stealing?

Answer 14

Is an attack that exploits the dynamic MAC address table of a switch, allowing an attacker to intercept network traffic by repeatedly stealing the association between a port and a device’s MAC address.

Question 15

What is MAC flooding?

Answer 15

Involves flooding the CAM table of a switch with fake MAC and IP address pairs until the table is full.

Question 16

What is IP Spoofing?

Answer 16

Changing the source IP address so it appears the traffic is coming from somewhere else.

Question 17

What is DoS?

Answer 17

Is an attack that prevents/reduces/restricts accessibility of a systems resources.

Question 18

What is DDoS?

Answer 18

Uses a multitude of compromised systems (Botnet) to attack a single attack, to cause a DoS.

Question 19

What is DRDoS?

Answer 19

Involves using layers of intermediary hosts to reflect the attack traffic to the target.

Question 20

What are APTs?

Answer 20

Advanced Persistent Threats; where an attacker gains unauthorized access to a system for a long period of time.

Question 21

Describe the following:
a) SQL Injections
b) Command Injections
c) LDAP injections

Answer 21

a) Injecting malicious SQL queries in to user input forms.
b) Injecting malicious code through a web app.
c) Injecting malicious LDAP statements.

Question 22

What is XSS?

Answer 22

When attackers inject malicious client-side scripts into web pages.

Question 23

What is Parameter Tampering?

Answer 23

Manipulating the parameters exchanged between clients and servers.

Question 24

What is Directory Traversal Attacks?

Answer 24

When attackers abuse the ../ sequqnce to acces restricted directories.

Question 25

What is CSRF?

Answer 25

When an attacker uses a users legitimate active session to send malicious request via the web app.

Question 26

What is DNS amplification?

Answer 26

When an attacker uses the DNS recursive method to perform DNS amplification attacks via DDoS.

Question 27

What is SSRF?

Answer 27

When attackers send crafted requests directly to the internal or backend servers.

Question 28

What is XML Injection?

Answer 28

Is an SSRF attack where an attacker places in a malicious XML input to a system that has weak XML parsing.

Question 29

What is Man-In-the-Browser?

Answer 29

When an attacker uses a trojan to intercept calls between the browser an its security mechanisms or libraries.

Question 30

What is a Session Replay Attack?

Answer 30

When the attacker captures the authentication token of a user, then uses that token to replay the request to the server.

Question 31

What is SSL stripping?

Answer 31

When the attacker downgrades the traffic from HTTPS to HTTP.

Question 32

What are the following password attacks?
a) Dictionary
b) Brute-Force
c) Rule-based

Answer 32

a) A dictionary file is loaded into the cracking application.
b) Every combination of characters is tried until the password is broken.
c) When the attacker gets some information about the password.

Question 33

What is Hash Injection?

Answer 33

Involves an attacker injecting a stolen hash into the system to gain unauthorized access without needing the actual password.

Question 34

What is a Rainbow Table?

Answer 34

A precomputed table that contains word lists like dictionary files and their hash values.

Question 35

What is Buffer Overflow?

Answer 35

A vulnerability when a application accepts more data than the allocated buffer.

Question 36

What is DLL Hijacking?

Answer 36

When an attacker places a malicious DLL in the application directory.

Question 37

What are the following Social Engineering Attacks?
a) Reverse social-engineering
b) Piggybacking
c) Tailgating

Answer 37

a) When the victim seeks out the attacker who is acting as an authority.
b) When an authorized allows an unauthorized person to pass through a secure door.
c) Piggybacking, but when the attacker is wearing a fake ID badge.

Question 38

What is Phishing?

Answer 38

Sending an illegitimate email claiming to be from a legitimate source to acquire users personal or account info.

Question 39

Describe the types of phishing:
a) Spear-phishing
b) Whaling
c) Pharming
d) Spimming

Answer 39

a) Target phishing attack aimed at specfic individuals
b) Phishing attacks that target high-profile execs.
c) The attacker redirects traffic to a fraudulent website.
d) Spam that involves IM platforms.

Question 40

What is typesquatting?

Answer 40

When an attacker registers a domain name that is intentionally misspelled to send unsuspecting visitors to a malicious website.

Question 41

What is a Rogue AP Attack?

Answer 41

A rogue wireless AP is placed in a network to hijack the connections of legitimate users.

Question 42

What is AP MAC Spoofing?

Answer 42

When a hacker spoofs the MAC address of a legitimate AP device.

Question 43

What is an Evil Twin attack?

Answer 43

When a Rogue AP pretends to be a legitimate AP by replicating the network name.

Question 44

Describe:
a) Disassociation attacks
b) De-authentication attacks

Answer 44

a) Attacker send a disassociate request to take the client offline.
b) Attacker send a de-authenticate request to take the client offline. Client is no longer authenticated with the network.

Question 45

Describe the following Bluetooth attacks:
a) Bluesmacking
b) Bluejacking
c) Bluesnarfing
d) Bluesniff
e) Bluebugging
f) Blueprinting
g) KNOB
h) BlueBorne

Answer 45

a) Overflowing bluetooth devices with random packets.
b) Sending unsolicited message over Bluetooth.
c) Theft of information from a Bluetooth device.
d) PoC for Bluetooth WarDriving
e) Remotely accessing Bluetooth devices.
f) Collecting info about bluetooth devices such as manufacturer, device model, firmware version.
g) Eavesdrop data such as keystrokes, chats and docs.
h) Gaining full access and control of a Bluetooth device

Question 46

What is App Sandboxing?

Answer 46

Helps protect systems and users by limiting the resources the app can access.

Question 47

What is SMiShing?

Answer 47

Spam via SMS.

Question 48

What is a rolling code attack?

Answer 48

When an attacker intercepts the OTP to unlock a car, then replays it to steal the car.

Question 49

What is a side-channel attack?

Answer 49

Is a method used by attackers to gather sensitive information from a system by observing its physical characteristics, rather than exploiting flaws in the system’s software or algorithms.

Question 50

What is a Man-in-the-Cloud Attack?

Answer 50

The attacker steals a victims synch token and uses the token to gain access to the victims files.

Question 51

What are Cloud Hopping Attacks?

Answer 51

Spear-phishing attacks that are targeted at cloud MSPs.

Question 52

What is Cloud Cryptojacking?

Answer 52

Unauthorized use of a victims ciomputer to mine crypto.

Question 53

What is a Cloudborne Attack?

Answer 53

When an attacker implants a malicious backdoor onto a vulnerable bare-metal cloud server firmware.

Question 54

Describe these cryptography attacks:
1) Ciphertext-only Attack
2) Adaptive Chosen-plaintext Attack
3) Chosen-plaintext Attack
4) Related-key Attack

Answer 54

1) The attacker only has access to encrypted messages (ciphertext) and attempts to deduce the plaintext or encryption key.
2) The attacker can obtain ciphertexts for arbitrarily chosen plaintexts and uses this capability to progressively choose new plaintexts based on prior ciphertexts to break the encryption.
3) The attacker can choose arbitrary plaintexts and obtain the corresponding ciphertexts to try and derive the key or encryption method.
4) The attacker exploits relationships between multiple keys (usually a slight variation of the target key) to deduce the actual key.

Question 55

Describe these cryptography attacks:
1) Known-plaintext Attack
2) Chosen-ciphertext Attack
3) Chosen-key Attack
4) Timing Attack

Answer 55

1) The attacker has access to both the plaintext and the corresponding ciphertext and tries to deduce the key or encryption algorithm.
2) The attacker can choose arbitrary ciphertexts to decrypt and tries to derive the key or plaintext from this process.
3) The attacker chooses a specific key to force the encryption algorithm to reveal weaknesses, potentially breaking the system.
4) A type of side-channel attack where the attacker measures how long it takes to execute cryptographic operations to deduce sensitive information, like the cryptographic key.

Question 56

What is a hash collision?

Answer 56

Is performed by finding two different inputs that produce the same has output.

Question 57

What is a DUHK Attack?

Answer 57

Is a cryptographic vulnerability that allows attackers to obtain encryption keys used to secure VPNs and web sessions.

Question 58

What is a DROWN attack?

Answer 58

Is a cross-protocol attack that exploits vulnerabilities in SSLv2 to break the encryption of TLS connections.