Module 11 - Session Hijacking Flashcards

1
Q

Refers to an attack where an attacker takes over a valid TCP communication session between two computers.

A

Session Hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Session Hijacking Concepts:

  • Attacker pretends to be another user or machine (victim) to gain access.
  • Attacker does not take over an existing active session. Instead, he initiates a new session using the victim’s stolen credentials.
  • IP or MAC Address
    a. Hijacking
    b. Spoofing Attack
A

b. Spoofing Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Session Hijacking Concepts:

  • Is the process of taking over an existing active session.
  • Attacker relies on the legitimate user to make a connection and authenticate.
    a. Hijacking
    b. Spoofing Attack
A

a. Hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Application Level Session Hijacking:

  • Attack exploits a victim’s active session with a trusted site in order to perform malicious activities.
  • Website uses your acquired credentials.
A

Cross-Site Request Forgery (CSRF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Application Level Session Hijacking:

When a website acquires your credentials (Username & Password)

A

Cross-Site Scripting (XSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Network Level Session Hijacking:

  • The attacker can inject the malicious data or commands into the intercepted communications in the TCP session even if the source-routing is disabled.
  • The attacker can send the data or commands but has no access to see the response.
    a. UDP Hijacking
    b. Blind Hijacking
    c. RST Hijacking
    d. TCP/IP Hijacking
A

b. Blind Hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An attacker relies on the legitimate user to connect and authenticate and will then take over the session.

A

Session Hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The attacker pretends to be another user or machine to gain access.

A

Spoofing Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly