Recognizing Application Attacks

Question 1

Dump the SAM

Answer 1

Privilege Escalation attack that gets the Security Accounts Manager on Windows

Question 2

Retrieve /etc/password file

Answer 2

Privilege Escalation attack on a Linux machine

Question 3

Look for insecure file shares

Answer 3

Privilege Escalation attack

Question 4

DLL preloading

Answer 4

Privilege Escalation attack that replaces good dll’s with hacked versions.

Question 5

Insecure or weak security processes

Answer 5

Privilege Escalation attack

Question 6

Non-persistant XSS

Answer 6

Crafted URL for email blog posts

Question 7

DOM based XSS

Answer 7

Used to hijack sessions

Question 8

Persistant XSS

Answer 8

Server based that can execute on users PC by visiting infected site.

Question 9

SQL Injection Attack

Answer 9

Modifying the query to get additional information not allowed.

Question 10

DLL Injection

Answer 10

Inserting code into a running process and attach memory and then run.

Question 11

LDAP Injection

Answer 11

Modified query to get LDAP to bring back different information than intended.

Question 12

LDAP

Answer 12

Lightweight Directory Access Protocol that checks for user and group permissions in AD.

Question 13

XML Injection

Answer 13

Manipulates XML file to perform different logic.

Question 14

Pointer Dereference

Answer 14

Cause an application to throw an error an crash. (DOS attack or Remote Code execution.)

Question 15

Directory Traversal/Command Injection

Answer 15

Manipulates user input to gain access to files not intended to be visible.

Question 16

Buffer Overflow

Answer 16

Enough data to overflow memory allowing an attacker to input their code and elevate their privileges.

Question 17

Race Conditions

Answer 17

Being able to manipulate the order that actions are to be performed allowing them to get access or modify or disclose data.

Question 18

Time of Check

Answer 18

Part of race condition, where an attacker is able to gain access before the authentication check.

Question 19

TOCTTOU

Answer 19

Time of Check to Time of Use

Question 20

Replay Attack

Answer 20

Captures packets and puts them back on the wire. Can be stopped with digital timestamps aka sequencing.

Question 21

Integar Overflow

Answer 21

When the equation results in a higher than allowed amount and the integar starts to wrap around cause it can’t fit. Reverse money sent to money received etc.

Question 22

Cross Site Request Forgery (XSRF See-Surf)

Answer 22

Stealing a users active cookie.

Question 23

API

Answer 23

Application Programming Interface (API could be the gas petal that runs the car so you don’t need to know how the engine works but you just need to know the gas petal)

Question 24

XSS vs XSRF

Answer 24

XSS: Browser runs code because it came from a site it trusted.
XSRF: Server performs an action cause it was sent from a client it trusted.

Question 25

API Attack

Answer 25

Hostile attack (all methods) that are no longer protected by traditional security measures like WAF and port blocking.

Question 26

Resource Exhaustion

Answer 26

Attack that keeps going until all resources are used. DOS

Question 27

Memory Leak

Answer 27

Normally unintentional use of memory where the application doesn’t release back the memory. Used to crash the system and gain privileges.

Question 28

SSL

Answer 28

Secure Socket Layer

Question 29

SSL Stripping

Answer 29

Man in the middle attack that strips away SSL encryption and allows them to intercept traffic. (Wireshark)

Question 30

SSL Stripping Mitigations

Answer 30

Use SSL everywhere. Use HSTS which forces everyone to use HTTPS

Question 31

Shim Databases

Answer 31

Part of Windows Application Compatibility Infrastructure to allow legacy applications to run. Backward compatibility

Question 32

Shimming

Answer 32

Use the Shim databases to install bad stuff.

Question 33

Refactoring

Answer 33

Modifying source code without making functional changes. Good version is to make queries run faster.

Question 34

Pass the Hash

Answer 34

Harvesting user hash while they are accessing remote resources. Then using the hash for the password.