SECOPS 6: Common Attack Vectors

Question 1

Goal of Obfuscating javascript code

Answer 1

Protect IP of developers

Question 2

eval()

Answer 2

Sign of JavaScript obfuscation

Question 3

DOM

Answer 3

HTML Model for accessing web-based documents

Question 4

jsunpack or jsdetox

Answer 4

Model to decode obfuscated javascript

Question 5

JavaScript key variable

Answer 5

Always the first part of a string

Question 6

‘+”"”)())();’

Answer 6

JavaScript string always ends with this.

Question 7

DEP

Answer 7

Prevents the use of stack memory space for execution

Question 8

DEP circumvented by…

Answer 8

heap memory

Question 9

ASLR bypassed by…

Answer 9

egg hunting (executing code stub that ID’s memory location)

Question 10

Shellcode stage payload

Answer 10

Buffer overflow to acquire memory space

Question 11

Unstaged payload

Answer 11

No space limitations. Payload resides with a single memory space.

Question 12

Way to detect shellcode on the network

Answer 12

Detect a sequence of NOP instructions.

Question 13

NOP Sled

Answer 13

Sequence of NOP instructions that precedes shellcode.

Question 14

NOP instructions do what?

Answer 14

Nothing, then move to the next instruction until they find the shellcode.

Question 15

Snort and Bro use generic signatures to detect…

Answer 15

Shellcode

Question 16

Metasploit singles

Answer 16

Self contained payloads that function on their own

Question 17

Metasploit stagers

Answer 17

Sets up network connection between attacker and victim.

Question 18

Stages

Answer 18

Actual malicious payload. Execution and exploitation.

Self contained.

Question 19

Meterpreter

Answer 19

Executed only in memory.

Question 20

Metasploiit NoNX

Answer 20

Circumvents DEP

Question 21

DLL Injection

Answer 21

Stage payload is injected into compromised host process running in memory. Never written to disk.

Question 22

.,\

Answer 22

Used for directory traversal. Up a level.

Question 23

SQL Injection Consequences

Answer 23

Auth bypass
Information disclosure
Compromised CIA
Remote Code Execution

Question 24

uricontent:”.pl”

Answer 24

URI’s that end in .pl (Perl)

Question 25

Pcre:”/(%27)…: (regex)

Answer 25

Perl Compatible Regular Expression

Question 26

SID (in IPS signature)

Answer 26

Snort Identifier

Question 27

Stored XSS

Answer 27

Malicious code stored on the web server.

Done by submitting it to forms (comment boxes)

Question 28

Reflected (nonpersistent) XSS

Answer 28

HTML code in a URL. User needs to click the link.

Question 29

Punycode

Answer 29

Converts Unicode characters to ASCII format.

Question 30

Punycode format

Answer 30

xn—.

fàcebook.com in Punycode becomes xn–fcebook-lta.com

Question 31

xn–

Answer 31

Symbolizes beginning of converted punycode URL

Question 32

DNS tunneling

Answer 32

Using alternative malicious external DNS server