Section 2.3

Question 1

What is Memory Injection?

Answer 1

Memory injecting is the act of injecting a malware in the memory by adding it to an existing process. This would give the malware the same rights and permissions as the process it was injected to.

Question 2

What is DLL Injection?

Answer 2

DLL is Dynamic Link Library
DLL injection occurs when an attacker injects a path to a malicious DLL to run as part of a target process in memory. Once the process reaches the part of the malicious code, it will run the malicious DLL that was referenced in the target process.

Question 3

What is Buffer Overflow?

Answer 3

A buffer overflow is when an attacker can write more than it is expected into a particular area of memory.

Question 4

What is a race condition?

Answer 4

A race condition is when two events happen at nearly at the same time within an application and the application doesnt take into account that these two conditions may be operating simultaneously.

Question 5

What does TACTOU stand for?

Answer 5

Time of Check to Time of Use attack

Question 6

What is SQL Injection (SQLi)?

Answer 6

SQL (Structured Query Language) Injection or (SQLi) is a code injection using SQL into a web browser, usually in a form or field that attempts to retrieve more data than allowed.

Question 7

What’s a very common SQL injection?

Answer 7

A very common SQL injection is when the user enters a SQL query followed by “ or ‘1’ = ‘1’ “. Since 1 always equals 1, this is an attempt to retrieve all information from the database.

Question 8

What is Cross-site Scripting (XSS)?

Answer 8

XSS (Cross-site scripting) is a security flaw that allows information from one site to be shared with another site.

XSS commonly uses JavaScript for the attacks.

Question 9

What is a Non Persistent XSS Attack?

Answer 9

A Non-Persistent XSS Attack (Reflected XSS) is a type of cross-site scripting vulnerability where an attacker injects a malicious script into a web application, which is then sent to the target user (using phishing methods) and executed in their browser.

Question 10

What is Persistent XSS Attack?

Answer 10

A Persistent XSS Attack (Stored XSS) is a type of cross-site scripting vulnerability where malicious scripts are permanently stored on a server and are executed in the browsers of users who visit the affected page.

Question 11

Define and Describe the difference between EOL and EOSL

Answer 11

EOL stands for End of Life
EOSL stands for End of Service Life

For EOL the manufacturer might still provide important patches for the device, but in the case of EOSL the manufacturer will no longer service or provide patches for this device.

Question 12

What is Virtual Machine Escape?

Answer 12

This is the ability to break out of the current VM and interact with the host system or other guest VMs in the same host.

Question 13

What is MFA?

Answer 13

Multi Factor Authentication

Question 14

What is a DoS attack?

Answer 14

DoS stands for Denial of Service.
This attack type has a goal to make the resource unavailable to users, effectively “denying the service”.

Question 15

What is a DDoS attack?

Answer 15

Distributed Denial Of Service.
A DDoS attack is a type of cyberattack where multiple compromised systems, often referred to as a botnet, are used to flood a target system, service, or network with an overwhelming amount of traffic to disturb its availability, effectively “denying the service”.

Question 16

What is Authentication Bypass attack?

Answer 16

This is an attack type that takes advantage of weak or faulty authentication which allows users through without authenticating.

Question 17

What is Directory Traversal attack?

Answer 17

This is a type of attack that allows an attacker to access files and directories that are outside the intended directory of the web application.

Question 18

What is a Remote Code Execution (RCE) attack?

Answer 18

This specific attack type is related to the attacker injecting malicious code to vulnerable systems.

Question 19

What are Supply Chain Exploits / Attacks?

Answer 19

A supply chain exploit occurs when attackers compromise third party vendors that are used by a company. The attacker is taking advantage of the trust between the company and the third party vendor, and is inserting malicious code into for example a software update for a software component. When the company updates their third party component, the malicious code in the third party component software will attack the company.

Question 20

What are some common Misconfiguration Vulnerabilities?

Answer 20

Open permissions - leaving the “door open” accidentally on very sensitive information.

Unsecured Admin Accounts - Either no password, or very easy to guess password.

Insecure Protocols - Using protocols such as telnet, ftp, SMTP, IMAP which transfer data unencrypted through the network

Default Settings - Every application and device has a default login. These must be changed since this information is publicly available.

Open ports and services - Opening ports and services that are not mandatory to be used

Question 21

What is Jailbreaking/Rooting?

Answer 21

Jailbreaking (For iOS devices) and Rooting (for Android devices) is the process of replacing the operating system of the phone to gain additional access to the phone and its security.

Question 22

What is Sideloading?

Answer 22

Sideloading is the ability to install apps in your Phone that are outside of the App Store. These are apps that are usually not approved to be in the App Store and may contain malicious code since these apps have not been audited or approved.

Question 23

What is Zero-day attacks?

Answer 23

A Zero Day attack is an exploit that does not have a patch or a method of mitigation. This means that there is a race to create a patch of this vulnerability since it’s difficult to defend against it.