Security+ 4 Flashcards
Cross-Site Scripting (XSS) : attacker embeds malicious scripts (ex : HTML) in 3rd party website that is later run by visitors to that site …
Cross-Site Scripting (XSS) :
Cross-Site Request Forgery : known also as CSRF/XSRF/sea surf … attacks leverage the fact that users are often logged into multiple sites at same time and use site to trick the browser into sending malicious requests to another site w/o users knowledge … ways to try and mitigate : rearchitect web apps, prevent use of HTTP GET requests, advice users to log out of sites, automatically log out users after an idle period …
Cross-Site Request Forgery :
Directory Traversal Attacks : attacker uses directory navigation references to search for unsecured files on a server … mitigate possibly by : use input validation to prevent use of periods in user request, set strict permissions for readability of files …
some websites dont use random cookies instead use a guessable value, a session cookie can be hijacked and used to enter the password of the user or not even enter a password.
Malicious Add-ons : can be done through extentions of web browsers. Limit permissions with add-ons to access data.
Directory Traversal Attacks etc …
Code Execution Attacks : attacker exploits a vulnerability in system that allows attacker to run commands on that system.
Arbitrary code execution : attacks where attacker runs commands of his/her choice.
Try to prevent code execution attacks : limit admin access and use least privilege, patch systems and apps.
Code Execution …
Refactoring : modifying a driver to carry out malicious activities, requires access to driver source code.
Shimming : wraps a legitimate driver with a malicious shim, doesnt require access to legitimate drivers source code.
Device manufacturers write drivers and apply digital signatures to verify authenticity if not signed or sig. not correct the OS may warn user of suspect driver or stop installation of driver.
If incorrect input error handling (exception handling) manages this.
Refactoring etc …
Social Engineering = Authority and Trust, Intimidation (Scaring people), Consesus/Social Proof (The Herd Mentality), Scarcity (if people dont act quickly they will miss out), Urgency (people feel they need to act quickly), Familiarity/Liking (say yes to people we like).
phishing = stealing credentials. Credential re-use = hacker once attained credentials can reuse them over because victim uses same username and password for multiple accounts.
Social Engineering etc …
Spear Phishing = target very small audience like employees at small business then use jargon of business and possibly names of business leaders to add heir of legitimacy to their con message.
Whaling = focus on senior executives trying to obtain money power authority influence of the senior leader, one common tactic is to send fake court documents to senior business leaders saying that org. is being sued and they must click link to read paperwork.
Pharming = attackers set up a fake site and send victims link to fake site and copy look and feel of real site already known by users, attackers captures credentials.
Vishing = voice phishing, hacker picks up
telephone and uses social engineering to get sensitive info from them, they might pose as help desk etc …
Spim = use instant message services to send spam and phishing messages, now on SMS and iMEssage, they often use tactic called spoofing (faking an identity).
Phishing etc …
Passive Tools : dont interact with system just observe
Active tools : interact with systems
protocol analyzers = allow to see actual details of packets of network traffic.
Attack Surface Review : enumerates the “attack surface” all possible paths of attack, makes heavy use of port/vulnerability/and application scanners, adopts mindset of attacker.
Code Review : performs assessments of software security, includes peer code review, should be mandatory part of promotion and release process for new code.
Active/Passive Tools etc …
Architecture Review : dissects how everything fits together, analyzes the interaction of various systems.
Types of Penetration Tests : White Box = attackers have full knowledge pf network environment, Black Box = attackers have no knowledge of network env., Gray Box = attackers have some knowledge of network env.
Penetration Testing Types etc …
Pivoting : after exploiting a vulnerability in system, attackers use system as base to target other systems on same LAN.
Persistence : after exploiting a vulnerability on system, attacker installs tools on system to allow future access, even if initial vul. is corrected (backdoor).
Non-Intrusive Scanning : a “safe” mode that wont disrupt system operation but wont show if attacks would have been successful.
Intrusive Scanning : a “dangerous” mode that might disrupt system operation.
Pivoting etc …
