System Hacking Flashcards
What is Path Interception?
Path interception is a method of placing an executable in a particular path in such a way that the application will execute it in place of the legitimate target. Attackers can exploit several flaws or misconfigurations to perform path interception like unquoted paths (service paths and shortcut paths), path environment variable misconfiguration, and search order hijacking.
What are Kernel Exploits?
Kernel exploits refer to programs that can exploit vulnerabilities present in the kernel to execute arbitrary commands or code with higher privileges. By successfully exploiting kernel vulnerabilities, attackers can attain superuser or root-level access to the target system.
What is a Web Shell?
A web shell is a web-based script that allows access to a web server. Web shells can be created in all OSs like Windows, Linux, MacOS, and OS X. Attackers create web shells to inject a malicious script on a web server to maintain persistent access and escalate privileges.
What is Application Shimming?
Shims run in user mode, and they cannot modify the kernel. Some of these shims can be used to bypass UAC (RedirectEXE), inject malicious DLLs (InjectDLL), capture memory addresses (GetProcAddress), etc. An attacker can use these shims to perform different attacks including disabling Windows Defender, privilege escalation, installing backdoors, etc.
What is GlitchPOS?
GlitchPOS is a fake cat game that is embedded in malware and not displayed at the time of execution. It is a Trojan targeting Point of Sale systems that masquerades as a cat game. When any victim installs the cat game, the Trojan will be executed in the background. GlitchPOS is used by attackers to grab the credit card information of the victim
What is BasBanke?
BasBanke is a Trojan family that runs on Android
What is Scranos?
Scranos is a trojanized rootkit that masquerades as cracked software or a legitimate application, such as anti-malware, a video player, or an ebook reader, to infect systems and perform data exfiltration that damages the reputation of the target and steals intellectual property. When this rootkit executed, a rootkit driver is automatically installed, which then starts installing other malicious components into the system
What is Mirai?
Mirai is a self-propagating IoT botnet that infects poorly protected Internet devices (IoT devices)
What is a Hypervisor-level Rootkit?
Hypervisor-level rootkits exploit hardware features such as Intel VT and AMD-V. These rootkits run in Ring-1, host the operating system of the target machine as a virtual machine, and intercept all hardware calls made by the target operating system. This kind of rootkit works by modifying the system’s boot sequence and gets loaded instead of the original virtual machine monitor
What is a Kernel-level rootkit?
Kernel-level rootkit runs in Ring-0 with highest operating system privileges. These cover backdoors on the computer and are created by writing additional code or by substituting portions of kernel code with modified code via device drivers in Windows or loadable kernel modules in Linux. If the kit’s code contains mistakes or bugs, kernel-level rootkits affect the stability of the system. These have the same privileges of the operating system; hence, they are difficult to detect and intercept or subvert the operations of operating systems
What is an Application-level rootkit?
Application-level rootkit operates inside the victim’s computer by replacing the standard application files (application binaries) with rootkits or by modifying behavior of present applications with patches, injected malicious code, and so on.
In systems hacking, what is the ‘Executing Applications’ stage?
Once the attacker has administrator privileges, they can attempt to install malicious programs such as Trojans, backdoors, rootkits, and keyloggers, which grant them remote system access and enable them to remotely execute malicious codes
In systems hacking, what is the ‘Escalating Privilege’ stage?
The attacker exploits known system vulnerabilities to escalate user privileges
In systems hacking, what is the ‘Gaining Access’ stage?
In system hacking, the attacker first tries to gain access to a target system using information obtained and loopholes found in the access control mechanism of the system.
In systems hacking, what is the ‘Covering Tracks’ stage?
To remain undetected, it is important for the attackers to erase from the system all evidence of security compromise. To achieve this, they might modify or delete logs in the system
