Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ (SY0-701) > Threat, Vulnerabilities and Mitigations: Application Vulnerabilities > Flashcards

Threat, Vulnerabilities and Mitigations: Application Vulnerabilities Flashcards

1
Q

What are some of the flaws and weaknesses in application that a threat actor could exploit?

A

Memory injections
Race Conditions
Malicious Updates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Memory injection?

A

Memory injections happen when a malicious user executes code within an authorized process. Types include:

Buffer overflow attacks: Target overflows by inserting code that can crash a system or change how code executes. Overflow attacks can target different overflows, including:

The stack: Small part of memory that’s fast and stores things such as function calls and local variables in a last in/first out way.

The heap: Large, dynamic memory area that’s slow and that stores things such as global variables.

Integers: Each integer type can contain a specific number type and size. Unexpected types or sizes can fall outside the allocated memory or overflow the integer value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How are DLL used in a memory injection attack?

A

Dynamic link libraries (DLLs): Standard attack copies malicious DLLs to the target system and then copies the directory path of the malicious DLL to the reserved memory space for the target process, thereby ensuring it gets executed. Here’s an example: https://github.com/adamhlt/DLL-Injector. There are also other types of DLL attacks:

CreateRemoteThread(): Function call that’s used to inject a custom DLL into the process’s address space.

Reflective: Doesn’t write a DLL to disk but rather grabs it from elsewhere, such as the internet, or

DLL hijacking: An application might not have a specific DLL but the system continues to scan for it, so a threat actor can “provide” one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Race conditions?

A

This type of vulnerability occurs when operations that should occur one at a time actually happen at the same time. Hey terminology about race conditions includes: + Time-of-Check (ToC) and Time-of-Use (ToU): Also referred to as TOCTOU, these terms refer to the time a resource was checked and then the time it was used.

Odd behavior may occur due to when each checks and then acts, known as check-then-act. + Target of Evaluation (TOE): The code block that’s causing a race condition. Multiple multiple threads and processes are accessing shared resources and variables concurrently, and the TOE is where this is happening in the code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Malicious updates?

A

Sometimes called a software supply chain attack, this is where threat actors look for and exploit vulnerabilities in the software vendors’ system and then get into their code base to comprise their software. Examples of these types of attacks include: + Solar Winds + CCleaner + UnrealIRC 3.2.8.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security+ (SY0-701) (122 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions