Threats Vulnerabilities and Mitigations 2.3-2.4 Flashcards
Memory Running processes
Dynamic Link Libraries
Threads
Buffers
Memory Management functions
Memory injection
Add code into the memory of an existing process.
DLL injection
Dynamic-link library
- A window library containing code and data
Many applications can use this library
-Attackers inject a path to a malicious DLL.
Buffer Overflows
Overwriting a buffer of memory additional memory overflows into another area of memory.
Attackers will spend a long of time looking for opening. Not a simple exploit - takes time to avoid crashing things.
Race condition
When two events happen at nearly the same events.
TOCTOU
Time of check to time of use attack:
Value might change between the time you checked between the time of use.
Malicious updates . what is it and how do you follow best practices.
Attackers can put malicious code inside the update.
Follow best practices relating to downloading and updating.
Look at where the download file is coming from - confirm the source
Download from the site directly
Many operating systems only allowed signed apps .
Automatic updates - Relatively trustworthy
Operating System
A foundational computing platform which are remarkably complex.
When does Microsoft release security patches for the OS
2nd Tuesday of each the month
Best Practices for OS vulnerabilities
Always update
May require testing before deployment
May require a reboot.
SQL injection (Structured Query Language).
A code injection attack where an attacker would put their own code into a data stream
Cross Site Scripting XSS
An attacker sends a link containing a malicious script to the victim.
Victim clicks link and visits legitimate site
Legitimate site loads in the victims browser.
Malicious script sends victims data to attacker
Hardware vulnerabilities
Things like light bulbds, garage doors, ring doorbells. (IOTS).
A Physical device that can be connected to the network.
Firmware
The software inside the hardware. Vendors are the only ones who can fix the hardware
EOL or EOSL
End of Life: manufacturer stops selling a product, May continue supporting the product.
End of Service Life: manufacturer stops support and sale of the product.
Legacy Platforms
Some devices remain installed for a long time, may have older operating systems. May be running end of life software but are critical to the network.
Virtualisation Security
?
Cloud specific Vulnerabilities
Cloud adoption - difficult to find a company not using the cloud.
DoS - Denial of Service.
Authentication Bypass
Directory Traversal - Fault configurations put data at risk.
Remove code execution.
Supply Chain Risk
Attackers can infect any step along the way. One exploit can infect the entire chain.
Open Permissions
Sometimes data is left open on the internet.
Misconfiguration
Inherent vulnerabilities in using the default settings of a software. Default configurations and credentials
Why are mobile devices hard to secure?
Almost always in motion
Relatively small
Constantly connected to the internet
Packed with sensitive data
What is sideloading
The ability to install application outside the scope of the app store.
Malicious apps can be a significant security concern.
Zero day vulnerability
When attackers are able to attach a vulnerability without a patch or method of mitigation because the vulnerability is unknown.
Malware
Any time of software which is doing harm to the system. Malicious code
Malware Types
Viruses
Worms
Ransomware
Trojan Horse
Root Kid
Key Logger
Spyware
Bloatware
Logic Bomb
Ransomware
Where attackers will encrypt data and then ask you to pay for decryption keys.
How to protect the system against Ransomware
Offline backups
Up to date system operating system.
Up to date applications
Worms
This is malware that can reproduce itself.
(Wana cry)
Virus Types
Program Viruses - Part of the application
Boot sector viruses - No operating system needed.
Script viruses - Operating system and browser based
Macro Viruses - Common in Microsoft office
Fileless Virus
Does not require any files which are stored on the storage system. Most antivirus software looking for information to be written to a drive. (Makes it hard to detect)
Spyware
Malware that spies on you
Can trick you into installing
Browser monitoring
Keyloggers
Bloatware
Apps which are installed by the manufacturer - valuable storage space. Third uninstaller and cleaners may help when attempted to remove bloatware from your system
Key loggers
Enraptures key strokes.
Logic Bombs
waiting for an event to happen before executing.
Rootkit
A rootkit hides itself in the OS itself. Can be invisible to the operating system. Wont see it in task manager.
Able to use a rootkit remover.
Physical attacks considerations
No password requirements, no physical obstruction to sensitive data, no locks on windows and doors.
RFID Cloning
cloning access badges to give the same access as they have.
Environmental attacks
Attacking the supporting technology.
For examples attacking the cooling systems would cause the temperature of the technology to heat up and will all shut down once they reach too high a temperature.
Denial of Service
Forcing a service to fail by taking advantage of a vulnerability or overloading the service.
a friendly DOS
Network DoS (Increasing a loop through improper connection of wires)
Bandwidth DoS (Downloading multi-gigabyte Linus distributions over a DSL line
DDos
Distributed denial of service
DDOS examples
Launch an army of computers via botnets to access a websever to use up all the bandwidth or resources. traffic spite
DNS Attacks
Attacker gains access to the DNS server to modify the DNS configuration.
Modifies the the IP addresses and providers users with alternative IP addresses which may result in users unintentionally loading fake IP addresses.
What could an attacker do with URL hijacking
- Make money from mistakes by sell the badly spelled domain to the actual owner
- Redirect traffic to competitor
-Create a phishing site
-Inject with drive-by download.
Wireless Dos Attack
Disconnects them from connectivity.
Attacker manipulates 802.11 management frames in order to distrust connectivity.
Radio Frequency (RF Jamming)
Denial of Service
Transmit interfering wireless signals to decrease the signal ratio at the receiving device.
On Path Attack (Man in the middle attack).
ARP poisoning
On-path browser attack
Replay attack
Pass the hash
Browser cookies
How to protect against malicious code
Anti-Malware
Firewall
Continuous updates and patches
Secure computing habits (Training)
Application attacks
Injection of malicious code not stopped by the application.
Buffer overflow
Overwriting a buffer of memory, Spills over into other memory areas.
Relatively difficult to implement.
Priviledge Escaltion
When an attacker is able to get higher-level access to a system to exploit a vulnerability. Attacker would want administer access
How to mitigate privilege escalation
- Patch quickly - to fix the vulnerability
- Update anti-Virus/
Malware software to block known vulnerabilities.
-Data execution Prevention - Address space layout randomisation
Cryptographic
The difference between something being secure and insecure depends on the key being used in the encryption process.
Birthday attacks
A hash collision is the same hash value for two different paintexts. protect by using a large harsh output size.
(MD5 hashing algorithms - had short comings which resulted in collisions)
Downgrade attack.
The attacker makes the systems downgrade their cryptography process to a weaker one or to use no cryptography encryption at all
SSL striping
An attacker will sit in the middle of victim and webserver and ensure that HTTP requests sent from the victim to the webserver are rewirtten so the victim never uses encryption and the attacker can see data in plain text.
Spraying Password attacks
When an attacker goes through mutliple accounts by using the most common passwords such as 123456 or qwerty.
Brute force password attacks.
A brute force attack using every password combination until the hash is matched.
Indicators of Compromise
- Unusual amount of network activity
-Change to file hash values - Irregular international traffic
- Changes to DNS data
- Uncommon Login Patterns
-Spikes pf read requests to certain files
Other Indicators of compromise
- Resource inaccessibility
-Impossible travel
-Resource consumption (Spike in traffic)
-Out of cycle logging
-missing log
-Published documents
