Threats, Vulnerabilities, Mitigation 2 Flashcards

1
Q

Name Application Attacks

A
  • Memory Injections
  • Buffer Overflow
  • Race conditions
  • Software updates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which processes run in memory and can be abused by memory injection?

A
  • DLLs (Dynamic Link Libraries)
  • Threads
  • Buffers
  • Memory Management functions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can attacks use memory?

A
  • Malware installs own process
  • Malware injects itself into legitimate process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How is memory injection performed?

A

Code is added into memory of an existing process -
* Malware is hidden inside starting point and Ending Adress of Process

Malware gets Access to the data in that Process
* And same rights and Permissions
* Perform privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain DLL injection

A
  • Most common Memory Injection

Dynamic Link Library

  • Windows library containing code and data
  • Used by many applications
  • Attacker injects a path to a malicious DLL into Target Process
  • Runs as Part of target process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Buffer Overflow?

A
  • Overwriting Buffer of memory
    In order:
  • To spill from one buffer to another
  • Inject code into system memory

Buffer: Temporary storage of memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are Race conditions?

A
  • Programming Conundrum
  • Occurs when behavior of system or software depends on sequence or timing of different events
  • Can have negative impact on running of Application

TOC / TOU
* Time-of-Check / Time-Of-Use vulnerability
* Occurs when systems state changes between the time a check is performed and the time the result is used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why are OS good attack vectors?

A
  • Big target: Everyone is using one
  • Very Complex Consists of many million lines of code therefore more security issues
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explain software update vulnerabilities

A
  • Can be used to insert malicious code
  • Supply chain can also be attacked

Best practices:

  • Confirm source of update
  • Update directly from developer website
  • Digitally signed updates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain reflected and stored XSS

A

Reflected / non-persistent XSS
* Website allows scripts to run in user input
* Attacker tricks victim into clicking malicious link or submitting input into web application
* Server reflects input
* Execution in Browser

Stored / persistend XSS
* Attacker stores malicious script on publicly accessible website
* Facebook post, Blog, comment
* It is now persistent
* No specific target

How well did you know this?
1
Not at all
2
3
4
5
Perfectly